ArcEmu: [Release] Yaart - The safest account creation script - ArcEmu

Jump to content

Toggle shoutbox Lastest Announcements

dfighter  : (07 December 2014 - 12:06 PM) Arcemu is in hibernation mode, please read http://arcemu.org/fo...showtopic=26903
dfighter  : (01 January 2013 - 05:56 PM) Arcemu wishes you all a happy new year!
Hasbro  : (12 September 2012 - 10:01 AM) Please excuse our outage from the web! Our web host had a major malfunction!
dfighter  : (01 September 2012 - 04:05 PM) Since the spam bots just don't want to stop, I've enabled admin verification when registering.
dfighter  : (23 January 2012 - 09:56 PM) Please note that from now on you will need to confirm your email on the wiki in order to edit it!
Hasbro  : (31 December 2011 - 12:50 PM) Happy New Years all!
Navid  : (26 December 2011 - 04:09 AM) Merry Christmas !!!!!! Happy holidays all :)
WAmadeus  : (24 December 2011 - 03:54 PM) Merry Christmas to all!
dfighter  : (24 December 2011 - 11:05 AM) The Arcemu team wishes y'all a Merry Christmukkah!
Hasbro  : (05 October 2011 - 12:53 PM) Looking for web designers for upcoming web related project. If you're interested in designing user interfaces contact me
dfighter  : (02 September 2011 - 03:47 PM) So who here wants vehicles in Arcemu? :P http://arcemu.org/fo...showtopic=25440
Hasbro  : (14 August 2011 - 03:25 PM) Join us on irc, grab an irc client and connect to irc.freenode.net join channel #arcemu /server irc.freenode.net:6667 /join #arcemu
jackpoz  : (03 August 2011 - 05:33 AM) to all Lua Engine (old one) users: please check http://arcemu.org/fo...showtopic=25274
Hasbro  : (20 May 2011 - 05:27 PM) Looking for people experienced with CMake configuration and setup! Contact me asap
Hasbro  : (15 May 2011 - 05:03 PM) ArcEmu is recruiting C++ programmers, contact Hasbro if interested.
paroxysm  : (03 May 2011 - 06:26 PM) Updated luabridge gossip example to describe the whole gossip creation process rather than just how to create menu. Gossip tutorial
paroxysm  : (23 April 2011 - 11:35 AM) Lua writers can refer to the Luabridge Tutorials section in the Wiki to learn how to write gossip code correctly.
Hasbro  : (20 April 2011 - 05:22 PM) Thank you for your continuous contribution of bug reports, we are working on them.
Hasbro  : (17 April 2011 - 03:20 AM) Please consider donating to support our bills. Donations can be sent using PayPal to donations@arcemu.org - Thank you for your support.
paroxysm  : (10 April 2011 - 12:43 AM) Refer to the Luabridge Tutorials section in the Wiki to learn the new syntax of luabridge.
Resize Shouts Area

  • (3 Pages)
  • +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

[Release] Yaart - The safest account creation script Yaart - Yet another account registration tool

#1 User is offline   Gachl 

  • Occasional Poster
  • PipPip
  • Group: Members
  • Posts: 113
  • Joined: 08-June 08
  • Location:Basel // Switzerland
  • Interests:PHP and stuff

Posted 10 August 2008 - 05:31 AM

Yaart - Yet another account registration tool
But it has special features:
Special security, tested against SQL-, HTML-, Code Injection, Bots, Spammers, Remote file view, Remote include.
Contains a Captcha (these stupid random character sequence pictures)
Information collector (you can switch that feature on and off): Get more informations about your user than other account creator (like forename, surename, birthdate, gender)
Compatible with ALL versions of account databases (the account table query is simply editable)
Colors can be set, so the design fits into your website.
Multilingual (Preset: English and German, you can add your language very simply)
Version control, you get a message if a new version is online.
W3C checked!

Code:
CODE-BOX
<?PHP
// VERSION: 2009-04-15 r5
// Please check http://arcemu.org/fo...?showtopic=2853
// for new versions.
//
// Yaart - Yet another account registration tool
// Written by Daniel Vogel (Gachl)
//
// What makes this tool better than other tools?
// -This tool is secure, it is protected against a lot of xss and bots.
// -Further this tool gathers more informations about your users than every other account creator!
// -The HTML output is w3c ready.
// -It can be run with and without SSL.

/* ####################################################
* # W A R N I N G ! ! ! #
* # ------------------------------------------------ #
* # PLEASE READ THE INSTALLATION INSTRUCTIONS BEFORE #
* # YOU FILL OUT ALL VARIABLES! #
* #####################################################
*/
/* _________________________________________________
< I N S T A L L A T I O N >
* |=================================================|
* | If you activate the information collector this |
* | tool needs a new table to save the informations.|
* | If you want to use this feature just enable it |
* | and fill in the variable "$dbiname" the name of |
* | the database where the table shall be created. |
* | Please make sure that the given database user |
* | has read and writeaccess to that database and |
* | is able to create new tables. |
* | This script will only create one single table |
* | if you activate this feature. |
* | To get this tool running enter below all re- |
* | quired informations. |
* | If you have problems using this tool get to |
* | my IRC network irc.data-universal.net #php and |
* | ask your questions or write a private message |
* | to Gachl on http://arcemu.org |
* | Thank you for using this tool! |
* |=================================================|
* <_________________________________________________>

/*
* This tool has been tested against following attacks:
* SQL Injection
* HTML Injection
* Code Injection
* Bots
* Spammer
* Remotefileview
* Remoteinclude
*
*/

// ####################################################
// # Webmasters, fill out the following informations: #
// ####################################################

/*
* $backgroundcolor:
* The background color of the webpage (HTML colors)
*
* $textcolor:
* The text color of the webpage (HTML colors)
*
* $warningcolor:
* The color of warnings (HTML colors)
*
* $okaycolor:
* The color of confirmations (HTML colors)
*
* $fontfamily:
* The font family (CSS font-family)
*
* $fontsize:
* The font size (CSS font-size)
*
* $headerimage:
* The HTML-path to a header image. null for none.
*
* $footertext:
* The text on the footer of the page.
*
* $pagetitle:
* The title of the page.
*
* $style:
* Text align. 0 = left, 1 = center
*/
$backgroundcolor = "FFFFFF";
$textcolor = "000000";
$warningcolor = "FF0000";
$okaycolor = "00FF00";
$fontfamily = "verdana";
$fontsize = "12px";
$headerimage = null;
$footertext = "<br><br>\n\nThis script is made by Gachl.";
$pagetitle = "Account creator";
$style = 1;

/* The values for the information collector:
0 = forename
1 = surename
2 = born
3 = gender
/* Required informations */
$required = Array(0,3);
/* Not required informations */
$notrequired = Array(1,2);

/*
* $dburl:
* The URL / hostaddress to your database server.
*
* $dbuser:
* The username for the database. It needs read/writeaccess to $dbwname
* and if you enabled the information collector it needs permissions to
* create a new table.
*
* $dbpass:
* The password for the user.
*
* $dbwname:
* The name of your ArcEmu account database.
*
* $dbiname:
* The name of the database where the table for the informations is in.
*
* $enableic:
* Do you want to enable the information collector?
* Valid values: true (enables this feature), false (diables this feature)
*
* $itable:
* The name of the table where the informations shall be stored (this
* table must not exists, the script will create it!
*
* $atable:
* The name of the table in the ArcEmu account database where the accounts are stored in
* Default: accounts
* $usernamefield:
* The name of the database field where the username is stored in.
*
* $emailfield:
* The name of the database field where the email is stored in.
*/
$dburl = "host";
$dbuser = "user";
$dbpass = "pass";
$dbwname = "name";
$dbiname = "name";
$enableic = true;
$itable = "informations";
$atable = "accounts";
$usernamefield = "login";
$emailfield = "email";

$table = Array(
/* For compatibility to all versions set the fields of the account table.
* Variables:
* Variable Value Type
* %login% Username Text
* %password% Password Text
* %email% Email Text
* %flags% WOW (0) or TBC (8) Integer
*
* Table field name => Value */
"acct" => 'NULL',
"login" => '"%login%"',
"password" => '"%password%"',
"encrypted_password"=> '""',
"gm" => '""',
"banned" => '0',
"lastlogin" => '"0000-00-00 00:00:00"',
"lastip" => '"0.0.0.0"',
"email" => '"%email%"',
"flags" => '%flags%',
"forceLanguage" => '"enUS"',
"muted" => '0'
);

/* LANGUAGE SETTINGS */
// English
$lang = Array(
"accountexist"=> "This accountname already exists.",
"confirmmail" => "Confirm EMail",
"headerimage" => "headerimage",
"welcometext" => "Welcome to our World of Warcraft server. You can register an account here.",
"mustfillin" => "* These fields must be filled out!",
"wowversion" => "World of Warcraft version (TBC / no TBC)",
"emailinuse" => "This email address is already in use.",
"pwnomatch" => "The two entered passwords are not the same.",
"confirmpw" => "Confirm password",
"mailwrong" => "The two entered email addresses are not equal.",
"username" => "Username",
"password" => "Password",
"forename" => "Forename",
"surename" => "Surename",
"congrats" => "Congratulations. You account has been successfully created.",
"invalid" => "The field % contains invalid characters! Allowed: Upper- and lowercase a-z, 0-9, ., - and _",
"submit" => "Submit",
"female" => "Female",
"empty" => "The field % must be filled!",
"email" => "EMail address",
"born" => "Born",
"male" => "Male",
"sex" => "Gender",
"cap" => "The typed character sequence is wrong."
);

// German (remove the /* and */ to use it)
/*$lang = Array(
"accountexist"=> "Dieser Benutzername existiert bereits.",
"confirmmail" => "EMail best&auml;tigen",
"headerimage" => "titelbild",
"welcometext" => "Willkommen auf unserem World of Warcraft Server. Du kannst dir hier einen Account erstellen.",
"mustfillin" => "* Diese Felder m&uuml;ssen ausgef&uuml;llt werden!",
"wowversion" => "World of Warcraft Version (TBC / kein TBC)",
"emailinuse" => "Diese EMailadresse wird bereits benutzt.",
"pwnomatch" => "Die beiden eingegebenen Passw&ouml;rter sind nicht gleich.",
"confirmpw" => "Passwort best&auml;tigen",
"mailwrong" => "Die zwei eingegebenen EMailadressen stimmen nicht &uuml;berein.",
"username" => "Benutzername",
"password" => "Passwort",
"forename" => "Vorname",
"surename" => "Nachname",
"congrats" => "Gratulation, dein Account wurde erfolgreich erstellt.",
"invalid" => "Das Feld % beinhaltet ung&uuml;ltige Zeichen. Erlaubt: Grosse und kleine a-z, 0-9, ., - und _",
"submit" => "Absenden",
"female" => "Frau",
"empty" => "Das Feld % muss ausgef&uuml;llt werden!",
"email" => "EMailadresse",
"born" => "Geboren",
"male" => "Mann",
"sex" => "Geschlecht",
"cap" => "Die eingegebenen Zeichen sind falsch."
);*/
/*****************************************************\
* Thats all you can set. Now check the values again *
* and if you think they are okay run the script and *
* try it once. *
\*****************************************************/

// ########################################################################
// # DO NOT EDIT BELOW HERE IF YOU DON'T KNOW WHAT EXACTLY YOU ARE DOING! #
// ########################################################################

$currentVersion = 20090415; // DO NEVER CHANGE THAT LINE!!!

// This function creates a random string
function random($count = 14) {
$possible = "0123456789bcdfghjkmnpqrstvwxyz";
$random = "";
for ($i = 0; $i < $count; $i++)
$random .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
return $random;
}

// Check if some of the values in a list equals with another value
function equals($list) {
foreach ($list as $v1) {
foreach ($list as $v2) {
if ($v1 == $v2)
return true;
}
}
return false;
}

// Check if a string contains invalid characters
function containsInvalidCharacters($string) {
$string = preg_match('/[^a-zA-Z0-9.-_]/', $string);
return (intval($string) === 0) ? false : true;
}

function invalid($fieldname) {
global $lang;
return str_replace("%", $fieldname, $lang['invalid']);
}

function emptyfield($fieldname) {
global $lang;
return str_replace("%", $fieldname, $lang['empty']);
}

session_start(); // We need a session here to save the form field names

// Create on of these ... captchas?
if (!empty($_GET['g']) && ($_GET['g'] == "1")) {
$chars = strtolower(random(5));
$_SESSION['imagecode'] = md5($chars);
header("Content-type: image/png");
$im = imagecreatetruecolor(120, 20);
$text1 = imagecolorallocate($im, rand(0, 80), rand(0, 80), rand(0, 80));
$text2 = imagecolorallocate($im, rand(0, 80), rand(0, 80), rand(0, 80));
$text3 = imagecolorallocate($im, rand(0, 80), rand(0, 80), rand(0, 80));
$text4 = imagecolorallocate($im, rand(0, 80), rand(0, 80), rand(0, 80));
$text5 = imagecolorallocate($im, rand(0, 80), rand(0, 80), rand(0, 80));
$rect1 = imagecolorallocate($im, rand(150, 255), rand(150, 255), rand(150, 255));
$rect2 = imagecolorallocate($im, rand(150, 255), rand(150, 255), rand(150, 255));
$rect3 = imagecolorallocate($im, rand(150, 255), rand(150, 255), rand(150, 255));

imagefilledrectangle($im, 0, 0, 120, 20, imagecolorallocate($im, rand(120, 160), rand(120, 160), rand(120, 160)));

imagerectangle($im, rand(0, 90), rand(0, 20), rand(0, 90), rand(0, 20), $rect1);
imagerectangle($im, rand(80, 120), rand(0, 20), rand(80, 120), rand(0, 20), $rect2);
imagerectangle($im, rand(60, 111), rand(0, 20), rand(50, 90), rand(0, 20), $rect3);

imagestring($im, 5, rand(1, 25), 3, $chars[0], $text1);
imagestring($im, 5, rand(30, 50), 3, $chars[1], $text2);
imagestring($im, 5, rand(55, 75), 3, $chars[2], $text3);
imagestring($im, 5, rand(80, 100), 3, $chars[3], $text4);
imagestring($im, 5, rand(105, 112), 3, $chars[4], $text5);

imagepng($im);
imagedestroy($im);

exit();
// Looks stupid.. :P
}

$errors = Array();
$success = false;

// This is for security purpose. If the names of the input fields are not the same every time
// no bot can fill them out and out again.
$fusername = "";
$fpassword = "";
$fconfirmpassword = "";
$femail = "";
$fconfirmemail = "";
$fgametype = "";
$fforename = "";
$fsurename = "";
$fborn = "";
$fgender = "";
$fsubmit = "";

do {
$fusername = random();
$fpassword = random();
$fconfirmpassword = random();
$femail = random();
$fconfirmemail = random();
$fgametype = random();
$fforename = random();
$fsurename = random();
$fdd = random();
$fmm = random();
$fyyyy = random();
$fgender = random();
$fcaptcha = random();
$fsubmit = random();
} while (!equals(Array($fusername, $fpassword, $fconfirmpassword, $femail, $fconfirmemail, $fgametype, $fforename, $fsurename, $fdd, $fmm, $fyyyy, $fgender, $fcaptcha, $fsubmit)));

if (!empty($_SESSION['fsubmit']) && !empty($_POST[$_SESSION['fsubmit']]) && ($_POST[$_SESSION['fsubmit']] === $lang['submit'])) {
// The form seems to be submitted.
$uname = $_SESSION['fusername'];
$pw = $_SESSION['fpassword'];
$cpw = $_SESSION['fconfirmpassword'];
$mail = $_SESSION['femail'];
$cmail = $_SESSION['fconfirmemail'];
$gt = $_SESSION['fgametype'];
$fore = $_SESSION['fforename'];
$sure = $_SESSION['fsurename'];
$dd = $_SESSION['fdd'];
$mm = $_SESSION['fmm'];
$yyyy = $_SESSION['fyyyy'];
$sex = $_SESSION['fgender'];
$cap = $_SESSION['fcaptcha'];
$subm = $_SESSION['fsubmit'];

// Get form values
$uname = trim($_POST[$uname]);
$pw = $_POST[$pw];
$cpw = $_POST[$cpw];
$mail = trim($_POST[$mail]);
$cmail = trim($_POST[$cmail]);
$gt = intval($_POST[$gt]);
$fore = trim($_POST[$fore]);
$sure = trim($_POST[$sure]);
$dd = intval($_POST[$dd]);
$mm = intval($_POST[$mm]);
$yyyy = intval($_POST[$yyyy]);
$sex = intval($_POST[$sex]);
$cap = $_POST[$cap];
$subm = $_POST[$subm];

$attemp = false;

// Check

//Checking for bot or brute
if (!empty($_POST['login']) || !empty($_POST['password']))
die("Fatal hacking attempt. Aborting!");

// Checking all valid fields
if (empty($uname))
$errors[] = emptyfield($lang['username']);

if (containsInvalidCharacters($uname)) {
$errors[] = invalid($lang['username']);
$attemp = true;
}

mysql_connect($dburl, $dbuser, $dbpass) or die(mysql_error() . "<br>\nWebmaster, check the script configuration!");
mysql_select_db($dbwname) or die(mysql_error() . "<br>\nWebmaster, check the script configuration!");

if (!empty($uname) && !$attemp) {
$usercount = mysql_fetch_assoc(mysql_query("SELECT COUNT(*) AS `count` FROM `$atable` WHERE `$usernamefield` = \"$uname\";"));
if (intval($usercount['count']) !== 0)
$errors[] = $lang['accountexist'];
}

if (empty($pw))
$errors[] = emptyfield($lang['password']);

if (empty($cpw))
$errors[] = emptyfield($lang['confirmpw']);

if (empty($mail))
$errors[] = emptyfield($lang['email']);

if (empty($cmail))
$errors[] = emptyfield($lang['confirmmail']);

$attemp = false;

if (!empty($mail)) {
if (strpos($mail, "@") !== false) {
$emailname = substr($mail, 0, strpos($mail, "@"));
$domain = substr($mail, strpos($mail, "@") + 1);
if (containsInvalidCharacters($emailname) || containsInvalidCharacters($domain)) {
$errors[] = invalid($lang['email']);
$attemp = true;
}
} else {
$errors[] = invalid($lang['email']);
}
}

if (!$attemp) {
$usercount = mysql_fetch_assoc(mysql_query("SELECT COUNT(*) AS `count` FROM `$atable` WHERE `$emailfield` = \"$mail\";"));
if (intval($usercount['count']) !== 0)
$errors[] = $lang['emailinuse'];
}

if ($mail != $cmail)
$errors[] = $lang['mailwrong'];

if (($gt !== 0) && ($gt !== 8))
$errors[] = invalid($lang['wowversion']);

if ($enableic) {
// forename surename born gender
if (in_array(0, $required) || in_array(0, $notrequired)) {
if (in_array(0, $required)) {
if (empty($fore))
$errors[] = emptyfield($lang['forename']);
}
if (containsInvalidCharacters($fore))
$errors[] = invalid($lang['forename']);
}

// surename
if (in_array(1, $required) || in_array(1, $notrequired)) {
if (in_array(1, $required)) {
if (empty($sure))
$errors[] = emptyfield($lang['surename']);
}
if (containsInvalidCharacters($sure))
$errors[] = invalid($lang['surename']);
}

$born = "$yyyy-$mm-$dd";
}

if ($_SESSION['imagecode'] !== md5(trim(strtolower($cap))))
$errors[] = $lang['cap'];
// Submit is checked but more checks are more safety
if (empty($subm) || ($subm != $lang['submit']))
die("Hack attempt!");

// Only continue if everything is okay.
if (count($errors) === 0) {
mysql_select_db($dbwname) or die(mysql_error() . "<br>\nWebmaster, check the script configuration!");

$query = "INSERT INTO `" . $atable . "` (";
$secondq = ") VALUES (";
foreach ($table as $key => $value) {
$find = Array("%login%", "%password%", "%email%", "%flags%");
$replace = Array($uname, $pw, $mail, $gt);
$value = str_replace($find, $replace, $value);
$query .= "`$key`, ";
$secondq .= "$value, ";
}

$query = substr($query, 0, strlen($query) - 2) . substr($secondq, 0, strlen($secondq) - 2) . ");";
mysql_query($query) or die(mysql_error() . "<br>\nWebmaster, check the script configuration (table settings)!");
$acct = mysql_insert_id();
if ($acct < 1)
$errors[] = "FATAL ERROR. Check your database.";
if ($enableic) {
mysql_select_db($dbiname) or die(mysql_error() . "<br>\nWebmaster, check the script configuration (table settings)!");
$tablecheck = mysql_query("SHOW TABLES;");
$tblexists = false;
while ($row = mysql_fetch_assoc($tablecheck)) {
if ($row['Tables_in_' . $dbiname] == $itable) {
$tblexists = true;
break;
}
}

if (!$tblexists) {
mysql_query("CREATE TABLE `$dbiname`.`$itable` (
`id` INT UNSIGNED NOT NULL ,
`forename` VARCHAR( 60 ) NOT NULL ,
`surename` VARCHAR( 60 ) NOT NULL ,
`born` DATE NOT NULL ,
`gender` ENUM( '" . $lang['male'] . "', '" . $lang['female'] . "' ) NOT NULL ,
PRIMARY KEY ( `id` )
);");
}

$efore = (in_array(0, $required) || in_array(0, $notrequired));
$esure = (in_array(1, $required) || in_array(1, $notrequired));
$eborn = (in_array(2, $required) || in_array(2, $notrequired));
$egend = (in_array(3, $required) || in_array(3, $notrequired));

$query = 'INSERT INTO `' . $itable . '` VALUES (' . $acct . ', "' . ($efore ? $fore : "") . '", "' . ($esure ? $sure : "") . '", "' . ($eborn ? $born : "") . '", "' . (empty($sex) ? $lang['male'] : ((intval($sex) == 0) ? $lang['male'] : $lang['female'])) . '");';
mysql_query($query) or die(mysql_error() . "<br>\nWebmaster, check the script configuration (table settings)!");
}
$success = true;
}
}

$_SESSION['fusername'] = $fusername;
$_SESSION['fpassword'] = $fpassword;
$_SESSION['fconfirmpassword'] = $fconfirmpassword;
$_SESSION['femail'] = $femail;
$_SESSION['fconfirmemail'] = $fconfirmemail;
$_SESSION['fgametype'] = $fgametype;
$_SESSION['fforename'] = $fforename;
$_SESSION['fsurename'] = $fsurename;
$_SESSION['fyyyy'] = $fyyyy;
$_SESSION['fmm'] = $fmm;
$_SESSION['fdd'] = $fdd;
$_SESSION['fgender'] = $fgender;
$_SESSION['fcaptcha'] = $fcaptcha;
$_SESSION['fsubmit'] = $fsubmit;

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title><?= $pagetitle ?></title>
<script type="text/javascript">
<!--
function reloadc() {
var c = this.document.getElementById("captcha");
var now = new Date();
c.src = '?g=1&amp;f=' + now.getTime();
}
-->
</script>
<style type="text/css">
<!--
body {
background-color: #<?= $backgroundcolor ?>;
color: #<?= $textcolor ?>;
font-family: <?= $fontfamily ?>;
font-size: <?= $fontsize ?>;
}

.error {
color: #<?= $warningcolor ?>;
}

.okay {
color: #<?= $okaycolor ?>;
}
-->
</style>
</head>
<body>
<?= ($style == 1) ? "<center>" : "" ?>
<?= (($headerimage != null) && empty($headerimage)) ? '<img src="' . $headerimage . '" alt="' . $lang['headerimage'] . '">' . "\n" : '' ?><br>
<?= $lang['welcometext'] ?><br>
<?PHP foreach ($errors as $error) echo '<span class="error">' . $error . '</span><br>' . "\n"; ?>
<?PHP if ($success) { ?>
<span class="okay"><?= $lang['congrats'] ?></span>
<?PHP } else { ?>
<form action="?" method="POST">
<table>
<tr>
<td><?= $lang['username'] ?>*</td>
<td><input type="text" name="<?= $fusername ?>"></td>
</tr>
<tr>
<td><?= $lang['password'] ?>*</td>
<td><input type="password" name="<?= $fpassword ?>"></td>
</tr>
<tr>
<td><?= $lang['confirmpw'] ?>*</td>
<td><input type="password" name="<?= $fconfirmpassword ?>"></td>
</tr>
<tr>
<td><?= $lang['email'] ?>*</td>
<td><input type="text" name="<?= $femail ?>"></td>
</tr>
<tr>
<td><?= $lang['confirmmail'] ?>*</td>
<td><input type="text" name="<?= $fconfirmemail ?>"></td>
</tr>
<tr>
<td><?= $lang['wowversion'] ?>*</td>
<td>
<select name="<?= $fgametype ?>">
<option value="8">World of Warcraft: The burning crusade</option>
<option value="1">World of Warcraft</option>
</select>
</td>
</tr>
<?PHP if ($enableic) { if (in_array(0, $required) || in_array(0, $notrequired)) { ?>
<tr>
<td><?= $lang['forename'] ?><?= in_array(0, $required) ? "*" : "" ?></td>
<td><input type="text" name="<?= $fforename ?>"></td>
</tr>
<?PHP } if (in_array(1, $required) || in_array(1, $notrequired)) { ?>
<tr>
<td><?= $lang['surename'] ?><?= in_array(1, $required) ? "*" : "" ?></td>
<td><input type="text" name="<?= $fsurename ?>"></td>
</tr>
<?PHP } if (in_array(2, $required) || in_array(2, $notrequired)) { ?>
<tr>
<td><?= $lang['born'] ?> (dd mm yyyy)<?= in_array(2, $required) ? "*" : "" ?></td>
<td>
<select name="<?= $fdd ?>"><?PHP for ($i = 1; $i < 32; $i++) echo "<option>$i</option>\n"; ?></select>
<select name="<?= $fmm ?>"><?PHP for ($i = 1; $i < 13; $i++) echo "<option>$i</option>\n"; ?></select>
<select name="<?= $fyyyy ?>"><?PHP for ($i = 1920; $i < 2009; $i++) echo "<option>$i</option>\n"; ?></select>
</td>
</tr>
<?PHP } if (in_array(3, $required) || in_array(3, $notrequired)) { ?>
<tr>
<td><?= $lang['sex'] ?><?= in_array(3, $required) ? "*" : "" ?></td>
<td>
<select name="<?= $fgender ?>">
<option value="0"><?= $lang['male'] ?></option>
<option value="1"><?= $lang['female'] ?></option>
</select>
</td>
</tr>
<?PHP } } ?>
<tr>
<td><img src="?g=1" alt="captcha" id="captcha"><a href="java script:reloadc()">R</a></td>
<td><input type="text" name="<?= $fcaptcha ?>"></td>
</tr>
<tr>
<td><input type="submit" name="<?= $fsubmit ?>" value="<?= $lang['submit'] ?>"></td>
<td>&nbsp;</td>
</tr>
</table>
<?= $lang['mustfillin'] ?>
<div style="visibility: hidden;"><input type="text" name="login"><input type="password" name="password"></div>
</form>
<?PHP } ?>
<?= $footertext ?>
<?= ($style == 1) ? "</center>" : "" ?>
</body>
</html>
<!-- This script is powered by Daniel "Gachl" Vogel. Thank you for using! -->

21539 Characters, 642 Lines, 2737 Words. (Could have changed)
Please keep my credits in the comments.

Have fun with this script.
If you need help just ask me!

Changelog:
#2008-08-11 | r2: Fixed captcha character cutoff thing.
#2008-08-14 | r3: Added an additional hacking attempt notifier.
#2008-08-14 | r3: Fixed possible sql injection.
#2008-08-14 | r3: Fixed error with information collector.
#2008-08-14 | r3: Fixed email check.
#2008-08-14 | r3: Added version control.
#2008-08-25 | r4: Markup and performance fixed.
#2009-04-15 | r5: Removed VC (sucked, domain unregistred...)

If you are using an older version please update now! You can see your version number in the first comment line in the script (r1 has none!)

For everyone who is searching security holes in that script note, that i wrote my own functions to protect the script against any kind of injection, so don't post here i have to use mysql_real_escape_string or functions like that because it is really really annoying if everyone writes that the script is not secure because i don't use that function blabla, thank you!

This post has been edited by Gachl: 15 April 2009 - 03:35 AM

Sorry for my bad english.
ATTENTION:
I haven't been playing WoW (retrail or arc) for over a year. So I don't know all the new designs and database structures and tweaks and values and all that, so don't bother me with "OMG I goz err0R on uR sc1ipAZZ!!! liek TABLE arc_user NOT FOUND. OMZG Wat to do??? halp plz!!" because I will not reply to this.
Swiss quality and neutrality.
Ich spreche Deutsch als Muttersprache. I speak German as first language. Je parle l'allemand comme langue maternelle.
Ich spreche ein wenig englisch. I speak a little bit English. Je parle un peu d'anglais.
Ich spreche ein wenig franz÷sisch. I speak a little bit Frensh. Je parle un peu franšais.
0

#2 User is offline   Hasbro 

  • Project Manager
  • PipPipPipPipPipPipPipPipPip
  • Group: Administrator
  • Posts: 2,526
  • Joined: 07-June 08
  • Gender:Male
  • Location:New York
  • Server OS:Windows

Posted 10 August 2008 - 11:03 PM

Very nice :)
-1

#3 User is offline   bobb 

  • Member
  • Pip
  • Group: Members
  • Posts: 16
  • Joined: 11-July 08

Posted 11 August 2008 - 01:39 AM

On firefox, sometimes last digit isn't readable in secret generator; it just falls outside the 120px Î 20px
Otherwise, good initiative :) Only too little people know how to close these holes :rolleyes:
0

#4 User is offline   HalestormXV 

  • The Ultimatum
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 1,031
  • Joined: 07-June 08
  • Gender:Male

Posted 11 August 2008 - 11:21 AM

Yes this is a good tool. However the problem posted above with the generator also exists on IE. The last number doesnt appear in the field and another number gets cut off. I can post a screenshot if you like unless you are already aware of the issue. Will add this to the Full List topic
**Owner of the Serenade of Sorrow Funserver**
My Most Recent Video: The Book of Kidou
Posted Image
0

#5 User is offline   Gachl 

  • Occasional Poster
  • PipPip
  • Group: Members
  • Posts: 113
  • Joined: 08-June 08
  • Location:Basel // Switzerland
  • Interests:PHP and stuff

Posted 11 August 2008 - 12:29 PM

Thank you for comments, I fixed the problem with the image (I hope :) ).

View PostHalestormXV, on Aug 11 2008, 06:21 PM, said:

Will add this to the Full List topic

I did that right?
Sorry for my bad english.
ATTENTION:
I haven't been playing WoW (retrail or arc) for over a year. So I don't know all the new designs and database structures and tweaks and values and all that, so don't bother me with "OMG I goz err0R on uR sc1ipAZZ!!! liek TABLE arc_user NOT FOUND. OMZG Wat to do??? halp plz!!" because I will not reply to this.
Swiss quality and neutrality.
Ich spreche Deutsch als Muttersprache. I speak German as first language. Je parle l'allemand comme langue maternelle.
Ich spreche ein wenig englisch. I speak a little bit English. Je parle un peu d'anglais.
Ich spreche ein wenig franz÷sisch. I speak a little bit Frensh. Je parle un peu franšais.
0

#6 User is offline   Shyish 

  • Member
  • Pip
  • Group: Members
  • Posts: 88
  • Joined: 07-June 08

Posted 11 August 2008 - 04:00 PM

uuur help.. when I try and use it on my site : Posted Image
I config'ed it right I think.
0

#7 User is offline   NabalXela 

  • Enthusiast
  • PipPipPip
  • Group: Members
  • Posts: 287
  • Joined: 07-July 08
  • Location:Sweden

Posted 11 August 2008 - 04:25 PM

Can we reskin the account creator if we keep the original credits in it? Cause it doesn't looks super nice at this moment. However I don't want to edit any of the code without your permission.

Old signature but I'm currently to lazy to make a new one :/
0

#8 User is offline   Shyish 

  • Member
  • Pip
  • Group: Members
  • Posts: 88
  • Joined: 07-June 08

Posted 11 August 2008 - 04:30 PM

yeah if you read all the config it shows you how.
and probably could otherways too..
0

#9 User is offline   Gachl 

  • Occasional Poster
  • PipPip
  • Group: Members
  • Posts: 113
  • Joined: 08-June 08
  • Location:Basel // Switzerland
  • Interests:PHP and stuff

Posted 12 August 2008 - 03:49 AM

View PostNabalXela, on Aug 11 2008, 11:25 PM, said:

Can we reskin the account creator if we keep the original credits in it? Cause it doesn't looks super nice at this moment. However I don't want to edit any of the code without your permission.

Yes, sure you can.
If you dont want to rewrite the whole css there are some config vars for color, fontsize and fontfamily.

View PostShyish, on Aug 11 2008, 11:00 PM, said:

uuur help.. when I try and use it on my site : Posted Image
I config'ed it right I think.

Hmm, does your server supports php (seems not...)? And check your php version (use 5.something).
Sorry for my bad english.
ATTENTION:
I haven't been playing WoW (retrail or arc) for over a year. So I don't know all the new designs and database structures and tweaks and values and all that, so don't bother me with "OMG I goz err0R on uR sc1ipAZZ!!! liek TABLE arc_user NOT FOUND. OMZG Wat to do??? halp plz!!" because I will not reply to this.
Swiss quality and neutrality.
Ich spreche Deutsch als Muttersprache. I speak German as first language. Je parle l'allemand comme langue maternelle.
Ich spreche ein wenig englisch. I speak a little bit English. Je parle un peu d'anglais.
Ich spreche ein wenig franz÷sisch. I speak a little bit Frensh. Je parle un peu franšais.
0

#10 User is offline   Shyish 

  • Member
  • Pip
  • Group: Members
  • Posts: 88
  • Joined: 07-June 08

Posted 12 August 2008 - 04:43 AM

It should, this is running on localhost with WAMP2 and my homepage is php :(

EDIT: yeah I've got 5.2.6
0

#11 User is offline   Gachl 

  • Occasional Poster
  • PipPip
  • Group: Members
  • Posts: 113
  • Joined: 08-June 08
  • Location:Basel // Switzerland
  • Interests:PHP and stuff

Posted 12 August 2008 - 06:55 AM

Hmm i really have no idea... Run this code on your server and poste the html output source code:
Test1:<?PHP ?>
Test2: <?= "Success" ?>
Test3: <?PHP echo "test"; ?>
Test4: <?= true ? "yes" : "no" ?>
Test5: <?PHP echo true ? "yes" : "no"; ?>

Sorry for my bad english.
ATTENTION:
I haven't been playing WoW (retrail or arc) for over a year. So I don't know all the new designs and database structures and tweaks and values and all that, so don't bother me with "OMG I goz err0R on uR sc1ipAZZ!!! liek TABLE arc_user NOT FOUND. OMZG Wat to do??? halp plz!!" because I will not reply to this.
Swiss quality and neutrality.
Ich spreche Deutsch als Muttersprache. I speak German as first language. Je parle l'allemand comme langue maternelle.
Ich spreche ein wenig englisch. I speak a little bit English. Je parle un peu d'anglais.
Ich spreche ein wenig franz÷sisch. I speak a little bit Frensh. Je parle un peu franšais.
0

#12 User is offline   Shyish 

  • Member
  • Pip
  • Group: Members
  • Posts: 88
  • Joined: 07-June 08

Posted 12 August 2008 - 01:36 PM

Test1:Test2: Test3: testTest4: Test5: yes
0

#13 User is offline   Gachl 

  • Occasional Poster
  • PipPip
  • Group: Members
  • Posts: 113
  • Joined: 08-June 08
  • Location:Basel // Switzerland
  • Interests:PHP and stuff

Posted 12 August 2008 - 01:47 PM

View PostShyish, on Aug 12 2008, 08:36 PM, said:

Test1:Test2: Test3: testTest4: Test5: yes

Not really the html source but a result... hmm your server seems to have problems with the <?= method, try replacing all
<?=

with
<?PHP echo

and add a semicolon before the endtag (?>) of every <?=
example:
<?= $pagetitle ?>

-->
<?PHP echo $pagetitle; ?>

This should work.
Check out your php ini too, maybe you can change something there... I really have no other solutions, sorry :P
Sorry for my bad english.
ATTENTION:
I haven't been playing WoW (retrail or arc) for over a year. So I don't know all the new designs and database structures and tweaks and values and all that, so don't bother me with "OMG I goz err0R on uR sc1ipAZZ!!! liek TABLE arc_user NOT FOUND. OMZG Wat to do??? halp plz!!" because I will not reply to this.
Swiss quality and neutrality.
Ich spreche Deutsch als Muttersprache. I speak German as first language. Je parle l'allemand comme langue maternelle.
Ich spreche ein wenig englisch. I speak a little bit English. Je parle un peu d'anglais.
Ich spreche ein wenig franz÷sisch. I speak a little bit Frensh. Je parle un peu franšais.
0

#14 User is offline   Shyish 

  • Member
  • Pip
  • Group: Members
  • Posts: 88
  • Joined: 07-June 08

Posted 12 August 2008 - 03:37 PM

well thanks for help :P
0

#15 User is offline   Shyish 

  • Member
  • Pip
  • Group: Members
  • Posts: 88
  • Joined: 07-June 08

Posted 13 August 2008 - 07:04 AM

Awesome it works now, well except the captcha : XXXXX
that isn't advertising as that is on a testing server so nerr!

Link removed, I got it working so I don't think I should get owned for nothing
0

#16 User is offline   Gachl 

  • Occasional Poster
  • PipPip
  • Group: Members
  • Posts: 113
  • Joined: 08-June 08
  • Location:Basel // Switzerland
  • Interests:PHP and stuff

Posted 14 August 2008 - 02:42 AM

New version online, please update (security purpose).
Added version control (you get a message if a new version is online).
Sorry for my bad english.
ATTENTION:
I haven't been playing WoW (retrail or arc) for over a year. So I don't know all the new designs and database structures and tweaks and values and all that, so don't bother me with "OMG I goz err0R on uR sc1ipAZZ!!! liek TABLE arc_user NOT FOUND. OMZG Wat to do??? halp plz!!" because I will not reply to this.
Swiss quality and neutrality.
Ich spreche Deutsch als Muttersprache. I speak German as first language. Je parle l'allemand comme langue maternelle.
Ich spreche ein wenig englisch. I speak a little bit English. Je parle un peu d'anglais.
Ich spreche ein wenig franz÷sisch. I speak a little bit Frensh. Je parle un peu franšais.
0

#17 User is offline   BadBull 

  • Member
  • Pip
  • Group: Members
  • Posts: 29
  • Joined: 07-June 08

Posted 21 August 2008 - 03:51 PM

Hmm... not working on me :P

My error:

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\register2.php:1) in C:\xampp\htdocs\register2.php on line 238

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\register2.php:1) in C:\xampp\htdocs\register2.php on line 238

0

#18 User is offline   0x0f7afc68 

  • Interested
  • PipPipPipPip
  • Group: Members
  • Posts: 461
  • Joined: 07-June 08

Posted 21 August 2008 - 04:14 PM

Hehe, means shorttags isn't enabled.

View PostGachl, on Aug 12 2008, 02:47 PM, said:

Not really the html source but a result... hmm your server seems to have problems with the <?= method, try replacing all
<?=

with
<?PHP echo

and add a semicolon before the endtag (?>) of every <?=
example:
<?= $pagetitle ?>

-->
<?PHP echo $pagetitle; ?>

This should work.
Check out your php ini too, maybe you can change something there... I really have no other solutions, sorry :(

0

#19 User is offline   BadBull 

  • Member
  • Pip
  • Group: Members
  • Posts: 29
  • Joined: 07-June 08

Posted 22 August 2008 - 07:30 AM

? So what i have to do?
0

#20 User is offline   Gachl 

  • Occasional Poster
  • PipPip
  • Group: Members
  • Posts: 113
  • Joined: 08-June 08
  • Location:Basel // Switzerland
  • Interests:PHP and stuff

Posted 24 August 2008 - 02:43 AM

Read what 0x0f7afc68 quoted and do it.
Your problem is, that the php shorttags are not enabled (<?= ?>) so you have to replace them with <?PHP echo ... ?> (as seen above).
Sorry for my bad english.
ATTENTION:
I haven't been playing WoW (retrail or arc) for over a year. So I don't know all the new designs and database structures and tweaks and values and all that, so don't bother me with "OMG I goz err0R on uR sc1ipAZZ!!! liek TABLE arc_user NOT FOUND. OMZG Wat to do??? halp plz!!" because I will not reply to this.
Swiss quality and neutrality.
Ich spreche Deutsch als Muttersprache. I speak German as first language. Je parle l'allemand comme langue maternelle.
Ich spreche ein wenig englisch. I speak a little bit English. Je parle un peu d'anglais.
Ich spreche ein wenig franz÷sisch. I speak a little bit Frensh. Je parle un peu franšais.
0

Share this topic:


  • (3 Pages)
  • +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users