8 replies to this topic

[Ace-SG1-]

ok, well i do have a "secret number maker" BUT sometimes it well come out whith only 1 letter... like "J"... Is there a way to make it so it has to have 15 letters no matter what? (and saves it into MSSQL DB)

function randomkeys($length)
{
  $pattern = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIGKLMNOPQRSTUVWXYZ";
  for($i=0;$i<$length;$i++)
  {
   if(isset($key))
	 $key = $pattern{rand(0,35)};
   else
	 $key = $pattern{rand(0,35)};
  }
  return $key;
}

$sn = randomkeys(15);

INSERT INTO Login(UID, ID, PWD, Birth, Type, ExpTime, Email, MSN, AIM, IP, SN)
VALUES ('$z', '$name',$password, '19000101', '0', '4000', '$email', '$msn', '$aim', '$userip', '$sn')

Thank you.

[Demonslay]

The problem lies in the fact that you are re-writing over your $key string, instead of appending to it, like you should.
And there seems to be no reason to check whether or not the $key variable is set; kind of makes no sense since you are executing the exact same code either way.

function randomkeys($length){
  $pattern = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIGKLMNOPQRSTUVWXYZ';
  $key = '';
  for($i =0; $i < $length; $i++)
	$key .= $pattern{rand(0,35)};
  return $key;
}

[Ace-SG1-]

that still dont work...

<link href="style.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
.style1 {color: #FF0000}
-->
</style>
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></head>
<body>
<center>
<p align="center">Welcome to Server Ace Reg Page</p>
<p align="center">Please note that you are allowed to have one (1) accounts per IP address.  Your IP address is logged, if you hack/spam/cheat, you will be banned.<br>
If you don't like these terms, don't register an account.</p>
<h1 align="center">Create account</h1>
<div align="center">You have 
<?php
require 'config.php';
include_once('sql_check.php');
check_inject();	


$conn = mssql_connect("$dbhost", "$dbuser", "$dbpasswd");
mssql_select_db($db, $conn);


$userip = $_SERVER['REMOTE_ADDR'];
$userip= addslashes($userip);
$sql = "Select count(ip) From [Login] where IP = '$userip'";
mssql_close() or die('failed closing mssql');

//echo "<br>";
//echo $sql;
$result = mssql_query($sql, $conn);
$num_rows = mssql_fetch_row($result);
//echo "<br>";
echo $num_rows[0];
if ($num_rows[0] <1)
{
if(isset($_POST['submit']))
{
$name = addslashes($_POST[name]);
$conn = mssql_connect("$dbhost", "$dbuser", "$dbpasswd");
mssql_select_db($db, $conn);
$sql = "Select count(ID) From [Login] where ID = '$name'";

//echo "<br>";
//echo $sql;
$result = mssql_query($sql, $conn);
$acct_row = mssql_fetch_row($result);
mssql_close() or die('failed closing mssql');

//echo "<br>";
//echo $acct_row[0];

//SI Info
$email = addslashes($_POST[email]);
$msn = addslashes($_POST[MSN]);
$aim = addslashes($_POST[AIM]);

if ($acct_row[0] == "1")
{
echo "Account Name already taken, please try a different one.";
exit;
}
if($_POST['name'] == "")
{
echo "<font color=red>Please fill in everything</dont>";
exit;
}
elseif($_POST['pw'] == "")
{
echo "<font color=red>Please fill in everything</dont>";
exit;
}
elseif($_POST['pw'] != $_POST['pw2'])
{
echo "You mistyped your password, please try again";
exit;
}

elseif($_POST['email'] == "")
{
echo "<font color=red>Please check your Email Address</dont>";
exit;
}
elseif($_POST['email'] != $_POST['email2'])
{
echo "You mistyped your Emaill Address, please try again";
exit;
} 
function decstring ($str)
{
$out="0x";
$i = 0;
$len = strlen ($str);
while ($i < $len)
{

