- Joined
- Jan 10, 2007
- Messages
- 530
- Reaction score
- 12
Hello, I would like to ask for help :]]
Got one problem when you are registering :]]
You can see it at
Please help me
Error:
Error here:
Got one problem when you are registering :]]
You can see it at
To view the content, you need to sign in or register
...Please help me
Error:
PHP:
<phpl>
<!-- Mirrored from okmu.lt/register.php by HTTrack Website Copier/3.x [XR&CO'2006], Tue, 30 Jan 2007 17:11:07 GMT -->
<head>
<LINK REL="StyleSheet" HREF="style.css" TYPE="text/css">
</head>
<body style="background-color:#F2EEFD; background-image:url(img\center_bg.jpg); margin-top:2px; width:634px; height:400px; border:2 solid black; padding:2px";>
<div >
<table border=0 cellspacing=5 cellpadding=0 align="center">
<td width='300'>
<div style="background-color:#73BFFB; filter:alpha(Opacity=90); width:405px; height:5px; border:2 solid black; margin-bottom:2px;">
<font color='#000000'><b>
<center>
[ <b>Registration:</b> ]
</b></font>
</div><div style="background-color:#CDDDF6; filter:alpha(Opacity=90); margin-bottom:7px; margin-left:5px;width:400px; height:180px; border:2 solid black; padding:10px">
<font color='#000000'>
<?php
require 'conect.php';
$xa = getenv('REMOTE_ADDR');
$badwords = array(";","'","\"","*","union","del","DEL","insert","update","drop","sele","$");
foreach($_POST as $value)
foreach($badwords as $word)
if(substr_count($value, $word) > 0)
die("<font color=#000000>Apsaugos Perspejimas!<br />Neleidziami Simboliai Pastebeti .... -> $xa</font>");
require_once "sql_inject.php";
$bDestroy_session = TRUE;
$url_redirect = 'index.php';
$sqlinject = new sql_inject('./log_file_sql.log',$bDestroy_session,$url_redirect);
?>
<table border=0 cellspacing=1 cellpadding=0>
<td width='100'>
<div style="filter:alpha(Opacity=90); margin-bottom:7px; margin-left:5px;width:40px; height:180px; border:0 solid black; padding:10px">
<b><font color='red'><strong></strong>
</font></b></center><p>
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td class="table2">
<TABLE width="300" border=0 align=center cellPadding=3 cellSpacing=1 dwcopytype="CopyTableRow">
<?PHP
srand(time());
$random = (rand()%9999);
include("config.php");
?>
<FORM method=post name=regform action=idreg.php>
<TBODY>
<TR class="content">
<TD>Login ID</TD>
<TD> <INPUT name=ps_loginname id="ps_loginname" class="lanyu" size=20 maxLength=10>
</TD>
</TR>
<TR class="content">
<TD align=right valign="top"> <DIV align=left>Name</DIV></TD>
<TD> <INPUT name=ps_name id="ps_name" class="lanyu" size=20 maxLength=10>
</TD>
</TR>
<TR class="content">
<TD valign="top">Password</TD>
<TD> <INPUT name=ps_password id="ps_password" type=password class="lanyu" size=20 maxLength=10>
</TD>
</TR>
<TR class="content">
<TD valign="top">Repeat password</TD>
<TD> <INPUT name=ps_repassword type=password id="ps_repassword" class="lanyu"
size=20 maxLength=10></TD>
</TR>
<TR class="content">
<TD valign="top">E-mail</TD>
<TD> <INPUT name=ps_email class="lanyu" id="ps_email" size="20" maxLength=40>
</TD>
</TR>
<TR class="content">
<TD valign="top">Vault Code</TD>
<TD><INPUT class=lanyu maxLength=12 name=ps_person_id id="ps_person_id" size="20">
</TD>
</TR>
<TR class="content">
<TD valign="top">Security Question</TD>
<TD> <INPUT name=ps_recquest id="ps_recquest" class="lanyu" size=20 maxLength=15>
</TD>
</TR>
<TR class="content">
<TD valign="top">Security Answer</TD>
<TD> <INPUT name=ps_recans id="ps_recans" class="lanyu" size=20 maxLength=15>
</TD>
</TR>
<tr align="center" class="content">
<TD colSpan=2><img src="http://forum.ragezone.com/images/ok.gif" border="0" class="hand" onClick="regform.submit()" > <img src="http://forum.ragezone.com/images/cancel.gif" class="hand" onClick="regform.reset()"></TD>
</TR>
</form>
</table>
<br><font color="red"><h6>It is important:
<br>1. Signing up, use your<b> real</b> E-Mail.
<br>2. Use (a,A-z,Z) and (0-9).
<br>3. We are not responsible for your lost accounts.
<br>4. Be sure that you are enabled cookies.
<br>5. Admin has the rights to change the rules.
