Jump to content
xisto Community
Sign in to follow this  
Followers 0
Antv912

[php]register W/image Verification

By Antv912, in Programming

Recommended Posts

Antv912    0

Antv912
Posted

This is something I made for MapleStory Server, you can change the script to fit your needs.

 

 

This is a register Script with Image Verification Version 2.

As you can see in this version Total.php is completely removed because It wasn't needed since those queries are already in index.php. Also I have added JavaScript Popup boxes for the Echo's instead of those boring text responses, And of course I have updated this to fit OdinMs server needs with Sha1 for the passwords and fixed up the total's query to match the OdinMS Database. Last but not lease AntiSQL Injection; with mysql_real_escape_string and some trims.

Posted Image

 

Download Links

Rapidshare.com

Filebeam.com

 

 

/Credits -> SuperFun for the basic Register script.

/Credits -> Me For adding image verification and most of the scripting of this.

/Credits -> StellarAshes for some help.

Enjoy.

 

Update : Small revision upon register_do.php Please find 

$code = mysql_real_escape_string(trim($_POST['code']));
And replace it with 
$code = mysql_real_escape_string(trim($_SESSION['code']));
If you don't it will say the user has entered the correct code even If he/she has not. I have also added an new Php Variable which is used in register_do.php

echo '<script type="text/javascript">alert("You have entered a wrong Security code, Please try again!")</script><META HTTP-EQUIV="refresh" CONTENT="0;URL='.$regpage.'">';
Please make sure to edit this variable in CONFIG.PHP to your register file if you have renamed it

 

If you wish to have a verify password in this script you can over write these 2 files that are in the download provided.

 

Index.php

<?php  // start PHP session   session_start();?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd;<html xmlns="http://www.w3.org/1999/xhtml&%2334; xml:lang="en" lang="en"><head>   <title>Maple Story Register</title>   <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /><style>*{ FONT-SIZE: 8pt; FONT-FAMILY: verdana; } b { FONT-WEIGHT: bold; } .listtitle { BACKGROUND: #425984; COLOR: #EEEEEE; white-space: nowrap; } td.list { BACKGROUND: #EEEEEE; white-space: nowrap; } </style></head><body><center><br><br><br><br><h1>MapleStoryRegister</h1><table cellspacing=1 cellpadding=5><tr><td class=listtitle colspan=2>Register at my server</td></tr><form action="register_do.php" method="POST"><tr><td class=list align=right>Username:</td><td class=list><input type=text name=username maxlength="30"></td></tr><tr><td class=list align=right>Password:</td><td class=list><input type=password name=password maxlength="30"></td></tr><tr><td class=list align=right>Verify Pass:</td><td class=list><input type=password name=password2 maxlength="30"></td></tr><tr><td class=list align=right>Email:</td><td class=list><input type=text name=email maxlength="30"></td></tr><tr><td class=list align=right>DOB:</td><td class=list><input type=text name=dob maxlength="30" value="Y-M-D"></td></tr><tr><td class=list align=right><img src="security-image.php?width=144" width="144" height="30" alt="Security Image" /></<tr><td class=list align=right>Security Image:</label><input type="text" name="code" id="code" value="" /><tr><td class=listtitle align=right colspan=2><input type=submit name=submit value='Register'></td></tr>   </form></table><br><?phpinclude('config.php');$result = mysql_query("SELECT * FROM accounts", $db);// Account section$num_rows = mysql_num_rows($result);$result2 = mysql_query("SELECT * FROM characters", $db);// Character section$num_rowsc = mysql_num_rows($result2);echo 'Stats:<br><b>'.$num_rows.'</b> Accounts registed.<br><b>'.$num_rowsc.'</b> Characters created.';?></center></body></html></body></html>

