What / where do I add code(s) to stop this form from being vulnerable from MySQL injection and other attacks?
Sorry for asking for so much help, this is all "firsts" for me, so I need assistance. Thankyou ever so much for your help. 🙂
<?php
include ("/home/brentone/includes/global_header.php");
if ($_GET['act'] == "agree") {
echo "
<center>Please enter registration details, <b>all</b> fields are required. <br /><form action='register.php?act=submit' method='post'>
<table><tr><td>Username:</td> <td><input type='text' name='username' maxlength='15'></input></td></tr>
<tr><td>Password:</td> <td><input type='password' name='password' maxlength='12'></input></td></tr>
<tr><td>Verify Password:</td> <td><input type='password' name='password_verify' maxlength='12'></input></td></tr>
<tr><td>Email:</td> <td><input type='text' name='email' maxlength='200'></input></td></tr>
<tr><td>Gender:</td> <td><select name=gender>
<option value=Male>Male</option>
<option value=Female>Female</option>
</select></td></tr></table>
";
echo "By registering an account with us,<br /> you are agreeing to the <a href=terms.php>Terms and Conditions</a>.<br>
<input type=submit value=Register>
</form></center>
";
} else if ($_GET['act'] == "submit") {
// Get the registration shiz from the form
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
$password_verify = stripslashes($_POST['password_verify']);
$email = stripslashes($_POST['email']);
$gender = stripslashes($_POST['gender']);
// Check for empty fields
if (empty($username) || empty($password) || empty($password_verify) || empty($email))
{
die ("<center><b>Error:</b> Please fill in everything on the form, all fields are required.</center>");
}
// Check that the username is a valid one
if(preg_match('/\W/', $username)) {
die ("<center><b>Error:</b> That does not look like a valid username! You can only have numbers (0-9), letters (a-z) and underscores (_) in your username! Please hit the back button in your browser and fix this error.</center>");
}
// Check that verified password matches
while ($password != $password_verify) {
die ("<center><b>Error:</b> The passwords you entered do not match, please hit the back button in your browser and fix this error.</center>");
}
// Make sure the email is a valid one
if (!(ereg ("^.+@.+\..+$", $email)) ) {
die ("<center><b>Error:</b> $email does not look like a valid email address, please hit the back button in your browser and fix this error.</center>");
}
// Make sure the username doesn't start with a number or underscore
if (preg_match('/^[0-9,_]/',$username)) {
die ("<b>Error:</b> The username you entered is invalid. Usernames must start with a letter (a-z), you can only have underscores or numbers after the first character.<br> <b>Incorrect Example:</b>: _0yourname, 0yourname<br><b>Correct Example:</b>y0_urname.");
}
// Make sure username is unique, not already taken
$sql = "select * from users where username like '" .
mysql_real_escape_string($username) . "'";
$res =mysql_query($sql);
if(mysql_num_rows($res) > 0) {
// user name already taken
die ("<center><b>Error:</b> That username is already taken, please go back and chose another!");
}
// Make sure email is unique, not already taken
$sql = "select * from users where email like '" .
mysql_real_escape_string($email) . "'";
$res =mysql_query($sql);
if(mysql_num_rows($res) > 0) {
// user name already taken
die ("<center><b>Error:</b> You or someone else has already registred an account with that email address, please go back and enter a different email address.");
}
// Now send the registration email
$from = "accounts@nordaea.com";
$subject = "Account activation: $username";
$headers = "MIME-Version: 1.0\r\n";
$headers = "From: Nordaea<$from>\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$msg = "Hello $username, you have succesfully registered an account at Nordaea! To start playing all you need to do is <a href=http://nordaea.com/login.php>login</a> with your username and passowrd: <br><br>";
$msg .= "<center><b>Your username:</b>$username <br><b>Your Password:</b> $password</center>";
$msg .= "Thankyou once again for registering with Nordaea!<br><br>Sincerely,<br>Nordaea.com staff.";
//Send it
if (mail($email, $subject, $msg, $headers)); // if success
{
// Register the user!
$q = "INSERT into users (id, username, password, email, nD, acctype, gender, joindate, IP)
VALUES ('', '$username', '$password', '$email', 5000, 'member', '$gender', now(), '$ip' )";
$rs = mysql_query($q) or die (mysql_error());
if ($rs) {
echo "Congratulations, and thank you! You may now proceed to <a href=login.php>login</a> and start playing Nordaea! Also, for future reference your username and password has been sent to the e-mail address you provided.";
}
}
} else {
echo <<<END
<form action="register.php?act=agree" method="post">
<input type="hidden" name="act" value="agree"><center><table><tr><td><center><b>Register an account at Nordaea!</b><br />
Welcome to Nordaea! Before you register please take a few moments to read the <a href=terms.php>Terms and Conditions</a>, and also the <a href=privacy.php>Privacy Policy</a>.<br>
Please note: You are entitled to <i>one account</i> per person, this is to deter cheating and promote fairness within the game. If you have ever registered previously with Nordaea then you are not permitted to register again. If there are other people in your household who would like their own account with Nordaea this is permitted, however, you must contact a User Administrator first, information regarding accounts, their use, and so forth can all be found in the Terms and Conditions.<br><input type="submit" value="I agree to the terms, am 13+ years of age (and/or have parental consent)"></center></td></tr></table></center>
</form>
END;
}
include ("/home/brentone/includes/global_footer.php");
?>