if(($str[$i])== "0") {$out=$out."2C";}
if(($str[$i])== "1") {$out=$out."3A";}
if(($str[$i])== "2") {$out=$out."4A";}
if(($str[$i])== "3") {$out=$out."91";}
if(($str[$i])== "4") {$out=$out."5D";}
if(($str[$i])== "5") {$out=$out."7A";}
if(($str[$i])== "6") {$out=$out."29";}
if(($str[$i])== "7") {$out=$out."BC";}
if(($str[$i])== "8") {$out=$out."6E";}
if(($str[$i])== "9") {$out=$out."D4";}

if(($str[$i])== "A") {$out=$out."FF";}
if(($str[$i])== "B") {$out=$out."F3";}
if(($str[$i])== "C") {$out=$out."F8";}
if(($str[$i])== "D") {$out=$out."9B";}
if(($str[$i])== "E") {$out=$out."50";}
if(($str[$i])== "F") {$out=$out."51";}
if(($str[$i])== "G") {$out=$out."6D";}
if(($str[$i])== "H") {$out=$out."E9";}
if(($str[$i])== "I") {$out=$out."9A";}
if(($str[$i])== "J") {$out=$out."B8";}
if(($str[$i])== "K") {$out=$out."84";}
if(($str[$i])== "L") {$out=$out."A8";}
if(($str[$i])== "M") {$out=$out."14";}
if(($str[$i])== "N") {$out=$out."38";}
if(($str[$i])== "O") {$out=$out."CE";}
if(($str[$i])== "P") {$out=$out."92";}
if(($str[$i])== "Q") {$out=$out."5C";}
if(($str[$i])== "R") {$out=$out."F5";}
if(($str[$i])== "S") {$out=$out."EE";}
if(($str[$i])== "T") {$out=$out."B3";}
if(($str[$i])== "U") {$out=$out."89";}
if(($str[$i])== "V") {$out=$out."7B";}
if(($str[$i])== "W") {$out=$out."A2";}
if(($str[$i])== "X") {$out=$out."AD";}
if(($str[$i])== "Y") {$out=$out."71";}
if(($str[$i])== "Z") {$out=$out."E3";}

if(($str[$i])== "a") {$out=$out."48";}
if(($str[$i])== "b") {$out=$out."DB";}
if(($str[$i])== "c") {$out=$out."FC";}
if(($str[$i])== "d") {$out=$out."09";}
if(($str[$i])== "e") {$out=$out."1F";}
if(($str[$i])== "f") {$out=$out."94";}
if(($str[$i])== "g") {$out=$out."12";}
if(($str[$i])== "h") {$out=$out."73";}
if(($str[$i])== "i") {$out=$out."37";}
if(($str[$i])== "j") {$out=$out."82";}
if(($str[$i])== "k") {$out=$out."81";}
if(($str[$i])== "l") {$out=$out."39";}
if(($str[$i])== "m") {$out=$out."C2";}
if(($str[$i])== "n") {$out=$out."8D";}
if(($str[$i])== "o") {$out=$out."7D";}
if(($str[$i])== "p") {$out=$out."08";}
if(($str[$i])== "q") {$out=$out."4F";}
if(($str[$i])== "r") {$out=$out."B0";}
if(($str[$i])== "s") {$out=$out."FE";}
if(($str[$i])== "t") {$out=$out."79";}
if(($str[$i])== "u") {$out=$out."0B";}
if(($str[$i])== "v") {$out=$out."D6";}
if(($str[$i])== "w") {$out=$out."23";}
if(($str[$i])== "x") {$out=$out."7C";}
if(($str[$i])== "y") {$out=$out."4B";}
if(($str[$i])== "z") {$out=$out."8E";}
if ($i >= $len)
break;
$i++;
}
return $out;
}

function randomkeys($length){
  $pattern = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIGKLMNOPQRSTUVWXYZ';
  $key = '';
  for($i =0; $i < $length; $i++)
	$key .= $pattern{rand(0,35)};
  return $key;
}

$conn = mssql_connect("$dbhost", "$dbuser", "$dbpasswd");
mssql_select_db($db, $conn);
$sqlx="SELECT MAX(DISTINCT UID) FROM Login";
mssql_close() or die('failed closing mssql');

$rs3= mssql_query ($sqlx, $conn);

$z=mssql_result($rs3, 0, 0)+1;
   
$password= decstring($_POST['pw']); 

$conn = mssql_connect("$dbhost", "$dbuser", "$dbpasswd");
mssql_select_db($db, $conn);   
mssql_query("SET IDENTITY_INSERT Login On

INSERT INTO Login(UID, ID, PWD, Birth, Type, ExpTime, Email, MSN, AIM, IP, SN)
VALUES ('$z', '$name',$password, '19000101', '0', '4000', '$email', '$msn', '$aim', '$userip', '$sn') 

SET IDENTITY_INSERT Login Off
");
mssql_close() or die('failed closing mssql');

echo "Account '".$_POST['name']."' successfully added! 
<br/><br />Your secret number: '$sn'
<br/><br />Save the secret number a safe place, to be sure you won't lose it.
<br/><br /> You will need this to get support.";
}
else
{
$conn = mssql_connect("$dbhost", "$dbuser", "$dbpasswd");
mssql_select_db($db, $conn);
$sqlx="SELECT MAX(DISTINCT UID) FROM Login";


$rs3= mssql_query ($sqlx, $conn);

$z=mssql_result($rs3, 0, 0)+1;
mssql_close() or die('failed closing mssql');

?>


Accounts<br>
</div>
<?php require 'forum.php'; ?>

<div align="center">
  <?php
}
}else {
echo " Sorry, you already excessed the account limit.";
}
?>
  <br>
  <p>COPYRIGHT <a href="http://www.Eather-Server.co.uk">www.eather-server.co.uk</a> (c) Eather Server 2006 - 2007<br>
	Addons COPYRIGHT <a href="www.kalserverace.com">www.kalserverace.com</a> (c) Server Ace 2006 - 2007 <br>
	Thank you to <a href="http://www.warpt.net">AresXP </a> for coding the registration script, credits to <a href="http://www.mypcrig.com">Shock</a> for the original design.<br>
	<br>
</p>
</div>
<?php require 'javascript.php'; ?>

<?php

// Anti-SQL Injection 
function check_inject() 
  { 
	$badchars = array(";", "'", "*", "/", "//", "///", "////", "/////", "//////", "///////", "////////", "//////////", "1", "0", " \ ", "DROP", "SELECT", "UPDATE", "DELETE", "drop", "select", "update", "delete", "WHERE", "where", "-1", "-2", "-3","-4", "-5", "-6", "-7", "-8", "-9"); 
   
	foreach($_POST as $value) 
	{ 
	$value = clean_variable($value);

	if(in_array($value, $badchars)) 
	  { 
		die("SQL Injection Detected - Make sure only to use letters and numbers!\n<br />\nIP: ".$_SERVER['REMOTE_ADDR']);
	  } 
	  else 
	  { 
		$check = preg_split("//", $value, -1, PREG_SPLIT_OFFSET_CAPTURE);
		foreach($check as $char) 
		{ 
		  if(in_array($char, $badchars)) 
		  { 
			die("SQL Injection Detected - Make sure only to use letters and numbers!\n<br />\nIP: ".$_SERVER['REMOTE_ADDR']); 
		  } 
		} 
	  } 
	} 
  } 
function clean_variable($var) 
	{ 
	$newvar = preg_replace('/[^a-zA-Z0-9\_\-]/', '', $var); 
	return $newvar; 
	}

