| kagorec |
12-03-2008 16:48 758737 |
php reg page для игрового сервера.
Делал для вебсервера регистрационную страничку идея частично взята с другого исходника.
Хочу немного навести порядок и пофиксить уязвимость если такова меется.
И составить шаблоны чтоб инклюдить в этот скрипт
header.html
content.html
footer.html
помогите пожалста. от этого зависит безопастность сервера.
на днях купил книгу по програмированию php Денис Колисниченко автор.
теперь часто буду у вас гостить.
PHP код:
<?php
include 'travia_config.php';
require 'travia_config.php';
//echo join('', file('login-form.html'));
echo "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
<html>
<head>
<title>Warcraft</title>
<meta http-equiv='Content-Type' content='text/html; charset=ISO 10646' />
<link href='style.css' rel='stylesheet' type='text/css' />
</head>
<body>
<div id='container'>
<div id='header'>
<div id='nav'>
<ul>
<li><a href='http://sayt-ru'>News</a></li>
<li><a href='http://sayt-ru'>Game Guide</a></li>
<li><a href='http://sayt-ru'>Interactive</a></li>
</ul>
<ul>
<li><a href='http://sayt-ru'>Account</a></li>
<li><a href='http://sayt-ru'>Support</a></li>
<li><a href='http://sayt-ru'>Media</a></li>
</ul>
</div>
</div>
<div id='pagebottom'>
<div id='left'>
<div id='text2'>
<img src='images/cap-community-news.gif' alt='Community News' />
<p><div class='heading2'>Name</div></p>
<p>";
echo "<font color='black'><b>1. <u>Remember to use only lower case characters!</u></b></font> <br><font color='black'><b>2.</b></font> If you cant login or/and having in-game issues know it's because you used BIG letters!<br><font color='black'><b>3.</b></font> Register only once per E-Mail, two accounts with same E-Mail will be eliminated!";
$tabelka = '<table>
<form action=register.php method=post>
<tr><td>Login</td><td><input type=text name=login value="'.$_POST['login'].'"></td></tr>
<tr><td>Password</td><td><input type=password name=pass></td></tr>
<tr><td>Repeat password</td><td><input type=password name=cpass></td></tr>
<tr><td>E-Mail</td><td><input type=text name=mail value="'.$_POST['mail'].'"></td></tr>
<tr><td><input type=submit value="Register"></td><td><input type=reset value="Clear fields"></td></tr>
</form>
</table>';
if($reg_open AND isset($_POST['login']))
{
$conn=@mssql_connect($hostbazy,$user,$haslo) or die("<b>Critical Error</b><br>MSSQL server is offline OR I can't Access to it !");
@mssql_select_db($nazwabazy, $conn) or die("<b>Critical Error</b><br>Database don't exists OR I can't Access to it !");
$login = $_POST['login'];
$pw = $_POST['pass'];
$cpw = $_POST['cpass'];
$email = $_POST['mail'];
$login = trim($login);
$pw = trim($pw);
$cpw = trim($cpw);
if(ereg("[^0-9a-zA-Z_-]", $login, $str))
{
echo 'в логине плохие знаки';
echo '<br>'.$tabelka;
}
elseif(ereg("[^0-9a-zA-Z_-]", $pw, $str))
{
echo 'знаки';
echo '<br>'.$tabelka;
}
elseif (empty($login) || empty($email) || empty($pw) || empty($cpw))
{
echo 'заполните поля<br>'.$tabelka;
}
elseif (strpos('\'',$email))
{
echo 'проверка '.$email.' вашего почтовика<br>'.$tabelka;
}
else
{
$login_test = strtolower($login);
$resultx = mssql_query("SELECT LOWER(UT_USERID) FROM usertable
WHERE LOWER(UT_USERID) = ('$login_test')") or die;
if (mssql_num_rows($resultx))
{
echo '<br>ERROR:<BR>Login name `'.$login.'` already exist! please choose other login name!<br>'.$tabelka;
}
elseif (strlen($login) < 4)
{
echo '<br>ERROR:<br>Login minimum 4 characters<br>'.$tabelka;
}
elseif (strlen($pw) < 4)
{
echo '<br>ERROR:<br>Password minimum 4 characters<br>'.$tabelka;
}
elseif (strlen($pw) > 10)
{
echo '<br>ERROR:<br>Password max 10 characters<br>'.$tabelka;
}
elseif (strlen($login) > 10)
{
echo '<br>ERROR:<br>Login max 10 characters<br>'.$tabelka;
}
elseif ($pw != $cpw)
{
echo 'причина3<br>'.$tabelka;
}
else
{
mssql_query("INSERT INTO usertable (UT_USERID,UT_PASSWORD,UT_ACCOUNTID,UT_DIV,UT_EMAIL) VALUES ('".$login."','".$pw."',convert(binary,'".$login."'),0,'".$email."')") or die('error, account exists');
echo "<br>Account Created, HAVE FUN!<BR>";
}
}
}
elseif($reg_open)
{
echo $tabelka;
}
else
{
echo 'Everybody';
}
//////////////////////////////////////////
echo " </p>
</div>
</div>
<div id='right'>
<div class='heading2'>QUICK LINKS</div>
<div id='quicklinks'>
<ul>
<li><a href='http://sayt-ru'>Contact</a></li>
<li><a href='http://sayt-ru'>Realms Status</a></li>
<li><a href='http://sayt-ru'>Account Creation</a></li>
<li><a href='http://sayt-ru'>Account Management</a></li>
<li><a href='http://sayt-ru'>Cetrieve Passward</a></li>
</ul>
</div>
<div class='heading2'>Server stats</div>";
$onlineoffline = "127.0.0.1";
if ($check=@fsockopen($onlineoffline,$portgs,$ERROR_NO,$ERROR_STR,(float)0.5))
{
fclose($check);
echo "<br><font color='black'>Login Server: </font><font color='green'>Online</font>";
}
else
{
echo "<br><font color='black'>Login Server:</font> <font color='red'>Offline</font>";
}
$onlineoffline1 = "127.0.0.1";
if ($check=@fsockopen($onlineoffline1,$portgs1,$ERROR_NO,$ERROR_STR,(float)0.5))
{
fclose($check);
echo "<br><font color='black'>Auth Server:</font> <font color='green'>Online</font>";
}
else
{
echo "<br><font color='black'>Auth Server: </font><font color='red'>Offline</font>";
}
$onlineoffline2 = "127.0.0.1";
if ($check=@fsockopen($onlineoffline2,$portgs2,$ERROR_NO,$ERROR_STR,(float)0.5))
{
fclose($check);
echo "<br><font color='black'>World Server: </font><font color='green'>Online</font>";
}
else
{
echo "<br><font color='black'>World Server: </font><font color='red'>Offline</font>";
}
$onlineoffline3 = "127.0.0.1";
if ($check=@fsockopen($onlineoffline3,$portgs3,$ERROR_NO,$ERROR_STR,(float)0.5))
{
fclose($check);
echo "<br><font color='black'>Map Server: </font><font color='green'>Online</font>";
}
else
{
echo "<br><font color='black'>Map Server: </font><font color='red'>Offline</font>";
}
echo "<Br>";
/// online statistics server end ////
$conn=@mssql_connect($hostbazy,$user,$haslo) or die("<b>Critical Error</b><br>MSSQL server is offline OR I can't Access to it !");
@mssql_select_db($nazwabazy, $conn) or die("<b>Critical Error</b><br>Database don't exists OR I can't Access to it !");
$result = mssql_query("
SELECT JOIN010_ACCOUNTNAME
FROM JOIN010TL");
$count= mssql_num_rows( $result );
print "<font color='black'>Connected: </font>"
.$count.
"</br>";
for ($i = 0; $i < $count; ++$i)
{
$char = mssql_fetch_row($result);
print $char[0]."</br>";
}
echo" <br />
<a href='http://sayt-ru'>Cross Realm Battlegrounds</a><br />
<a href='http://sayt-ru'>World PvP </a><br />
<a href='http://sayt-ru'>Rogue Talents revamped </a>
</div>
</div>
<div id='footer'>
<a href='http://sayt-ru'>News</a>
<a href='http://sayt-ru'>Game Guide </a>
<a href='http://sayt-ru'>Interactive</a>
<a href='http://sayt-ru'>Community</a>
<a href='http://sayt-ru'>Account</a>
<a href='http://sayt-ru'>Support</a>
<a href='http://sayt-ru'>Media</a>
<p><a href='http://sayt-ru'>Legal Documents</a>
<a href='http://sayt-ru'>Game Policies</a> <br />
©2006 <a href='http://sayt-ru'>WorldofWarcraft</a>. All rights reserved.</p>
</div>
</div>
</body>
</html>";
?>
PHP код:
<?php
$user = 'логин';
$haslo = 'пасс';
$topbaza = "Game";
$nazwabazy = "Account";
$hostbazy = "ип";
$portgs = "порт";
$portgs1 = "порт";
$portgs2 = "порт";
$portgs3 = "порт";
$reg_open = true;
?>
|
