vumpler
05-22-2006, 11:51 PM
Hi everyone,
I'm new to the community and plan to be a long time active member! I have a question though with this php script we've got. It's for a game out there and its the account creator. We need a way to limit the accounts being made to letters a-z and number 0-9. The problem is people are using these мя letters and its making the accounts buggy. Here is my code:
<?php
switch($_REQUEST['do']){;
default:
nothing();
break;
case "validate":
validate($_POST['username'], $_POST['email']);
break;
}
function nothing() {
exit();
}
function validate($username, $email) {
//-------------------------------------
// FILE PATHS
// EDIT HERE
//-------------------------------------
$acct = "C:\sphere\accounts\sphereacct.scp";
$accu = "C:\sphere\accounts\sphereaccu.scp";
// do they enter all the feilds?
if((!$username) || (!$email)){
echo '<script language="Javascript">alert ("Please Enter All Feilds")</script>';
include("index.html");
exit();
}
// check the username for bad chars
if(eregi("[\\]|\[|\]|\?",$username)){
echo '<script language="Javascript">alert ("Bad characters in username")</script>';
include("index.html");
exit();
}
// check the username for bad Entries
if(($username == "eof") || ($username == "EOF") || ($username == "Administrator") || ($username == "admin") || ($username == ".") || ($username == "update")){
echo '<script language="Javascript">alert ("Username Not Allowed")</script>';
include("index.html");
exit();
}
// check email
if (eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,6}$", $email)) {
// Pass
// search account files for matches
$accucontents = file_get_contents($accu);
$acctcontents = file_get_contents($acct);
$findaccuemail = stripos($accucontents, $email);
$findaccuuser = stripos($accucontents, $username);
$findacctemail = stripos($acctcontents, $email);
$findacctuser = stripos($acctcontents, $username);
if ($findaccuemail === false) {
//PASS
if ($findacctemail === false) {
//PASS
if ($findaccuuser === false) {
//PASS
if ($findacctuser === false) {
//PASS and ready to fly
crunch($username, $email, $acct);
} else {
echo '<script language="Javascript">alert ("Username already in use")</script>';
include("index.html");
exit();
}
} else {
echo '<script language="Javascript">alert ("Username already in use")</script>';
include("index.html");
exit();
}
} else {
echo '<script language="Javascript">alert ("Email already in use")</script>';
include("index.html");
exit();
}
} else {
echo '<script language="Javascript">alert ("Email already in use")</script>';
include("index.html");
exit();
}
// Convert the username and email to their strings for the account files
} else {
echo '<script language="Javascript">alert ("Bad Email")</script>';
include("index.html");
exit();
}
}
function random_password() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
function crunch($username, $email, $acct) {
$password = random_password();
//$username = "[".$username."]";
//$email = "EMAIL=".$email;
//$entry = "\n".$username."\n".$password."\n".$email."\n";
if (is_writable($acct)) {
if (!$handle = fopen($acct, 'a')) {
echo "Cannot open acct file";
exit;
}
fwrite($handle, "\n[".$username."]\n");
fwrite($handle, "password=".$password."\n");
fwrite($handle, "EMAIL=".$email."\n");
echo "Success, your password has been emailed to ".$email;
$to = 'nobody@example.com';
$subject = 'Welmcome to Old Novus Opiate';
$message = 'Welcome to old Novus opiate, your password is ' . $password;
$headers = 'From: noreply@oldnovusopiate.com' . "\r\n" .
'Reply-To: noreply@oldnovusopiate.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
fclose($handle);
} else {
echo "acct file not writeable";
}
}
?>
Thanks guys. if you have any questions please don't hesitate to ask.
I'm new to the community and plan to be a long time active member! I have a question though with this php script we've got. It's for a game out there and its the account creator. We need a way to limit the accounts being made to letters a-z and number 0-9. The problem is people are using these мя letters and its making the accounts buggy. Here is my code:
<?php
switch($_REQUEST['do']){;
default:
nothing();
break;
case "validate":
validate($_POST['username'], $_POST['email']);
break;
}
function nothing() {
exit();
}
function validate($username, $email) {
//-------------------------------------
// FILE PATHS
// EDIT HERE
//-------------------------------------
$acct = "C:\sphere\accounts\sphereacct.scp";
$accu = "C:\sphere\accounts\sphereaccu.scp";
// do they enter all the feilds?
if((!$username) || (!$email)){
echo '<script language="Javascript">alert ("Please Enter All Feilds")</script>';
include("index.html");
exit();
}
// check the username for bad chars
if(eregi("[\\]|\[|\]|\?",$username)){
echo '<script language="Javascript">alert ("Bad characters in username")</script>';
include("index.html");
exit();
}
// check the username for bad Entries
if(($username == "eof") || ($username == "EOF") || ($username == "Administrator") || ($username == "admin") || ($username == ".") || ($username == "update")){
echo '<script language="Javascript">alert ("Username Not Allowed")</script>';
include("index.html");
exit();
}
// check email
if (eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,6}$", $email)) {
// Pass
// search account files for matches
$accucontents = file_get_contents($accu);
$acctcontents = file_get_contents($acct);
$findaccuemail = stripos($accucontents, $email);
$findaccuuser = stripos($accucontents, $username);
$findacctemail = stripos($acctcontents, $email);
$findacctuser = stripos($acctcontents, $username);
if ($findaccuemail === false) {
//PASS
if ($findacctemail === false) {
//PASS
if ($findaccuuser === false) {
//PASS
if ($findacctuser === false) {
//PASS and ready to fly
crunch($username, $email, $acct);
} else {
echo '<script language="Javascript">alert ("Username already in use")</script>';
include("index.html");
exit();
}
} else {
echo '<script language="Javascript">alert ("Username already in use")</script>';
include("index.html");
exit();
}
} else {
echo '<script language="Javascript">alert ("Email already in use")</script>';
include("index.html");
exit();
}
} else {
echo '<script language="Javascript">alert ("Email already in use")</script>';
include("index.html");
exit();
}
// Convert the username and email to their strings for the account files
} else {
echo '<script language="Javascript">alert ("Bad Email")</script>';
include("index.html");
exit();
}
}
function random_password() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
function crunch($username, $email, $acct) {
$password = random_password();
//$username = "[".$username."]";
//$email = "EMAIL=".$email;
//$entry = "\n".$username."\n".$password."\n".$email."\n";
if (is_writable($acct)) {
if (!$handle = fopen($acct, 'a')) {
echo "Cannot open acct file";
exit;
}
fwrite($handle, "\n[".$username."]\n");
fwrite($handle, "password=".$password."\n");
fwrite($handle, "EMAIL=".$email."\n");
echo "Success, your password has been emailed to ".$email;
$to = 'nobody@example.com';
$subject = 'Welmcome to Old Novus Opiate';
$message = 'Welcome to old Novus opiate, your password is ' . $password;
$headers = 'From: noreply@oldnovusopiate.com' . "\r\n" .
'Reply-To: noreply@oldnovusopiate.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
fclose($handle);
} else {
echo "acct file not writeable";
}
}
?>
Thanks guys. if you have any questions please don't hesitate to ask.