Register_do.php

<?php/*Register script with Image Verification Version 2Created By : Antv912 / AmandaRevision of the first script adding in - dob Sha1passwords email fields.add some validation rules fixed up the $d query with the right values for odinMSCredit's to Superfun for the basic layout of the register script.And I believe I added AntiSQLInjection I forgot how so I needed to google some.H3x_@Live.com*/session_start();include("config.php");print '<title>'.$title.'</title>'; $name = mysql_real_escape_string(trim($_POST['username']));$pass = mysql_real_escape_string(sha1($_POST['password']));$pass2 = mysql_real_escape_string(sha1($_POST['password2']));$email = mysql_real_escape_string(trim($_POST['email']));$dob = mysql_real_escape_string(trim($_POST['dob']));$code = mysql_real_escape_string(trim($_SESSION['code']));$sel = 'SELECT * FROM accounts WHERE name="'.$name.'"';///////////////////////////////////////////////////////if(strtoupper($_POST['code']) == $_SESSION['code']) {echo '<script type="text/javascript">alert("Congradulations, You have entered the Security code correctly.")</script>';} else {echo '<script type="text/javascript">alert("You have entered a wrong Security code, Please try again!")</script><META HTTP-EQUIV="refresh" CONTENT="0;URL='.$regpage.'">';exit();		}if($name == ""){echo '<script type="text/javascript">alert("No Username Inserted")</script><META HTTP-EQUIV="refresh" CONTENT="0;URL='.$regpage.'">';exit();}elseif(mysql_num_rows(mysql_query($sel)) >= 1 ){echo '<script type="text/javascript">alert("Were Sorry '.$name.' already Exsist")</script><META HTTP-EQUIV="refresh" CONTENT="0;URL='.$regpage.'">';exit();}elseif($pass == ""){echo '<script type="text/javascript">alert("No password filled in")</script><META HTTP-EQUIV="refresh" CONTENT="0;URL='.$regpage.'">';exit();}elseif($pass2 != $pass){echo '<script type="text/javascript">alert("Your passwords do not match")</script><META HTTP-EQUIV="refresh" CONTENT="0;URL='.$regpage.'">';exit();}$arr=split("-",$dob); // splitting the array$yy=$arr[0] - 0; // first element of the array is year$mm=$arr[1] - 0; // second element is month$dd=$arr[2] - 0; // third element is dateif(!checkdate($mm,$dd,$yy)){echo '<script type="text/javascript">alert("Invalid date double check they way you entered it. Your date must look like this Year-Month-Day")</script><META HTTP-EQUIV="refresh" CONTENT="0;URL='.$regpage.'">';} else {  $d = 'INSERT INTO accounts (name, password, email, birthday) VALUES ("'.$name.'", "'.$pass.'", "'.$email.'", "'.$dob.'")';  mysql_query($d) OR die (mysql_error());  echo '<script type="text/javascript">alert("Dear - '.$name.' you may now login to our game servers.")</script><META HTTP-EQUIV="refresh" CONTENT="0;URL='.$regpage.'">';				}//End of script?>

Share this post

Link to post
Share on other sites

galexcd    0

galexcd
Posted (edited)

This script looks well written however there are some things I would like to draw your attention to. First of all you are hashing the password in a variable called "pass", but just a few lines down you have a conditional comparing pass to an empty string. This conditional will never be true because even the hash of an empty string is not an empty string. For example, you are using the secure hash algorithm. The sha1 output of an empty string is da39a3ee5e6b4b... etc. Therefore you might want to check for an empty input before hashing the password so the error you have programmed into the script will actually be displayed.Another thing, where is the source code for security-image.php? It would have been more interesting if you wrote your own captcha dynamic image and included it with this tutorial.Other than those two points I think it is a very well written script and may assist some PHP newbies.

Edited by galexcd (see edit history)

Share this post

Link to post
Share on other sites

galexcd    0

galexcd
Posted

It's checking if the password has a value if it doesn't to shows "No password entered."

Have you actually tested to see if this actually returns that error? Because I can see no way of that conditional ever being true. The string returned by the sha1 function will never be any less than 40 characters long.

Share this post

Link to post
Share on other sites

galexcd    0

galexcd
Posted

Well perhaps then you can enlighten me how exactly $pass=="" will ever be true. Also on closer inspection the mysql_real_escape_string function is pretty useless on the $pass and $pass2 variables. It just makes the server waist a few cycles on checking hashed input.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept