Forum PHP.pl > [PHP]Kodowanie

Pomoc - Szukaj - Użytkownicy - Kalendarz

Kynval

22.11.2011, 19:49:18

witam.
mam problem.

to jest plik rejestracji kont, ale on automatycznie koduje hasla w md5, niestety moj server tego nie obsluguje.
dlatego chcialbym poprosic o pomoc, mianowicie, chciałbym, ażeby rejestracja dokonywała się bez problemów, natomiast, aby nie występowało kodowanie.

z góry dziękuje.

oto kod php:

[PHP] pobierz, plaintext 
<?
 
if(!defined('SkyTeamPageRUNNING') OR !$page["rejestracja"])
{
die("Include error..");
}
?>
<div style="text-align:center">
<?php
if($reg == 1)
{
include "mupagecore/coreincludes/logsth.php";
 
$login = $_POST["login"];
$pw = $_POST["pw"];
$cpw = $_POST["cpw"];
 
$login = trim($login);
$pw = trim($pw);
$cpw = trim($cpw);
 
$name = $login;
 
if($page["validate_by_email"])
	{
	$naglowki  = $lang_email_header;
 
	function IsEMail($e)
		{
		$atom = '[-a-z0-9!#$%&\'*+/=?^_`{|}~]';    // allowed characters for part before "at" character
		$domain = '([a-z]([-a-z0-9]*[a-z0-9]+)?)'; // allowed characters for part after "at" character
 
		$regex = '^' . $atom . '+' .        // One or more atom characters.
		'(\.' . $atom . '+)*'.              // Followed by zero or more dot separated sets of one or more atom characters.
		'@'.                                // Followed by an "at" character.
		'(' . $domain . '{1,63}\.)+'.        // Followed by one or max 63 domain characters (dot separated).
		$domain . '{2,63}'.                  // Must be followed by one set consisting a period of two
		'$';                                // or max 63 domain characters.
 
		if (strlen($e) == 0)
			{
			return false;
			}
		elseif(count(explode("@",$e)) != 2)
			{
			return false;
			}
		else
			{
			if (eregi($regex, $e))
				{	
				return true;
				}
			else
				{	
				return false;
				}
			}
		return false;
		} 
 
	if(isEMail($_POST['email'])) 
		{
		// check if its in database..
 
   		if(strpos($_POST['email'], "'") !== false)
			$email = false;
		else
			{
			$check_mail = mssql_query("SELECT EMail FROM ST_EMAIL WHERE EMail = '".$_POST['email']."'");
			$check_mail = mssql_fetch_row($check_mail);
			if($check_mail[0] == $_POST['email'])
				{
				echo $lang_email_alredy_used.'<br>';
				$email = false;
				}
			else
 				{
				$email = $_POST['email'];
				$mail_hash = md5(md5($nazwa.$email).md5($login,psw).md5(date('U')));
				}
			}
		}
	else
		{
		$email = false;
		}
	}
else
	{
	$email = 'Rejestracja przez strone';
	}
//temp
//$email = 'Rejestracja przez strone';
 
$prq = "pyt";
$pra = "odp";
 
if(!$email)
	{
	echo $lang_email_error;
	addtolog("<b>Wrong Email ".$_POST['email']."</b>","REG");
	}
elseif((strtoupper($_POST['regconfirm']) != $HTTP_SESSION_VARS['regcode'] OR empty($_POST['regconfirm'])) AND $page["reg_code"])
	{
	echo $lang_reg_wrong_confirm_code;
	addtolog("<b>Wrong code</b>","REG");
	}
elseif(ereg("[^0-9a-zA-Z_-]", $login, $str))
	{
	echo $lang_login_wrong_chars;
	addtolog("<b>Wrong Chars (login) $login</b>","REG");
	}
elseif(ereg("[^0-9a-zA-Z_-]", $pw, $str))
	{
	echo $lang_pw_wrong_chars;
	addtolog("<b>Wrong Chars (pass) $pass</b>","REG");
	}
else
	{
	$login_test = strtolower($login);
	$resultx = mssql_query("SELECT LOWER(memb___id) FROM MEMB_INFO WHERE LOWER(memb___id) = ('$login_test')") or die;
 
	if (mssql_num_rows($resultx)) 
		{
		echo $lang_this_acc_exist;
 		addtolog("<b>Exist account $login</b>","REG");
		}
	elseif (empty($login) || empty($name) || empty($email) || empty($pw) || empty($cpw)) 
		{
		echo $lang_fill_fields;
		}
	elseif (strlen($login) < 4) 
		{
    		echo $lang_login_too_short;
		}
	elseif (strlen($pw) < 4) 
		{
    		echo $lang_pass_too_short;
		}
	elseif (strlen($pw) > 10) 
		{
    		echo $lang_pass_too_long;
		} 
	elseif (strlen($login) > 10) 
		{
    		echo $lang_login_too_long;
		} 
	elseif ($pw != $cpw) 
		{
        	echo $lang_pass_not_correct;
		}
	else 
		{
		if($page["validate_by_email"] AND !$page["register_after_validation"]) // send mail..
			{
			mail($_POST['email'], $nazwa.$lang_email_title, sprintf($lang_email_content_1,$login,$nazwa,$mail_hash), $naglowki);
			mssql_query("INSERT INTO ST_EMAIL (AccountID,EMail,Fine,hash) values('$login','$email',0,'$mail_hash',".date('U').")");
			echo $lang_email_you_will_get_it.'<br>';
			}
 
		if(!$page["register_after_validation"] OR !$page["validate_by_email"])
			{
			addtolog("<b>REG: $login $pw</b>","REG");
			//mssql_query("INSERT INTO VI_CURR_INFO (ends_days,chek_code,used_time,memb___id,memb_name,memb_guid,sno__numb,Bill_
Section,Bill_value,Bill_Hour,Surplus_Point,Surplus_Minute,Increase_Days ) VALUES ('20055','1',1234,'$login','$login',1,'7','6','3','6','6',getdate(),0 )") or die('error, account exists');
			mssql_query("
					DECLARE	@btOutVal	BINARY(16)
					SET @btOutVal = MuOnline.dbo.UFN_MD5_ENCODEVALUE ( '$pw', '$login')
					INSERT INTO MEMB_INFO (memb___id,memb__pwd,memb_name,sno__numb,post_code,addr_info,addr_deta,tel__
numb,mail_addr,phon_numb,fpas_ques,fpas_answ,job__code,appl_days,modi_days,out__d
ays,true_days,mail_chek,bloc_code,ctl1_code) 
					VALUES ('$login',@btOutVal,'Name', '1','1234','11111','personalid','12343','$email','$email','$prq','$pra','1',getdate(),getdate(),getdate(),getdate(),'1','0','1')") or die('error, query failed');
 
			echo $lang_acc_done;
			}
		else
			{
			mail($_POST['email'], $nazwa.$lang_email_title, sprintf($lang_email_content_2,$login,$nazwa,$mail_hash), $naglowki);
			mssql_query("INSERT INTO ST_EMAIL (AccountID,EMail,Fine,hash) values('$login','$email',0,'$mail_hash',".date('U').")");
			mssql_query("SET IDENTITY_INSERT MEMB_INFO ON INSERT INTO MEMB_INFO (memb_guid,memb___id,memb__pwd,memb_name,sno__numb,post_code,addr_info,addr_
deta,tel__numb,mail_addr,phon_numb,fpas_ques,fpas_answ,job__code,appl_days,modi_d
ays,out__days,true_days,mail_chek,bloc_code,ctl1_code) VALUES ('1','$login','$pw','$name', '1','1234','11111','personalid','12343','$email','$email','$prq','$pra','1',getdate(),getdate(),getdate(),getdate(),'1','0','1')") or die('error, query failed');
 
			addtolog("<b>Wait to register: $login $pw [$mail_hash]</b>","REG");
			echo $lang_email_you_need_to_veryf_your_acc_before_you_can_play;
			}
		}
	}
}
else 
{
echo '<div style="text-align:center;">'.$lang_sorry_reg_off.'</div>';
include "mupagecore/coreincludes/logsth.php";
addtolog("<b>TRYING TO HACK REG SCRIPT: $login $pw</b>","REG");
}
 
 
$login2 = $HTTP_SESSION_VARS['loginvar'];
$login = $HTTP_SESSION_VARS['loginvar'];
?>
</div>
[PHP] pobierz, plaintext

CuteOne

22.11.2011, 20:58:03

Ten skrypt był pisany 10 lat temu i jest pełen dziur - lepiej skorzystaj z innej stronki pod Mu

Kynval

24.11.2011, 14:26:40

a nie jestes w stanie tylko wyłączyć kodowania?

plz.

albo... inny plik...
nie koduje, ale również nie tworzy konta:

[PHP] pobierz, plaintext 
<?
 
if(!defined('SkyTeamPageRUNNING') OR !$page["rejestracja"])
{
die("Include error..");
}
?>
<div style="text-align:center">
<?php
if($reg == 1)
{
include "mupagecore/coreincludes/logsth.php";
 
$login = $_POST["login"];
$pw = $_POST["pw"];
$cpw = $_POST["cpw"];
 
$login = trim($login);
$pw = trim($pw);
$cpw = trim($cpw);
 
$name = $login;
 
if($page["validate_by_email"])
	{
	$naglowki  = $lang_email_header;
 
	function IsEMail($e)
		{
		$atom = '[-a-z0-9!#$%&\'*+/=?^_`{|}~]';    // allowed characters for part before "at" character
		$domain = '([a-z]([-a-z0-9]*[a-z0-9]+)?)'; // allowed characters for part after "at" character
 
		$regex = '^' . $atom . '+' .        // One or more atom characters.
		'(\.' . $atom . '+)*'.              // Followed by zero or more dot separated sets of one or more atom characters.
		'@'.                                // Followed by an "at" character.
		'(' . $domain . '{1,63}\.)+'.        // Followed by one or max 63 domain characters (dot separated).
		$domain . '{2,63}'.                  // Must be followed by one set consisting a period of two
		'$';                                // or max 63 domain characters.
 
		if (strlen($e) == 0)
			{
			return false;
			}
		elseif(count(explode("@",$e)) != 2)
			{
			return false;
			}
		else
			{
			if (eregi($regex, $e))
				{	
				return true;
				}
			else
				{	
				return false;
				}
			}
		return false;
		} 
 
	if(isEMail($_POST['email'])) 
		{
		// check if its in database..
 
   		if(strpos($_POST['email'], "'") !== false)
			$email = false;
		else
			{
			$check_mail = mssql_query("SELECT EMail FROM ST_EMAIL WHERE EMail = '".$_POST['email']."'");
			$check_mail = mssql_fetch_row($check_mail);
			if($check_mail[0] == $_POST['email'])
				{
				echo $lang_email_alredy_used.'<br>';
				$email = false;
				}
			else
 				{
				$email = $_POST['email'];
				$mail_hash = md5(md5($nazwa.$email).md5($login,psw).md5(date('U')));
				}
			}
		}
	else
		{
		$email = false;
		}
	}
else
	{
	$email = 'Rejestracja przez strone';
	}
//temp
//$email = 'Rejestracja przez strone';
 
$prq = "pyt";
$pra = "odp";
 
if(!$email)
	{
	echo $lang_email_error;
	addtolog("<b>Wrong Email ".$_POST['email']."</b>","REG");
	}
elseif((strtoupper($_POST['regconfirm']) != $HTTP_SESSION_VARS['regcode'] OR empty($_POST['regconfirm'])) AND $page["reg_code"])
	{
	echo $lang_reg_wrong_confirm_code;
	addtolog("<b>Wrong code</b>","REG");
	}
elseif(ereg("[^0-9a-zA-Z_-]", $login, $str))
	{
	echo $lang_login_wrong_chars;
	addtolog("<b>Wrong Chars (login) $login</b>","REG");
	}
elseif(ereg("[^0-9a-zA-Z_-]", $pw, $str))
	{
	echo $lang_pw_wrong_chars;
	addtolog("<b>Wrong Chars (pass) $pass</b>","REG");
	}
else
	{
	$login_test = strtolower($login);
	$resultx = mssql_query("SELECT LOWER(memb___id) FROM MEMB_INFO WHERE LOWER(memb___id) = ('$login_test')") or die;
 
	if (mssql_num_rows($resultx)) 
		{
		echo $lang_this_acc_exist;
 		addtolog("<b>Exist account $login</b>","REG");
		}
	elseif (empty($login) || empty($name) || empty($email) || empty($pw) || empty($cpw)) 
		{
		echo $lang_fill_fields;
		}
	elseif (strlen($login) < 4) 
		{
    		echo $lang_login_too_short;
		}
	elseif (strlen($pw) < 4) 
		{
    		echo $lang_pass_too_short;
		}
	elseif (strlen($pw) > 10) 
		{
    		echo $lang_pass_too_long;
		} 
	elseif (strlen($login) > 10) 
		{
    		echo $lang_login_too_long;
		} 
	elseif ($pw != $cpw) 
		{
        	echo $lang_pass_not_correct;
		}
	else 
		{
		if($page["validate_by_email"] AND !$page["register_after_validation"]) // send mail..
			{
			mail($_POST['email'], $nazwa.$lang_email_title, sprintf($lang_email_content_1,$login,$nazwa,$mail_hash), $naglowki);
			mssql_query("INSERT INTO ST_EMAIL (AccountID,EMail,Fine,hash) values('$login','$email',0,'$mail_hash',".date('U').")");
			echo $lang_email_you_will_get_it.'<br>';
			}
 
		if(!$page["register_after_validation"] OR !$page["validate_by_email"])
			{
			addtolog("<b>REG: $login $pw</b>","REG");
			mssql_query("INSERT INTO VI_CURR_INFO (ends_days,chek_code,used_time,memb___id,memb_name,memb_guid,sno__numb,Bill_
Section,Bill_value,Bill_Hour,Surplus_Point,Surplus_Minute,Increase_Days ) VALUES ('20055','1',1234,'$login','$login',1,'7','6','3','6','6',getdate(),'0' )") or die('error, account exists');
			mssql_query("SET IDENTITY_INSERT MEMB_INFO ON INSERT INTO MEMB_INFO (memb_guid,memb___id,memb__pwd,memb_name,sno__numb,post_code,addr_info,addr_
deta,tel__numb,mail_addr,phon_numb,fpas_ques,fpas_answ,job__code,appl_days,modi_d
ays,out__days,true_days,mail_chek,bloc_code,ctl1_code) VALUES ('1','$login','$pw','$name', '1','1234','11111','personalid','12343','$email','$email','$prq','$pra','1',getdate(),getdate(),getdate(),getdate(),'1','0','1')") or die('error, query failed');
			echo $lang_acc_done;
			}
		else
			{
			mail($_POST['email'], $nazwa.$lang_email_title, sprintf($lang_email_content_2,$login,$nazwa,$mail_hash), $naglowki);
			mssql_query("INSERT INTO ST_EMAIL (AccountID,EMail,Fine,hash) values('$login','$email',0,'$mail_hash',".date('U').")");
 
			addtolog("<b>Wait to register: $login $pw [$mail_hash]</b>","REG");
			echo $lang_email_you_need_to_veryf_your_acc_before_you_can_play;
			}
		}
	}
}
else 
{
echo $lang_sorry_reg_off;
include "mupagecore/coreincludes/logsth.php";
addtolog("<b>TRYING TO HACK REG SCRIPT: $login $pw</b>","REG");
}
 
 
$login2 = $HTTP_SESSION_VARS['loginvar'];
$login = $HTTP_SESSION_VARS['loginvar'];
?>
</div>
[PHP] pobierz, plaintext

ktos chce pomóc?

wNogachSpisz

24.11.2011, 20:57:36

PHP bez md5()?

Poszukaj skryptu implementującego md5 w php, np:
http://stackoverflow.com/questions/1697882...m-i-going-wrong

Bateria

24.11.2011, 21:16:46

[PHP] pobierz, plaintext 
  <html>
  <head>
    <title>rejestracja</title>
  </head>
  <body>
  <form method="post" action="">
  Login: <input type="text" name="login">
  Haslo: <input type="password" name="password">
  email: <input type="text" name="email">
  </form>
  </body>
  </html>
<?php
  $mysql = mysql_connect('localhost','root','pass') or die (mysql_error());
  $mysql = mysql_select_db('dbname') or die (mysql_error());
 
  $login = $_POST['email'];
  $password = $_POST['password'];
  $email = $_POST['email'];
 
  $query = mysql_query("INSERT INTO users ('login','password','email') VALUES ($login, $password, $email);");
 
 if($query){
  echo('zarejestrowany poprawnie');
 } else {
  echo('blad w rejestracji');
}
?>
[PHP] pobierz, plaintext

Skorzystaj jak na początek z czegoś prostego, dopisz sobie do tego tylko wyrażenia regularne i dostosuj pola do swoich potrzeb.

To jest wersja lo-fi głównej zawartości. Aby zobaczyć pełną wersję z większą zawartością, obrazkami i formatowaniem proszę kliknij tutaj.