<br>6. Can not register? Mail me or go to <a href="http://holic.zapto.org/forums/">forums.</a>
</tr>
</table>
PHP:
<html>
<script language=JavaScript>
<!--
//Disable right mouse click Script
//By Maximus ([email protected]) w/ mods by DynamicDrive
//For full source code, visit http://www.dynamicdrive.com
var message="Apsauga By Bonannas";
///////////////////////////////////
function clickIE4(){
if (event.button==2){
alert(message);
return false;
}
}
function clickNS4(e){
if (document.layers||document.getElementById&&!document.all){
if (e.which==2||e.which==3){
alert(message);
return false;
}
}
}
if (document.layers){
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown=clickNS4;
}
else if (document.all&&!document.getElementById){
document.onmousedown=clickIE4;
}
document.oncontextmenu=new Function("alert(message);return false")
// -->
</script>
<script type="text/javascript">
//form tags to omit in NS6+:
//http://eking.in
var omitformtags=["input", "textarea", "select"]
omitformtags=omitformtags.join("|")
function disableselect(e){
if (omitformtags.indexOf(e.target.tagName.toLowerCase())==-1)
return false
}
function reEnable(){
return true
}
if (typeof document.onselectstart!="undefined")
document.onselectstart=new Function ("return false")
else{
document.onmousedown=disableselect
document.onmouseup=reEnable
}
</script>
<script language="JavaScript">
<!--
function namosw_scrollstatus()
{
var str = '';
if (namosw_scrollstatus.arguments.length > 0) {
var i;
for (str = '', i = 0; i < 100; i++)
str += ' ';
for (i = 0; i < namosw_scrollstatus.arguments.length; i++)
str += namosw_scrollstatus.arguments[i] + ' ';
document.namosw_scrollstatus = str;
} else {
var src_str = document.namosw_scrollstatus;
str = src_str.substring(1, src_str.length);
str += src_str.substring(0, 1);
document.namosw_scrollstatus = str;
}
window.status = str;
setTimeout('namosw_scrollstatus()', 100);
}
// -->
</script>
<head>
<LINK REL="StyleSheet" HREF="style.css" TYPE="text/css">
</head>
<body>
<?PHP include("config.php"); ?>
<table border="0" cellspacing="0" cellpadding="0" width="480">
<tr>
<td>
<TABLE width="480" height=100% border=0 align=center cellPadding=5 cellSpacing=1 bgcolor="#ffffff">
<TBODY>
<TR bgcolor="#ffffff" class="content">
<TD colSpan=2 align=right> <div align="center" class="bigf Estilo5">
<?php
require 'config.php';
include_once('sql_check.php');
check_inject();
$msconnect=mssql_connect("$dbhost","$dbuser","$dbpasswd");
$msdb=mssql_select_db("MuOnline",$msconnect);
$ps_loginname = stripslashes($_POST['ps_loginname']);
$ps_name = stripslashes($_POST['ps_name']);
$ps_email = stripslashes($_POST['ps_email']);
$ps_person_id = stripslashes($_POST['ps_person_id']);
$ps_password = stripslashes($_POST['ps_password']);
$ps_repassword = stripslashes($_POST['ps_repassword']);
$ps_recquest = stripslashes($_POST['ps_recquest']);
$ps_recans = stripslashes($_POST['ps_recans']);
$extcode = stripslashes($_POST['extcode']);
$extcode1 = stripslashes($_POST['extcode1']);
if ((eregi("[^a-zA-Z0-9_-]", $ps_loginname)) || (eregi("[^a-zA-Z0-9_-]", $ps_name)) ||
(eregi("[^a-zA-Z0-9\.@_-]", $ps_email)) ||
(eregi("[^a-zA-Z0-9_-]", $ps_person_id)) ||
(eregi("[^a-zA-Z0-9_-]", $ps_password)) ||
(eregi("[^a-zA-Z0-9_-]", $ps_repassword)) ||
(eregi("[^a-zA-Z0-9_-]", $ps_recquest)) ||
(eregi("[^a-zA-Z0-9_-]", $ps_recans)) ||
(eregi("[^a-zA-Z0-9_-]", $extcode)) ||
(eregi("[^a-zA-Z0-9_-]", $extcode1)) )
{
echo("SQL Isilauzimas Pastebetas [ SQL Injection Detected ]. Buk Tikras Ar Tu Naudoji Raides Nuo ( a-Z ) Ir Skaicius Nuo ( 0-9 )!");
exit();
}
$msconnect=mssql_connect("$dbhost","$dbuser","$dbpasswd");
$msdb=mssql_select_db("MuOnline",$msconnect);
$sql_email_check = mssql_query("SELECT mail_addr FROM MEMB_INFO WHERE mail_addr='$ps_email'");
$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$ps_loginname'");
$email_check = mssql_num_rows($sql_email_check);
$username_check = mssql_num_rows($sql_username_check);
if (empty($ps_loginname) || empty($ps_name) || empty($ps_email) || empty($ps_person_id) || empty($ps_password) || empty($ps_repassword) || empty($ps_recquest) || empty($ps_recans) ) {
echo "Prasau Istaisyti Sia Klaida:<br />Ne Visos Sklitys Yra Uzpildytos. Prasome Gryzti Ir Jas Uzpildyti."; $Error=1;