?>

<form method='POST' action='index.php'  onSubmit="return validatePwd()" name="regform" >
  <div align="center">
	<table width="50%" border="0" cellpadding="0" cellspacing="2">
	  <tr>
		<td width="243">Login:* </td>
		<td width="243"><input type='text' name='name'></td>
	  </tr>
	  <tr>
		<td>Password:*</td>
		<td><input type='password' name='pw'></td>
	  </tr>
	  <tr>
		<td>Verify Password:*</td>
		<td><input type='password' name='pw2'></td>
	  </tr>
	  <tr>
		<td>Email Address:*</td>
		<td><input name='email' type='text' id="email"></td>
	  </tr>
	  <tr>
		<td>Verify Email Address:*</td>
		<td><input name='email2' type='text' id="email2"></td>
	  </tr>

	  <tr>
		<td>MSN:</td>
		<td><input name='MSN' type='text' id="MSN"></td>
	  </tr>
	  <tr>
		<td>AIM: </td>
		<td><p>
		  <input name='AIM' type='text' id="AIM">
		</p>
		</td>
	  </tr>
	</table>
	<p> </p>
	<p><input type='submit' name='submit' value='Add account'>
	</p>
  </div>
</form>

<script type="text/javascript">
<!--
var message="";
function clickIE() {if (document.all) {(message);return false;}}
function clickNS(e) {if 
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers) 
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}
document.oncontextmenu=new Function("return false")
// --> 
function validate_required(field,alerttxt)
{
with (field)
{
if (value==null||value=="")
  {alert(alerttxt);return false}
else {return true}
}
}function validate_form(thisform)
{
with (thisform)
{
if (validate_required(name,"Name must be filled out!")==false)
  {email.focus();return false}
if (validate_required(pw,"Password must be filled out!")==false)
  {email.focus();return false}
}
}
function validatePwd() {
var pw1 = document.regform.pw.value;
var pw2 = document.regform.pw2.value;
// check for a value in both fields.
if (pw1 != pw2) {
alert ("You did not enter the same new password twice. Please re-enter your password.");
return false;
}
}
//  End -->

</script>

Thank you.

[.CJ]

Try this function I wrote out:

//-------------------
// Generate an #num# digit ID
//-------------------
function randomID($num) {
	$str = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
	$randomID = substr(str_shuffle($str), 0, $num);
	return $randomID;
}

Then call it:

randomID(10); // Replace 10 with any number

Then just use that when inserting it into your database values.

Hope that helps.

[Ace-SG1-]

same... can u at least show me what it well look like in my script? please.

[Braunson]

Whats the LEARNING in that. I usally dont do this but w/e.

This is with .CJ's code, but with your orig. code you we're only missing a line. but w/e thats for you to figure out.

<link href="style.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
.style1 {color: #FF0000}
-->
</style>
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></head>
<body>
<center>
<p align="center">Welcome to Server Ace Reg Page</p>
<p align="center">Please note that you are allowed to have one (1) accounts per IP address.  Your IP address is logged, if you hack/spam/cheat, you will be banned.<br>
If you don't like these terms, don't register an account.</p>
<h1 align="center">Create account</h1>
<div align="center">You have
<?php
require 'config.php';
include_once('sql_check.php');
check_inject();	


$conn = mssql_connect("$dbhost", "$dbuser", "$dbpasswd");
mssql_select_db($db, $conn);


$userip = $_SERVER['REMOTE_ADDR'];
$userip= addslashes($userip);
$sql = "Select count(ip) From [Login] where IP = '$userip'";
mssql_close() or die('failed closing mssql');

//echo "<br>";
//echo $sql;
$result = mssql_query($sql, $conn);
$num_rows = mssql_fetch_row($result);
//echo "<br>";
echo $num_rows[0];
if ($num_rows[0] <1)
{
if(isset($_POST['submit']))
{
$name = addslashes($_POST[name]);
$conn = mssql_connect("$dbhost", "$dbuser", "$dbpasswd");
mssql_select_db($db, $conn);
$sql = "Select count(ID) From [Login] where ID = '$name'";

//echo "<br>";
//echo $sql;
$result = mssql_query($sql, $conn);
$acct_row = mssql_fetch_row($result);
mssql_close() or die('failed closing mssql');

//echo "<br>";
//echo $acct_row[0];

//SI Info
$email = addslashes($_POST[email]);
$msn = addslashes($_POST[MSN]);
$aim = addslashes($_POST[AIM]);

if ($acct_row[0] == "1")
{
echo "Account Name already taken, please try a different one.";
exit;
}
if($_POST['name'] == "")
{
echo "<font color=red>Please fill in everything</dont>";
exit;
}
elseif($_POST['pw'] == "")
{
echo "<font color=red>Please fill in everything</dont>";
exit;
}
elseif($_POST['pw'] != $_POST['pw2'])
{
echo "You mistyped your password, please try again";
exit;
}

elseif($_POST['email'] == "")
{
echo "<font color=red>Please check your Email Address</dont>";
exit;
}
elseif($_POST['email'] != $_POST['email2'])
{
echo "You mistyped your Emaill Address, please try again";
exit;
}
function decstring ($str)
{
$out="0x";
$i = 0;
$len = strlen ($str);
while ($i < $len)
{

if(($str[$i])== "0") {$out=$out."2C";}
if(($str[$i])== "1") {$out=$out."3A";}
if(($str[$i])== "2") {$out=$out."4A";}
if(($str[$i])== "3") {$out=$out."91";}
if(($str[$i])== "4") {$out=$out."5D";}
if(($str[$i])== "5") {$out=$out."7A";}
if(($str[$i])== "6") {$out=$out."29";}
if(($str[$i])== "7") {$out=$out."BC";}
if(($str[$i])== "8") {$out=$out."6E";}
if(($str[$i])== "9") {$out=$out."D4";}

if(($str[$i])== "A") {$out=$out."FF";}
if(($str[$i])== "B") {$out=$out."F3";}
if(($str[$i])== "C") {$out=$out."F8";}
if(($str[$i])== "D") {$out=$out."9B";}
if(($str[$i])== "E") {$out=$out."50";}
if(($str[$i])== "F") {$out=$out."51";}
if(($str[$i])== "G") {$out=$out."6D";}
if(($str[$i])== "H") {$out=$out."E9";}
if(($str[$i])== "I") {$out=$out."9A";}
if(($str[$i])== "J") {$out=$out."B8";}
if(($str[$i])== "K") {$out=$out."84";}
if(($str[$i])== "L") {$out=$out."A8";}
if(($str[$i])== "M") {$out=$out."14";}
if(($str[$i])== "N") {$out=$out."38";}
if(($str[$i])== "O") {$out=$out."CE";}
if(($str[$i])== "P") {$out=$out."92";}
if(($str[$i])== "Q") {$out=$out."5C";}
if(($str[$i])== "R") {$out=$out."F5";}
if(($str[$i])== "S") {$out=$out."EE";}
if(($str[$i])== "T") {$out=$out."B3";}
if(($str[$i])== "U") {$out=$out."89";}
if(($str[$i])== "V") {$out=$out."7B";}
if(($str[$i])== "W") {$out=$out."A2";}
if(($str[$i])== "X") {$out=$out."AD";}
if(($str[$i])== "Y") {$out=$out."71";}
if(($str[$i])== "Z") {$out=$out."E3";}

if(($str[$i])== "a") {$out=$out."48";}
if(($str[$i])== "b") {$out=$out."DB";}
if(($str[$i])== "c") {$out=$out."FC";}
if(($str[$i])== "d") {$out=$out."09";}
if(($str[$i])== "e") {$out=$out."1F";}
if(($str[$i])== "f") {$out=$out."94";}
if(($str[$i])== "g") {$out=$out."12";}
if(($str[$i])== "h") {$out=$out."73";}
if(($str[$i])== "i") {$out=$out."37";}
if(($str[$i])== "j") {$out=$out."82";}
if(($str[$i])== "k") {$out=$out."81";}
if(($str[$i])== "l") {$out=$out."39";}
if(($str[$i])== "m") {$out=$out."C2";}
if(($str[$i])== "n") {$out=$out."8D";}
if(($str[$i])== "o") {$out=$out."7D";}
if(($str[$i])== "p") {$out=$out."08";}
if(($str[$i])== "q") {$out=$out."4F";}
if(($str[$i])== "r") {$out=$out."B0";}
if(($str[$i])== "s") {$out=$out."FE";}
if(($str[$i])== "t") {$out=$out."79";}
if(($str[$i])== "u") {$out=$out."0B";}
if(($str[$i])== "v") {$out=$out."D6";}
if(($str[$i])== "w") {$out=$out."23";}
if(($str[$i])== "x") {$out=$out."7C";}
if(($str[$i])== "y") {$out=$out."4B";}
if(($str[$i])== "z") {$out=$out."8E";}
if ($i >= $len)
break;
$i++;
}
return $out;
}

//-------------------
// Generate an #num# digit ID
//-------------------
function randomID($num) {
	$str = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
	$randomID = substr(str_shuffle($str), 0, $num);
	return $randomID;
}

$sn = randomID(10); // Replace 10 with any number

$conn = mssql_connect("$dbhost", "$dbuser", "$dbpasswd");
mssql_select_db($db, $conn);
$sqlx="SELECT MAX(DISTINCT UID) FROM Login";
mssql_close() or die('failed closing mssql');

$rs3= mssql_query ($sqlx, $conn);

$z=mssql_result($rs3, 0, 0)+1;
  
$password= decstring($_POST['pw']);

$conn = mssql_connect("$dbhost", "$dbuser", "$dbpasswd");
mssql_select_db($db, $conn);  
mssql_query("SET IDENTITY_INSERT Login On

INSERT INTO Login(UID, ID, PWD, Birth, Type, ExpTime, Email, MSN, AIM, IP, SN)
VALUES ('$z', '$name',$password, '19000101', '0', '4000', '$email', '$msn', '$aim', '$userip', '$sn')

SET IDENTITY_INSERT Login Off
");
mssql_close() or die('failed closing mssql');

echo "Account '".$_POST['name']."' successfully added!
<br/><br />Your secret number: '$sn'
<br/><br />Save the secret number a safe place, to be sure you won't lose it.
<br/><br /> You will need this to get support.";
}
else
{
$conn = mssql_connect("$dbhost", "$dbuser", "$dbpasswd");
mssql_select_db($db, $conn);
$sqlx="SELECT MAX(DISTINCT UID) FROM Login";


$rs3= mssql_query ($sqlx, $conn);

$z=mssql_result($rs3, 0, 0)+1;
mssql_close() or die('failed closing mssql');

?>


Accounts<br>
</div>
<?php require 'forum.php'; ?>

<div align="center">
  <?php
}
}else {
echo " Sorry, you already excessed the account limit.";
}
?>
  <br>
  <p>COPYRIGHT <a href="http://www.Eather-Server.co.uk">www.eather-server.co.uk</a> (c) Eather Server 2006 - 2007<br>
	Addons COPYRIGHT <a href="www.kalserverace.com">www.kalserverace.com</a> (c) Server Ace 2006 - 2007 <br>
	Thank you to <a href="http://www.warpt.net">AresXP </a> for coding the registration script, credits to <a href="http://www.mypcrig.com">Shock</a> for the original design.<br>
	<br>
</p>
</div>
<?php require 'javascript.php'; ?>

[Ace-SG1-]

sorry... i learn by seening it... '' thank you.

[Hayden]

I know it's longer than what you want but I was noticing it is a "secret number" for a user account....

Why not just use the md5 result registration time stamp? it's 32 characters long instead of 15 but it's a lot more easily generated and will be unique per user account.

or if you just want it 15 characters...

$secret_number = substr(md5($join_date), 0, 15);

here's specifically how i did it

//Get the unix time
$date = time();

$code1 = md5($date); // regular 32 character code

$code2 = substr(md5($date), 0, 15); // same md5 chopped to 15 characters

Edited by SpatialVisionary, 07 September 2007 - 09:17 PM.

[Ace-SG1-]

well its for a game ya...