[PHP] Automatically Registration User

First of all, Happy new year to everybody!!!

Well, now if I want to create an account in my realm I must use the “console” (in the worldserver.exe window) using:

account create name pass

but if I want to make a simple form that allows to insert the name of the account and the password, without the action of Admin…

is it possible??? If yes, how??

thanks a lot

P.S. searching in the forum, I have finde this post… my question’s answer is there?? thanks

Config:

[CODE]<?php

$port = “3306”;

$host = “”;

$user = “”;

$pass = “”;

$characters = “”;

$auth = “”;

$cod = ‘utf8’;

?>[/CODE]

Register

[CODE]<?php

$realmd = array(

‘db_host’=> ‘localhost’, // Host IP

‘db_username’ => ‘root’, // Database login-name

‘db_password’ => ‘mangos’, // Database login-pass

‘db_name_realm’=> ‘realmd’, // Database name of realm

);

function check_for_symbols($string)

{

$len=strlen($string);

$allowed_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

for($i=0;$i<$len;$i++)if(!strstr($allowed_chars,$string[$i]))

    return TRUE;

return FALSE;

}

function sha_password($user,$pass)

{

$user = strtoupper($user);

$pass = strtoupper($pass);

return SHA1($user.':'.$pass);

}

if ($realmd[db_host] != “” && $realmd[db_username] != “” && $realmd[db_password] != “” && $realmd[db_name_realm] != “”)

{

$new_connect = mysql_connect($realmd[db_host],$realmd[db_username],$realmd[db_password]);

if ($new_connect)

    $selectdb = mysql_select_db($realmd[db_name_realm],$new_connect);

else

{

    echo "Could NOT connect to db: Configs (Name/Pass/Port/IP) are incorrect";

    die;

}


if ($new_connect && !$selectdb)

{

    echo "Could NOT connect to db: Database does not exist!";

    die; 

}


if ($_POST['registration'])

{

    $username = $_POST['username'];

    $password = sha_password($username,$_POST['password']);

    $expansionnumber = $_POST['expansion'];


    $check_username = mysql_query("SELECT username FROM `account` WHERE username='$username'");

    if ($username == "")

    {

        echo "Field username is empty!";

    }

    else if ($password == "")

    {

        echo "Field password is empty!";

    }

    else if (check_for_symbols($_POST[password]) == TRUE)

    {

        echo "Error with creating account: password has invalid symbols in it.";

    }

    else if (check_for_symbols($username) == TRUE)

    {

        echo "Error with creating account: username has invalid symbols in it.";

    }

    else if (mysql_num_rows($check_username) != 0)

    {

        echo "Error with creating account: name is already in use.";

    }

    else

    {

        $username = mysql_real_escape_string($username);

        mysql_query("INSERT INTO account (username,sha_pass_hash,expansion) VALUES

(‘$username’,‘$password’,‘$expansionnumber’)");

        if (mysql_error)

            echo mysql_errno($new_connect) . ": " . mysql_error($new_connect). "\n";

        else

        {

            echo "Account created.";

            mysql_close($new_connect);

        }

    }

}

else

{

    ?>

    <html>

    <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">

    Username <input type="text" name="username">

    Password <input type="password" name="password">

    Expansion Selection<select name="expansion">

        <option value="1">Vanilla</option>

        <option value="2">TBC</option>

        <option value="3">WotLK</option>

    </select>

    <input type="submit" name="registration">

    </form>

    </html>

    <?php

}

}

else

echo "Config file either not present or connection variables are empty";

?>[/CODE]

ahh, well… so, if I create a webpage with this code (edited in the part of connection), the user can register in my realm??

but this code run only on the machine where there are the databases… there is a way that allows to insert this code in a website that run on another computer not in LAN with the same??

thanks a lot

You should be able to replace host with the hostname or IP of your database.

So

host = "";

Should be

host = "YOUR DATABASE HOSTNAME/IP HERE";

mmm ok, but the site is on a domain… /emoticons/default_biggrin.png I’ve paid for it… I must insert the IP of the host??

thanks

You should be able to. Most webhosts set MySQL to respond on the Domain as well as the IP.

