<?php
echo '<table width="400" border="0" cellpadding="0" cellspacing="0" align="center">';
echo '<tr>';
echo '<td>';
ini_set("error_reporting", E_ALL & ~E_NOTICE);
include ("config.php");
if($_POST['act']=="Register") {
$id = htmlspecialchars($_POST['id']);
$password = htmlspecialchars($_POST['password']);
$password2 = htmlspecialchars($_POST['password2']);
$name = htmlspecialchars($_POST['name']);
$email = htmlspecialchars($_POST['email']);
$days = htmlspecialchars($_POST['days']);
$months = htmlspecialchars($_POST['months']);
$years = htmlspecialchars($_POST['years']);
$id = strip_tags($id);
$password = strip_tags($password);
$password2 = strip_tags($password2);
$name = strip_tags($name);
$email = strip_tags($email);
$days = strip_tags($days);
$months = strip_tags($months);
$years = strip_tags($years);
function anti_injection($string){
$string = str_ireplace(" or ", "", $string);
$string = str_ireplace("select ", "", $string);
$string = str_ireplace("delete ", "", $string);
$string = str_ireplace("create ", "", $string);
$string = str_replace("#", "", $string);
$string = str_replace("=", "", $string);
$string = str_replace("--", "", $string);
$string = str_replace(";", "", $string);
$string = str_replace("*", "", $string);
$string = trim($string);
$string = strip_tags($string);
$string = addslashes($string);
return $string;
}
// here I get all the data from the form
// and treatment all at once and now creates the corresponding variables
foreach ($_POST as $field => $amount) {
$field = anti_injection ($amount);
}
//There already exists ID
$selec = "SELECT * FROM account_data WHERE name='".$id."'";
$exec = mysql_query($selec, $connects) or die(mysql_error());
$total = mysql_num_rows($exec);
if($total>="1") {
echo "<center><font color=red>Účet s názvem".$id." již existuje zkuste prosím jiné.</font></center>";
} else {
if(empty($id) || empty($password) || empty($password2) || empty($name) || empty($email) || empty($days) || empty($months) || empty($years)) {
echo '<center><font color=red>Všechna pole jsou povinná !</font></center>';
} else {
//Getting IP
$ip = $_SERVER["REMOTE_ADDR"];
// Crypt password
$passwordsha = sha1($password, true);
$passwordcript = base64_encode($passwordsha);
//Game Registration Table
$qry = "INSERT INTO account_data (name, password, last_ip) VALUES ('$id','$passwordcript','$ip')" or die("Error in $qry");
$exe = mysql_query($qry, $connects) or print(mysql_error());
$data_register = date("Y-m-d H:i:s");
$birth = "$years-$months-$days";
//Custom Data Table
$qryp = "INSERT INTO personal_data (acc_id, name, email, data_register, birth)
VALUES ('$id','$name','$email','$data_register','$birth')" or die("Error in $qry");
$exep = mysql_query($qryp, $connects) or print(mysql_error());
echo "<center><font color=blue>Děkujeme za registraci nyní můžete hrát nezapoměňte si stáhnout launcher z naších stránek.</font></center>";
header("Refresh: 3; url=\"index.php\"");
} }
}
echo '<form method="post">';
echo '<table border="0" cellspacing="0" cellpadding="4">';
echo '<tr>';
echo '<td colspan="2" align="center" height="27"><strong>Registrace nového ůčtu</strong></td>';
echo '</tr>';
echo '<tr>';
echo '<td colspan="2" align="center"> </td>';
echo '</tr>';
echo '<tr>';
echo '<td align="right" style="width: 43%"><strong>Jméno:</strong></td>';
echo '<td style="width: 60%">';
echo '<input name="id" type="text" id="id" maxlength="11" value="';
$_POST['id']!='' ? print($_POST['id']) : print('');
echo '"> </td>';
echo ' </tr>';
echo ' <tr>';
echo ' <td align="right"><strong>Heslo:</strong></td>';
echo ' <td><input type="password" name="password" id="password" value="';
$_POST['password']!='' ? print($_POST['password']) : print('');
echo '"></td>';
echo ' </tr>';
echo ' <tr>';
echo ' <td align="right"><strong>Znova heslo:</strong></td>';
echo ' <td><input type="password" name="password2" value="';
$_POST['password2']!='' ? print($_POST['password2']) : print('');
echo '"></td>';
echo ' </tr>';
echo ' <tr>';
echo ' <td colspan="2" align="center"> </td>';
echo ' </tr>';
echo ' <tr>';
echo ' <td align="right"><strong>Vaše jméno:</strong></td>';
echo ' <td><input name="name" type="text" id="name" size="35" value="';
$_POST['name']!='' ? print($_POST['name']) : print('');
echo '"></td>';
echo ' </tr>';
echo ' <tr>';
echo ' <td align="right"><strong>E-mail:</strong></td>';
echo ' <td><input name="email" type="text" id="email" size="35" value="';
$_POST['email']!='' ? print($_POST['email']) : print('');
echo '"></td>';
echo ' </tr>';
echo ' <tr>';
echo ' <td align="right"><strong>Datum narození: pokud nechcete vyplňte falešné.</strong></td>';
echo ' <td><select name="days">';
for($i = 1; $i <= date("t"); $i++) {
$i==date("d") ? $amount = "selected" : $amount = "";
$i<=9 ? $zero = "0" : $zero = "";
echo "<option value='$zero$i' $amount>$zero$i</option>";
}
echo '</select>/';
$months = array("", "01", "02", "03", "04","05", "06", "07", "08","09", "10", "11", "12");
$date = date("m");
$date <= 9 ? $date = $date[1] : $date = $date;
echo '<select name="months">';
for($i = 1; $i <= count($months)-1; $i++) {
$i == $date ? $amount = "selected" : $amount = "";
echo "<option value='$months[$i]' $amount>$months[$i]</option>";
}
echo '</select>/';
echo '<select name="years">';
for($i = 1950; $i <= date("Y"); $i++) {
$i==date("Y") ? $amount = "selected" : $amount = "";
echo "<option value='$i' $amount>$i</option>";
}
echo '</select> </td>';
echo '</tr>';
echo '<tr>';
echo ' <td colspan="2" align="center"><label>';
echo ' <input type="submit" name="act" id="act" value="Registuj se" />';
echo ' </label></td>';
echo ' </tr>';
echo '</table>';
echo '</form>';
echo '</tr>';
echo '</table>';
?>
je to ale humus žádna ochrana a bordel a ntou tabulka personal data je pouze doplněk nepatří do základu