[RELEASE] Secure PHP Web Registration Script

[abrasive]

This is technically obsolete now, and I'd recommend using .

This is a secure registration script meant for Shaiya private servers.

I noticed a lot of private servers were using sandolkakos's registration script, which is very dangerous since it is vulnerable to SQL injection.

Ideally your UserUID column in the table PS_UserData.dbo.Users_Master should be set to auto-increment. If this is not the case, you will need to adjust this script, or ideally fix your database, to accommodate this.

You may need to modify the $sql variable in register.php to fit your database before this script will work.

I commented these scripts fairly verbosely, so please read the comments! They are meant to tell you useful stuff.

There are seven scripts you will need to make this work:
register.php (Edit the SQL in this file if needed)
register.view.php (Re-style the display in this file)
success.view.php (Re-style the success page in this file)
db.php
db.config.php (Edit this file with your personal database credentials)
recaptchalib.config.php (Edit this file with your personal reCAPTCHA key)
recaptchalib.php (From Google: )

Here are the files, which also includes the files for . You should remove the password change files if you do not wish for users to be able to change their password.

[IonutTheDawg]

how do i set UserUID to auto-increment?

[abrasive]

Quote:

Originally Posted by IonutTheDawg

how do i set UserUID to auto-increment?

1. Open SQL Server Management Studio.
2. Navigate in Object Explorer to the [PS_UserData].[dbo].[Users_Master] table.
3. Now would be a good time to back up your Users_Master table and/or database, especially if you are doing this on a live server.
4. Right-click on the Users_Master table and select Design.
5. Highlight UserUID, and look inside the Column Properties section at the bottom of the interface for Identity Specification.
6. Expand Identity Specification, and change (Is Identity) to Yes. Identity Increment and Identity Seed should change to 1 automatically when you do this.
7. Press Ctrl + S to save.


If you get an error similar to this:


Go to Tools -> Options and uncheck "Prevent saving changes that require table recreation."

[shinru2004]

Quote:

Originally Posted by abrasive

<script type="text/javascript">var RecaptchaOptions = {theme:'clean'};</script>

Dont forget to include the fact that you can change the recaptcha theme for those that dont know how
here is a link to the page with the different themes just replace clean within the line posted above with the new theme name

[treica]

why dont work to change it to yes ?it are still disabled

[abrasive]

Quote:

Originally Posted by treica

why dont work to change it to yes ?it are still disabled

It's not clear to me what you are asking. Can you explain in detail what you are trying to do and what you have already tried?

[zargon05]

I think he is having trouble with auto-increment on UserUID coloumn.

[Alladrios]

Hello,

Im having a problem also with the auto increment on UserUID column, it wont let me save the (Is Identity) to "yes" for some reason. If i allow nulls i can create an account though but of course it has no UserUID.

Any idea?

[abrasive]

Quote:

Originally Posted by Alladrios

Hello,

Im having a problem also with the auto increment on UserUID column, it wont let me save the (Is Identity) to "yes" for some reason. If i allow nulls i can create an account though but of course it has no UserUID.

Any idea?

I forgot if you already have data in the table sometimes it won't allow you to change that. To get around this restriction you can create a new table with the Is Identity set. I'll call it Users_Master2 for this example.

First you will need to allow IDENTITY_INSERT on your Users_Master2 table, so you can preserve your current UserUID's when inserting your old data.

Then you'll need do a SELECT INSERT style statement to copy your data from Users_Master to Users_Master2.

Finally you need to turn IDENTITY_INSERT back off for Users_Master2.

The SQL should look something like this:

Code:

SET IDENTITY_INSERT [PS_UserData].[dbo].[Users_Master2] ON

INSERT INTO [PS_UserData].[dbo].[Users_Master2]
(
	[UserUID]
	,[UserID]
	,[Pw]
	,[CreatedDate]
	,[JoinDate]
	,[Admin]
	,[AdminLevel]
	[all the rest of YOUR column names...]
)
SELECT
	[UserUID]
	,[UserID]
	,[Pw]
	,[CreatedDate]
	,[JoinDate]
	,[Admin]
	,[AdminLevel]
	[all the rest of YOUR column names...]
FROM [PS_UserData].[dbo].[Users_Master]

SET IDENTITY_INSERT [PS_UserData].[dbo].[Users_Master2] OFF

*I changed a ton of column names in my Users_Master table and I don't have the original handy, so you'll have to provide your own column name list. An easy way to get the list is right-click on the table and choose "Select Top 1000 Rows". Cut and past the the column names from the generated SQL statement.

Now rename Users_Master to Users_Master3, and rename Users_Master2 to Users_Master.

You should now have Is Identity set on your Users_Master, will all your old data present

I did this so long ago that I totally forgot I had to do it that way.

[Alladrios]

Well im trying on a clean usermaster (Test server, clean DB, Truncated char/account tables etc), I tested re creating the UserMaster table setting (IS indentity) to yes on UserUID but then it's the column RowID that doesnt wanna autoincrement. I tried to set them both with (IS indentity) on yes but it wont let me have this settings for both UserUID and RowID.

Only way i could insert data successfuly in the DB through the script is when i allow nulls on UserUID. I must be missing something.

The person co-owning the server with me cant help me at the moment, so i could use some help on setting this registration up.

Thanks again Abrasive and Zargon.

Code:

Warning: mssql_query() [function.mssql-query]: message: Cannot insert the value NULL into column 'RowID', table 'PS_UserData.dbo.Users_Master'; column does not allow nulls. INSERT fails. (severity 16) in C:\xampp\htdocs\register.php on line 80

Warning: mssql_query() [function.mssql-query]: Query failed in C:\xampp\htdocs\register.php on line 80

That's the error i get when auto increment is set on UserUID.

Re-Edit:
I allowed nulls on RowID and i can create an account. I was wondering how useful RowID is, Maybe i could just keep it that way.

[abrasive]

I set the UserUID column as the primary key, and set it to Identity (auto increment). After that I deleted the RowID column because it is not needed when there is already a primary key in the table, nor is it referenced in any stored procedures.

Alternatively you could allow nulls in RowID, or give RowID a default value, if you didn't want to delete RowID.

You are not allowed to set multiple columns in the same table as Identity.

[Alladrios]

Thanks a lot for the clarification, much appreciated. And thanks also for your script, it's gonna be a life saver right now.

[ProfNerwosol]

How about Guilds table? There's RowID as well and next GuildID is set similar to how UserUID was. Do you think RowID can be dropped and GuildID changed to Identity, Abrasive?

[abrasive]

Quote:

Originally Posted by ProfNerwosol

How about Guilds table? There's RowID as well and next GuildID is set similar to how UserUID was. Do you think RowID can be dropped and GuildID changed to Identity, Abrasive?

That's how mine is set, however I don't think I've tried to create a guild since I made the change. I think it is likely to work that way, but be careful.

[abrasive]

I tested guild creation after I removed the RowID from the Guild table and set GuildID to be the Identity column.

I was able to successfully create a guild, and see that it properly created it in the database. I restarted the server and logged in some toons from that guild and did not notice any side effects. Also GRB was successfully run multiple times with that change.

I don't think that change could affect anything other than guild creation anyways.

Quote:

Originally Posted by EarthCrush

Hey! Don't break my db.... :'(

I only changed almost every table, and every database, hopefully for the better