Try setting GameType = 1 to GameType = 5 in the worldserver.conf says something about create any at login (I assume you’ll enter ah name and password, if it doesn’t exist in the database it would be created.

well, I had insert in my site this (only this, index.php):

[CODE]

<?php $realmd = array( 'db_host'=> 'x.x.x.x:80', // Host IP --> is the IP of the server 'db_username' => 'root', // Database login-name 'db_password' => 'password', // Database login-pass 'db_name_realm'=> 'auth', // Database name of realm ); function check_for_symbols($string) { $len=strlen($string); $allowed_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; for($i=0;$i<$len;$i++)if(!strstr($allowed_chars,$string[$i])) return TRUE; return FALSE; } function sha_password($user,$pass) { $user = strtoupper($user); $pass = strtoupper($pass); return SHA1($user.':'.$pass); } if ($realmd[db_host] != "" && $realmd[db_username] != "" && $realmd[db_password] != "" && $realmd[db_name_realm] != "") { $new_connect = mysql_connect($realmd[db_host],$realmd[db_username],$realmd[db_password]); if ($new_connect) $selectdb = mysql_select_db($realmd[db_name_realm],$new_connect); else { echo "Impossibile contattare il DB: la configurazione (Name/Pass/Port/IP) e' incorretta"; die; } if ($new_connect && !$selectdb) { echo "Impossibile connettersi al database: il database non esiste!"; die; } if ($_POST['registration']) { $username = $_POST['username']; $password = sha_password($username,$_POST['password']); $expansionnumber = $_POST['expansion']; $check_username = mysql_query("SELECT username FROM `account` WHERE username='$username'"); if ($username == "") { echo "Il campo username e' vuoto!"; } else if ($password == "") { echo "Il campo password e' vuoto!"; } else if (check_for_symbols($_POST[password]) == TRUE) { echo "Errore nella creazione dell'account: la password contiene simboli non consentiti."; } else if (check_for_symbols($username) == TRUE) { echo "Errore nella creazione dell'account: l'username contiene simboli non consentiti"; } else if (mysql_num_rows($check_username) != 0) { echo "Errore nella creazione dell'account: l'username e' gia' in uso"; } else { $username = mysql_real_escape_string($username); mysql_query("INSERT INTO account (username,sha_pass_hash,expansion) VALUES ('$username','$password','$expansionnumber')"); if (mysql_error) echo mysql_errno($new_connect) . ": " . mysql_error($new_connect). "\n"; else { echo "Account creato!."; mysql_close($new_connect); } } } else { ?>

    <html>

    <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">

    Username <input type="text" name="username">

    Password <input type="password" name="password">

    Espansione<select name="expansion">

        <option value="1">Vanilla</option>

        <option value="2">TBC</option>

        <option value="3">WotLK</option>

    </select>

    <input type="submit" name="registration">

    </form>

    </html>

    <?php

}

}

else

echo "Il file di configurazione non e' presente oppure i campi di registrazione sono vuoti";

?>[/CODE]
but if I try to view the page:

attachment deleted for containing the a link to the server

why???

thanks a lot…

I don´t think that this is correct for your maschine

‘db_host’=> ‘x.x.x.x:80’

The mysql port is 3306

but there is no need to add the port to db_host

the ip, localhost or 127.0.0.1 is enough.

I think u need more basics about mysql and php

if the php script is hosted on a different machine from the one that has the databases and you are using you don’t need to put the ip with :80 in the end, try without the :80 and if it didn’t work try with :3306 since that’s the port used for mysql though as mentioned above i think having the ip alone is enough

I’ve tryed to put the IP without the port 80 and also with 3306 but nothing… The same error message…

what I can do?

thanks a lot

Depends on where it’s being hosted from, often times if you are paying for apache hosting from a company, they don’t allow outbound connections. For instance lets say I wanted to buy a domain and register it through www.fatcow.com, they wouldn’t allow customers to make connections between a database server that isn’t local to their hosting company (Trust me I’ve tried). I called them after hours frustration to find out, my code was fine their hosting is crap. Just something to consider before hosting your site not locally to your realm.

Cheers.

No … No, no, no… Learn to read thank you…

It’s realm zone-handling, and handles ALLOWED ALPHABETS, do NOT mix the gametype settings into that.

Obviously I never bothered learning to read.

Hi

any new php script around with the new role system ? ( RegisterPage )

cya

betaman

@Betaman2k, provided you had a registration system that worked before RBAC was implemented, all you need to do is incorporate the rbac_account_groups table when you create a new user entry (i.e., account, group 1, realmId -1)

However, SOAP provides a very clean and efficient way to circumvent dealing with the DB at all, and most would recommend you use that (and let the core update the necessary tables) instead of manual account creation.

Also, I would not use the most recent script posted here as it contains multiple avenues for SQL injection. If you’re going to take the manual account approach, you should definitely consider PDO and prepared statements to handle all INSERT queries.