}
elseif (($email_check > 0) || ($username_check > 0)){
echo "Prasau Istaisyti Sia Klaida: <br />";
if($email_check > 0){
echo "<strong>Jusu Pavartotas E-Mail Adresas Jau Yra Naudojamas Kito Asmens
. Prasau Pasirinkti Kita E-Mail Adresa!<br />";
$Error=1;
}
if ($username_check > 0){
echo "Jusu Pavarotoas Username jau Yra Naudojamas Kito Asmens
. Prasau Pasirinkti Kita Username!<br />";
$Error=1;
}
}
elseif ($ps_password != $ps_repassword) {
echo "Prasau Istaisyti Sia Klaida:<br />Jusu Yvesti Passwordai Nesutampa."; $Error=1;
}
elseif ($extcode != $extcode1) {
echo "Prasau Istaisyti Sia Klaida:<br />Jus Yrasete Bloga Koda"; $Error=1;
}
if ($Error!=1){
$msquery2 = "SET IDENTITY_INSERT MEMB_INFO ON";
$msquery3 = "INSERT INTO MEMB_INFO (memb_guid,memb___id,memb__pwd,memb_name,sno__numb,post_code,addr_info,addr_deta,tel__numb,mail_addr,phon_numb,fpas_ques,fpas_answ,job__code,appl_days,modi_days,out__days,true_days,mail_chek,bloc_code,ctl1_code) VALUES ('1','$ps_loginname','$ps_password','$ps_name', '1','1234','11111','$ps_person_id','12343','$ps_email','$ps_email','$ps_recquest','$ps_recans','1','2003-11-23','2003-11-23','2003-11-23','2003-11-23','1','0','1')";
$msquery4 = "INSERT INTO VI_CURR_INFO (ends_days,chek_code,used_time,memb___id,memb_name,memb_guid,sno__numb,Bill_Section,Bill_value,Bill_Hour,Surplus_Point,Surplus_Minute,Increase_Days ) VALUES ('2005','1',1234,'$ps_loginname','$ps_name',1,'7','6','3','6','6','2003-11-23 10:36:00','0' )";
$msresults= mssql_query($msquery2);
$msresults= mssql_query($msquery3);
$msresults= mssql_query($msquery4);
?>
</div></TD>
</TR>
<div align="center">
<TR bgcolor="#ffffff" class="content">
<TD height=2 colSpan=2 align=center><strong>Your account has been created successfully :</strong><br></TD>
</TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left><strong>Login ID:</strong></DIV></TD>
<TD width="354"><B><?php print "$ps_loginname"; ?></B>
<DIV align=center></DIV></TD>
</TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left><strong>Name:</strong></DIV></TD>
<TD width="354"><B><?php print "$ps_name"; ?></B>
<DIV align=center></DIV></TD>
</TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left><strong>E-Mail:</strong></DIV></TD>
<TD width="354"><B><?php print "$ps_email"; ?></B>
<DIV align=center></DIV></TD>
</TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left><strong>Password:</strong></DIV></TD>
<TD width="354"><B><?php print "$ps_password"; ?></B>
<DIV align=center></DIV></TD>
</TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left><strong>Security question :</strong></DIV></TD>
<TD width="354"><B><?php print "$ps_recquest"; ?></B>
<DIV align=center></DIV></TD>
</TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left><strong>Security answer :</strong></DIV></TD>
<TD width="354"><B><?php print "$ps_recans"; ?></B>
<DIV align=center></DIV></TD>
</TR>
<TR bgcolor="#ffffff" class="content">
<TD width="88" align=right valign="top" bgcolor="#ffffff"> <DIV align=left><strong>Vault code:</strong></DIV></TD>
<TD width="354"><B><?php print "$ps_person_id"; ?></B>
<DIV align=center></DIV></TD>
</TR>
</div>
</TABLE>
</td>
</tr>
</table>
</body>
</html>
<?php
}
?>Error here:
PHP:
}
if ($Error!=1){
$msquery2 = "SET IDENTITY_INSERT MEMB_INFO ON";
$msquery3 = "INSERT INTO MEMB_INFO (memb_guid,memb___id,memb__pwd,memb_name,sno__numb,post_code,addr_info,addr_deta,tel__numb,mail_addr,phon_numb,fpas_ques,fpas_answ,job__code,appl_days,modi_days,out__days,true_days,mail_chek,bloc_code,ctl1_code) VALUES ('1','$ps_loginname','$ps_password','$ps_name', '1','1234','11111','$ps_person_id','12343','$ps_email','$ps_email','$ps_recquest','$ps_recans','1','2003-11-23','2003-11-23','2003-11-23','2003-11-23','1','0','1')";
$msquery4 = "INSERT INTO VI_CURR_INFO (ends_days,chek_code,used_time,memb___id,memb_name,memb_guid,sno__numb,Bill_Section,Bill_value,Bill_Hour,Surplus_Point,Surplus_Minute,Increase_Days ) VALUES ('2005','1',1234,'$ps_loginname','$ps_name',1,'7','6','3','6','6','2003-11-23 10:36:00','0' )";
$msresults= mssql_query($msquery2);
$msresults= mssql_query($msquery3);
$msresults= mssql_query($msquery4);
?>
Last edited:
