I'm trying to set up a registration page for my gaming service, seems like i'm stucked here :\
Here is the code:
<table class='ipb_table' cellspacing="1">
<tbody>
<tr>
<td class='row2'>
<?php
// fill in your mssql info here
$mssql = array(
'host' => "zzzzzzzzzz",
'user' => "yyyyyyyyyy",
'pass' => "xxxxxxxxxx"
);
function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
echo "<center>";
if($_POST['activ'] == '1') {
$accname = anti_injection($_POST['accname']);
$accmail = anti_injection($_POST['accmail']);
$accpass1 = anti_injection($_POST['accpass1']);
$accpass2 = anti_injection($_POST['accpass2']);
$con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']);
$result1 = mssql_query("SELECT * FROM account.dbo.USER_PROFILE WHERE user_id = '".$accname."'",$con);
$result2 = mssql_query("SELECT * FROM account.dbo.Tbl_user WHERE user_id = '".$accname."'",$con);
$result3 = mssql_query("SELECT * FROM account.dbo.Tbl_user WHERE user_mail = '".$accmail."'",$con);
$row1 = mssql_num_rows($result1);
$row2 = mssql_num_rows($result2);
$row3 = mssql_num_rows($result3);
$dk_time=strftime("%y%m%d%H%M%S");
list($usec1, $sec1) = explode(" ",microtime());
$dk_user_no=$dk_time.substr($usec1,2,2);
if(empty($accname) || empty($accpass1) || empty($accpass2)|| empty($accname) || empty($accmail)) {
echo "<br>You didnt fill in all fields<a href='javascript:history.back()'>Go Back</a>";
} elseif($row1 > '0' || $row2 > '0') {
echo "<br>This Account name already exists.<a href='javascript:history.back()'>Go Back</a>";
} elseif($row3 > '0') {
echo "<br>This E-Mail is already in use.<a href='javascript:history.back()'>Go Back</a>";
} elseif($accpass1 != $accpass2) {
echo "<br>The passwords did not match<a href='javascript:history.back()'>Go Back</a>";
} elseif($accpass1 == $accname) {
echo "<br>Account name and password are the same.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accname)) {
echo "<br>Enter a account name only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $accpass1)) {
echo "<br>Enter a password only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/i",$accmail)) {
echo "<br>Your e-Mail is not correct.<a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($accname) < 3 || strlen($accname) > 15) {
echo "<br>The Accountname must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($accpass1) < 3 || strlen($accpass1) > 15) {
echo "<br>The Password must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>";
} else {
$accpass = md5($accpass1);
mssql_query("INSERT INTO account.dbo.USER_PROFILE (user_no,user_id,user_pwd,resident_no,user_type,login_flag,login_tag,ipt_time,login_time,logout_time,user_ip_addr,server_id) VALUES ('$dk_user_no','".$accname."','".$accpass."','801011000000','1','0','Y','".$date."',null,null,null,'000')",$con);
mssql_query("INSERT INTO account.dbo.Tbl_user (user_no,user_id,user_pwd,user_mail,user_answer,user_question) VALUES ('$dk_user_no','".$accname."','".$accpass1."','".$accmail."','0','0')",$con);
echo "<center><b><u>The account was successfully created. Have fun !</b></u></center><br><br>";
echo "<center>Here is your login info again:</center>";
echo "<center>Your account name is: <b>".$accname."</b></center>";
echo "<center>Your password is: <b>".$accpass1."</b></center>";
echo "DO NOT LOOSE THIS INFO, YOU MAY WRITE IS DOWN AND HIDE IT";
}
} else {
$con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']);
$result1 = mssql_query("SELECT * FROM account.dbo.USER_PROFILE",$con);
$row1 = mssql_num_rows($result1);
echo "<center><b><u>This time we have ".$row1." Registed Accounts on our Server<br>Join us.</b></u></center><br>";
echo "<form action='".$_SEVER['PHP_SELF']."' method='POST'>";
echo "<center><table>";
echo "<tr><td colspan='2' align='center'><b><u>Your Account Info</u></b></td></tr>";
echo "<tr><td>Account Name</td><td><input type='text' name='accname' maxlength='12'></td></tr>";
echo "<tr><td>Password</td><td><input type='password' name='accpass1' maxlength='12'></td></tr>";
echo "<tr><td>Again pass.</td><td><input type='password' name='accpass2' maxlength='12'></td></tr>";
echo "<tr><td> </td><td> </td></tr>";
echo "<tr><td colspan='2' align='center'><b><u>Other account info</u></b></td></tr>";
echo "<tr><td>Email</td><td><input type='text' name='accmail' maxlength='50'></td></tr>";
echo "<tr><td> </td><td> </td></tr>";
echo "<tr><td colspan='2' align='center'>
<input type='hidden' name='activ' value='1'>
<input type='submit' value='Create Account'></td></tr>";
echo "</table></center>";
echo "</form>";
}
echo "</center>";
?>
</td>
</tr>
</tbody>
</table>
This error is killing me, i really dont know whats wrong. If someone could help me by telling me how to fix this problem, i would be really happy! :D Also if someone have the time to clean as much as possible my script would be amazing :D
Please try to be really detailed so i can learn something new ^^
