Cod: Selectaţi tot
<script>alert("Without Reason")</script>Ce as putea face sa previn un astfel de atac...
Asta e config.php de la scriptul meu...
Cod: Selectaţi tot
<?php
define("DBHost", "localhost");
define("DBName", "codatabase");
define("DBUser", "root");
define("DBPass", "parola");
class Database
{
protected $connection;
protected $database;
public function __construct()
{
echo $settings['DBUser'];
$this->connection = @mysql_connect(DBHost, DBUser, DBPass);
$this->database = @mysql_select_db(DBName);
}
function ProcRegister($Username, $Password, $Password2, $email)
{
if($Username != "" && $Password != "" && $Password2 != "" && $email != "")
{
if(strlen($Username) > 5 && strlen($Username) < 15)
{
if(eregi("^([0-9a-z])+$", $Username))
{
if(!$this->UsernameExists($Username))
{
if($Password == $Password2)
{
if(strlen($Password) > 6 && strlen($Password) < 20)
{
$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"."\.([a-z]{2,}){1}$";
if(eregi($regex, $email))
{
$this->completeRegister($Username, $Password, $email);
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Please enter your E-mail address!</div></center></font></font>';
}
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Password should be 6-20 characters!</div></center></font></font>';
}
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Confirm Password should be 6-20 characters!</div></center></font></font>';
}
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] This account ID has been taken. Please a different username!</div></center></font></font>';
}
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Account ID should have only letters or/and numbers!</div></center></font></font>';
}
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Account ID should be 5-15 characters!</div></center></font></font>';
}
} else {
echo '<font size="3" color="#e82d40"> <div style="padding:0px;line-height:19px;"><center>[ERROR] Type in all of the Required informations</div></center></font></font>';
}
}
private function completeRegister($Username, $Password, $email)
{
$ip = $_SERVER['REMOTE_ADDR'];
$sql = "INSERT INTO `accounts` (`Username`, `Password`, `Email`, `State`) VALUES ('$Username', '$Password', '$email', '0')";
if($sql = mysql_query($sql, $this->connection))
{
echo '<font color="#FDD017"><font size="3" face="Arial"><center>[SUCCESS] Account was created successfully. Validate your account in 3 seconds. <meta HTTP-EQUIV="REFRESH" content="3; url=validate.php">
</center>
</font></font>';
} else {
echo '<font size="3" color="#e82d40"><div style="padding:0px;line-height:19px;"><center>[ERROR] Unknown Error processing your requests. We are Sorry!</div></center></font></font>';
}
}
private function UsernameExists($Username)
{
$sql = "SELECT * FROM `accounts` WHERE `Username` = '$Username'";
$sql = @mysql_query($sql, $this->connection);
$sql = @mysql_num_rows($sql);
if($sql > 0)
{
return true;
} else {
return false;
}
}
}
$db = new Database();
?>Cod: Selectaţi tot
<?php
session_start();
@require_once("config.php");
if(!isset($_SESSION['user']))
{ $_SESSION['user'] = ""; }
if(!isset($_SESSION['email']))
{ $_SESSION['email'] = ""; }
if(isset($_POST['submit']))
{
$_SESSION['user'] = $_POST['user'];
$_SESSION['email'] = $_POST['email'];
$db->ProcRegister($_POST['user'], $_POST['pass'], $_POST['pass2'], $_POST['email']);
}
echo '<br/>
<script type="text/javascript" src="rc.js"></script>
<form method="post" action="">
<body style="overflow:hidden;">
<div class="fbar">
<div class="ftitle">CREATE YOUR NEW ACCOUNT</div>
<div class="clear"></div>
</div>
<div id="fbody" class="fbody">
<div style="">
<div class="fdesc">You must use a valid email address and write down your security code, otherwise you wont be able to:<br/>* Change or retrieve any information about your account<br/>* Get help from our GMs about your account</div>
<form name="registro" id="registro">
<div class="flabel" style="">
<div class="fitem" style=""><label for="rusername">USERNAME</label></div>
<div id="husername" class="fwhat">?</div>
<div class="finput" style=""><input class="ffield" type="text" value="" placeholder="username (5-15 characters)" id="rusername" name="user" value="'.$_SESSION['user'].'" /></div>
<div id="errorusername" style="float: left; width: 100%;"></div>
<div class="clear"></div>
</div>
<div class="flabel">
<div class="fitem"><label for="rpassword1">PASSWORD</label></div>
<div id="hpassword1" class="fwhat">?</div>
<div class="finput"><input class="ffield" type="password" value="" placeholder="password (6-20 characters)" name="pass" value="" /></div>
<div id="errorpassword" style="float: left; width: 100%;"></div>
<div class="clear"></div>
</div>
<div class="flabel">
<div class="fitem"><label for="rpassword2">CONFIRM PASSWORD</label></div>
<div id="hpassword2" class="fwhat">?</div>
<div class="finput"><input class="ffield" type="password" value="" placeholder="repeat password" name="pass2" value="" /></div>
<div class="clear"></div>
</div>
<div class="flabel">
<div class="fitem"><label for="remail">EMAIL </label></div>
<div id="hemail" class="fwhat">?</div>
<div class="finput"><input class="ffield" type="text" placeholder="email must be valid" required name="email" value="'.$_SESSION['email'].'" /></div>
<div id="erroremail" style="float: left; width: 100%;"></div>
<div class="clear"></div>
</div>
<div class="flabel" style="text-align: right;"> <button name="submit" id="Submit" type="submit" class="button">
Submit Registration
</button></div>
<div style="height: 5px;"></div>
</form>
</div>
</div>
<div id="errors" name="errors" class="errors"></div>
</body>
';?>