PHP Account Creation

[buddysievers]

hi again ^^
i wonder if someone can make a php script to create accounts from a website ?!

[PrBlahBlahtson]

The entire account creation process is easily viewable in the source for login server. It's fairly easy to read if you already know PHP, even though it's in C++.

[Melodina]

Create the login account or create the login account and the char at the same time?

[Roland]

The entire account creation process is easily viewable in the source for login server. It's fairly easy to read if you already know PHP, even though it's in C++.

I am VERY fluent in PHP, and I couldn't make heads or tails of the C++ method for account creation, due to a ridiculous encoding method.

[buddysievers]

is it not blowfished md5 or such thing ??

[bluekirby0]

I'm pretty sure that somewhere in the Custom Applications and Tools section someone has released a set of php tools for darkstar servers. Account creation might be in that. I know that Exor had account creation working but I do not know if he released his code.

[Robert]

Code: Select all

function createAccount($pUsername, $pPassword) { 
  // First check we have data passed in. 
  if (!empty($pUsername) && !empty($pPassword)) { 
    $uLen = strlen($pUsername); 
    $pLen = strlen($pPassword); 
     
    // escape the $pUsername to avoid SQL Injections 
    $eUsername = mysql_real_escape_string($pUsername); 
    $sql = "SELECT login FROM accounts WHERE login = '" . $eUsername . "' LIMIT 1"; 
 
    // Note the use of trigger_error instead of or die. 
    $query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error()); 
 
    // Error checks (Should be explained with the error) 
    if ($uLen <= 4 || $uLen >= 12) { 
      $_SESSION['error'] = "Username must be between 4 and 11 characters."; 
    }elseif ($pLen <= 6 || $pLen >= 12) { 
      $_SESSION['error'] = "Password must be between 7 and 11 characters."; 
    }elseif (mysql_num_rows($query) == 1) { 
      $_SESSION['error'] = "Username already exists."; 
    }else { 
      // All errors passed lets 
      // Create our insert SQL by hashing the password and using the escaped Username. 
      $sql = "INSERT INTO accounts (`login`, `password`) VALUES ('" . $eUsername . "', PASSWORD('$pPassword') );"; 
       
      $query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error()); 
       
      if ($query) { 
        return true; 
      }   
    } 
  } 
   
  return false; 
} 

[Pseudonym]

I'll take snippets out of mine, you'll get the example from it.

$add = mysqli_query($con,"INSERT INTO accounts (id, login, password) VALUES ('DEFAULT', '$user' ,PASSWORD('$pass')) ") or die("Can't Insert! ");

All you really need is, a register script in PHP that works, easy to find over the internet, host it.

I made a few adjustments to the previous line to have it work with my SQL server.

Originally I had my 'id' as something else, I can't remember, All I remember is when it was what it was, it didn't work.
My solution to that was to have the ID as PK(Primary Key), Not Null, Unsigned and Auto Incremented and it's default value as nothing, auto increment will be a real vital point to this, as when it registers the account, it selects the next ID up from the latest.


And about the '$user', I can't really explain, usually when it calls for this selecting a db field, make sure it looks in the right direction.
EG: "$query = mysqli_query($con,"SELECT * FROM accounts WHERE login = '$user'")"

The password was the most annoying point for me, thanks for the Site Admins for clarifying this with me...
If you tried it with the usual "INSERT INTO accounts (id, login, password) VALUES ('DEFAULT', '$user' ,'$pass')", it would store the password that was inputted by the registering user, and without it being hashed, therefore, no user logging in on the client could use those credentials.

Although, if you used the"('DEFAULT', '$user' ,PASSWORD('$pass'))", it would has the inputted password the way that SQL stores databases, and If you got it set-up perfect to register, you can use these credentials on the client, I can't talk much on Logging-in with them as I have not worked on a login-script yet.

[atom0s]

If you are using $user directly from the $POST data, you are leaving your site vulnerable to SQL injection.