Version 1.1
Fixes:
- Added password confirmation box to eqreg.php and the logic to support it to insert.php
- The script now emails the user as well as the admin so the user gets a confirmation. ** Make sure you change the Bcc: address to your email address. **
- Updated error handling so all errors have a link to direct the user back to the main eqreg.php page to try again.
The code:
eqreg.php
Code:
<!-- EQEMu SVN Loginserver PHP Account Registration Page - By: Cubber -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict/EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>EQEmu SVN Loginserver Account Registration Page</title>
<meta name="description" content="EQEmulator SVN Loginserver Account Registration Page.">
</head>
<body>
<h1>EQ Registration Form</h1>
<p>Please fill out the form below to create a new account.</p>
<br />
<form method="post" action="insert.php">
Username: <i>(Max 16 chars)</i><br />
<input name="username" type="text" id="username" maxlength="16" />
<br /><br />
Password: <i>(Max 16 chars)</i><br />
<input name="pw" type="password" id="pw" maxlength="16" />
<br /><br />
Confirm Password: <i>(Max 16 chars)</i><br />
<input name="cpw" type="password" id="cpw" maxlength="16" />
<br /><br />
Email:<br />
<input name="email" type="text" id="email" maxlength="50" />
<br /><br />
<br />
<input name="Submit" type="submit" value="Create Account" />
</form>
<br />
</body>
</html>
insert.php
Code:
<!-- EQEMu SVN Loginserver PHP Account Registration Page - By: Cubber -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict/EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>>EQEmu SVN Loginserver Account Registration Page</title>
<meta name="description" content="EQEmulator SVN Loginserver Account Registration Page.">
<head>
<body>
<p>
<?php
$DB_ADDY = "localhost"; //address:port for the MySQL server
$DB_USER = "eqemu"; //username to login to MySQL with
$DB_PASS = "eqemu"; //password to login to MySQL with
$DB_DB = "peq"; //database name to use "peq" for default installation
$user = $_POST['username'];
$pass = $_POST['pw'];
$cpass = $_POST['cpw'];
$acct_email = $_POST['email'];
$headers = 'Bcc: admin@somewhere.com' . "\r\n";
$sendto = $acct_email;
$subject = "New EQ Account Created";
$message = "Your new account has been created on the EQEmulator Server. Account details:\n email: $acct_email\n username: $user\n password: $pass\n";
function error_s($text)
{
echo("<p>" . $text);
};
$user_chars = "#[^a-zA-Z0-9_\-]#";
$email_chars = "/^[^0-9][A-z0-9_]+([.][A-z0-9_]+)*[@][A-z0-9_]+([.][A-z0-9_]+)*[.][A-z]{2,4}$/";
if ( !isset($_POST['username']) || !isset($_POST['pw']) || !isset($_POST['cpw']) || !isset($_POST['email']) )
{
echo "User/Pass/Email not passed. Click <a href=eqreg.php>here</a> and try again.";
return;
}
$con = @mysql_connect($DB_ADDY, $DB_USER, $DB_PASS);
if (!$con)
{
error_s("Unable to connect to database: " . mysql_error());
};
if (!empty($_POST))
{
if ((empty($_POST["username"]))||(empty($_POST["pw"]))||(empty($_POST["cpw"]))||(empty($_POST["email"])) )
{
error_s("You did not enter all the required information. Click <a href=eqreg.php>here</a> and try again.");
exit();
}
else
{
$username = ($_POST["username"]);
$pw = ($_POST["pw"]);
$cpw = ($_POST["cpw"]);
$email = ($_POST["email"]);
if (strlen($username) < 5)
{
error_s("Username too short. Click <a href=eqreg.php>here</a> and try again.");
exit();
};
if (strlen($username) > 16)
{
error_s("Username too long. Click <a href=eqreg.php>here</a> and try again.");
exit();
};
if (strlen($pw) < 6)
{
error_s("Password too short. Click <a href=eqreg.php>here</a> and try again.");
exit();
};
if (strlen($pw) > 16)
{
error_s("Password too long. Click <a href=eqreg.php>here</a> and try again.");
exit();
};
if (strlen($cpw) < 6)
{
error_s("Password too short. Click <a href=eqreg.php>here</a> and try again.");
exit();
};
if (strlen($cpw) > 16)
{
error_s("Password too long. Click <a href=eqreg.php>here</a> and try again.");
exit();
};
if (strlen($email) < 10)
{
error_s("Email was too short. Click <a href=eqreg.php>here</a> and try again.");
exit();
};
if (strlen($email) > 50)
{
error_s("Email was too long. Click <a href=eqreg.php>here</a> and try again.");
exit();
};
if (preg_match($user_chars,$username))
{
error_s("Username contained illegal characters. Click <a href=eqreg.php>here</a> and try again.");
exit();
};
if (preg_match($user_chars,$pw))
{
error_s("Password contained illegal characters. Click <a href=eqreg.php>here</a> and try again.");
exit();
};
if (preg_match($user_chars,$cpw))
{
error_s("Password contained illegal characters. Click <a href=eqreg.php>here</a> and try again.");
exit();
};
if (!preg_match($email_chars,$email))
{
error_s("Email was in an incorrect format. Click <a href=eqreg.php>here</a> and try again.");
exit();
};
if ($pw != $cpw)
{
error_s("Passwords do not match! Click <a href=eqreg.php>here</a> and try again.");
exit();
}
$username = mysql_real_escape_string($username);
$pw = mysql_real_escape_string($pw);
$email = mysql_real_escape_string($email);
$qry = @mysql_query("select AccountName from " . mysql_real_escape_string($DB_DB) . ".tblLoginServerAccounts where AccountName = '" . $username . "'", $con);
if (!$qry)
{
error_s("Error querying database: " . mysql_error());
};
if ($existing_username = mysql_fetch_assoc($qry))
{
foreach ($existing_username as $key => $value)
{
$existing_username = $value;
};
};
$existing_username = ($existing_username);
if ($existing_username == ($_POST['username']))
{
error_s("That username is already taken. Click <a href=eqreg.php>here</a> and try again.");
exit();
};
unset($qry);
$sha_pass_hash = sha1(($pw));
$register_sql = "insert into " . mysql_real_escape_string($DB_DB) . ".tblLoginServerAccounts (AccountName,AccountPassword,AccountEmail) values ('" . $username . "','" . $sha_pass_hash . "','" . $email . "')";
$qry = @mysql_query($register_sql, $con);
if (!$qry)
{
error_s("Error creating account: " . mysql_error());
}
else
{
mail($sendto, $subject, $message, $headers);
echo("Your account was successfully created!");
}
exit();
};
}
else
{
echo($page);
};
?>
</p>
</body>
</html>