It is working perfectly fine except that if you make an account named for exemple: Netsu ( with a uppercase ) and then you try to make an account using "netsu" (without the uppercase) the script will say that your registeration has been completed but the two accounts will be blocked and the server will actually send an error into the client saying that the ID is unregistered.
The problem is that the script is not checking if the login already exist with or without an uppercase & it fucks up everything.
I would like to know if any of you guys can help me making this registeration form check the database correctly and not allow the two same ID's in my DB.
Thank you !
Edit: Here is the PHP code that actually get the account into the DB
Question
Netsu
Hello guys !
I come to you today because I have a problem that I can't seem to fix so here it is:
I'm actually using this registeration PHP script: https://rathena.org/board/files/file/2265-iris-acccount-registration/
It is working perfectly fine except that if you make an account named for exemple: Netsu ( with a uppercase ) and then you try to make an account using "netsu" (without the uppercase) the script will say that your registeration has been completed but the two accounts will be blocked and the server will actually send an error into the client saying that the ID is unregistered.
The problem is that the script is not checking if the login already exist with or without an uppercase & it fucks up everything.
I would like to know if any of you guys can help me making this registeration form check the database correctly and not allow the two same ID's in my DB.
Thank you !
Edit: Here is the PHP code that actually get the account into the DB
<?php if(!defined('ODIN_ROOT')) exit; function SQL($sql) { $con = mysql_connect($sql['host'],$sql['user'],$sql['pass']); if (!$con) $ERROR['dbError'] = TRUE; $dba = mysql_select_db($sql['db']); if (!$dba) $ERROR['dbError'] = TRUE; } function checkString($str) { if(preg_match("/[^a-zA-Z0-9]/", $str) != 0) return TRUE; else return FALSE; } function printErrors($errorList, $errors) { global $REGFAIL; $output=(string)""; foreach($errors as $key => $value) { if($value == TRUE) { $output .= "<li>" . $errorList[$key] . "</li>\n"; } } return printf($REGFAIL, $output); } foreach(array('user','pass','email','sex') as $value) { ${$value} = (array_key_exists($value, $_POST)) ? $_POST[$value] : FALSE; } if($user == FALSE || $pass == FALSE || $email == FALSE || $sex == FALSE) $ERROR['incompleteForm'] = TRUE; if(strlen($user) < 4 || strlen($user) > 16 || checkString($user)==TRUE) $ERROR['userLength'] = TRUE; if(strlen($pass) < 4 || strlen($pass) > 16 || checkString($pass)==TRUE) $ERROR['passLength'] = TRUE; if($pass == $user) $ERROR['userLikePass'] = TRUE; if($sex != "M" && $sex != "F") $ERROR['invalidGender'] = TRUE; if(!eregi("^[^@]*@[^@]*\.[^@]*$", $email) || strlen($email) > 30) $ERROR['invalidEmail'] = TRUE; if(!isset($ERROR)) { SQL($MYSQL); $checkTaken = mysql_fetch_assoc(mysql_query("SELECT userid, email FROM `login` WHERE userid LIKE '" . mysql_real_escape_string($user) . "' OR email LIKE '" . mysql_real_escape_string($email) . "';")); if($checkTaken != FALSE) { if($checkTaken['userid'] == $user) $ERROR['userTaken'] = TRUE; if($checkTaken['email'] == $email) $ERROR['mailUsed'] = TRUE; } if(!isset($ERROR)) { if($USE_MD5 == TRUE) $pass = md5($pass); if(mysql_query("INSERT INTO `login` (userid, user_pass, sex, email, last_ip, lastlogin) VALUES ('" . mysql_real_escape_string($user) . "','" . mysql_real_escape_string($pass) . "','" . mysql_real_escape_string($sex) . "','" . mysql_real_escape_string($email) . "','" . $_SERVER['REMOTE_ADDR'] . "',NOW())")) echo $REGMSG; else { $ERROR['dbError'] = TRUE; printErrors($ERRORMSG, $ERROR); } } else printErrors($ERRORMSG, $ERROR); } else printErrors($ERRORMSG, $ERROR); // Reset captcha state $_SESSION['PASSKEY'] = FALSE; ?>Edited by NetsuLink to comment
Share on other sites
0 answers to this question
Recommended Posts