Hey guys, I've been playing around with this open source php game, I'm having problems with the registration system. For some reason the script is echoing back that there is no password in the password fields. When in fact there is:
Add_player.php:
<?php
session_start();
session_register("pid");
include("common.inc");
include("date.inc");
include("header.inc");
dbConnect();
$res = mysql_query("select id from $dbName.pdm_players where name=\"$name\"") or die(mysql_error());
if ($name == "" || $password1 == "")
{
echo "<center><div class=\"sheader\">Oh dear me!</div>
You have to actually enter a name and password!";
$name = "";
include("character_form.inc");
echo "</center>";
include("footer.inc");
return 0;
}
if ($name == $password1)
{
echo "<center><div class=\"sheader\">Oh dear me!</div>
You can't make the password the same as the name.
People will guess your password!";
include("character_form.inc");
echo "</center>";
include("footer.inc");
return 0;
}
if (strlen($password1) < 6)
{
echo "<center><div class=\"sheader\">Oh dear me!</div>
Passwords must be at least 6 characters, otherwise they are easy to guess!";
include("character_form.inc");
echo "</center>";
include("footer.inc");
return 0;
}
if (mysql_fetch_row($res))
{
echo "<center><div class=\"sheader\">Oh dear me!</div>
Player $name already exists, try a different name.";
$name = "";
include("character_form.inc");
echo "</center>";
include("footer.inc");
return 0;
}
if ($password1 != $password2)
{
echo "<center><div class=\"sheader\">Oh dear me!</div>";
echo "The two passwords didn't match - type carefully now!.";
include("character_form.inc");
echo "</center>";
include("footer.inc");
return 0;
}
echo "<div class=\"sheader\">Registration for $name successful</div>";
$cp = crypt($password1);
$dateArray = getdate(time());
$likeNowScoob = $dateArray["year"] . "-" . $dateArray["mon"] . "-" . $dateArray["mday"];
if ($character < 1 || $character > 9) { die("you are an idiot"); }
pdm_characters();
$res = mysql_query("select type from $dbName.pdm_characters where cid = $character") or die(mysql_error());
$t = mysql_fetch_row($res);
pdm_stuff();
$specRes = mysql_query("select sid from $dbName.pdm_stuff where sid >= 28 and sid <= 33 and type like \"%$t[0]%\"") or die(mysql_error());
$res = mysql_query("BEGIN") or die(mysql_error());
$res = mysql_query("insert into $dbName.pdm_players (name, used, dob, cpass, char_id, roundswon, evo, aWeapon, dWeapon) VALUES (\"$name\", 1, \"$likeNowScoob\", \"$cp\", $character, 0,0,0,0)") or die(mysql_error());
$res = mysql_query("select id from $dbName.pdm_players where name=\"$name\" for update") or die(mysql_error());
$row = mysql_fetch_row($res);
$pid = $row[0];
$res = mysql_query("insert into $dbName.pdm_league (id, highest, days_no_1, yesterday, longPoints) VALUES ($pid, 16777215, 0, 16777215, 0)") or die(mysql_error());
$res = mysql_query("insert into $dbName.pdm_stats (id, level, attack, defence, health, speed, exp, ko, healthpercent, fights) VALUES ($pid, 1, 100, 100, 100, 100, 0, 0, 10, 0)") or die(mysql_error());
$res = mysql_query("insert into $dbName.pdm_clanmembers2 (id, clanTag, applyTag, utype) VALUES ($pid, NULL, NULL, '')") or die(mysql_error());
$res = mysql_query("insert into $dbName.pdm_money (id, bank, wallet, bankdate) VALUES ($pid, 0,0, '0000-00-00')") or die(mysql_error());
while ($row = mysql_fetch_row($specRes))
{
$res = mysql_query("insert into $dbName.pdm_specials (id, sid, qty, switch) values ($pid, $row[0], 0, 1)") or die(mysql_error());
}
$res = mysql_query("COMMIT") or die(mysql_error());
session_register("playerName");
$playerName = stripper($name);
echo "<P><diV>Welcome $playerName, click the Fight link down the left to fight your first opponent.</div>";
include("main_screen.inc");
include("footer.inc");
?>
Character_form.inc:
<center>
<form method="post" action="add_player.php">
<P>
<table cellpadding="0" cellspacing="0"><tr><td align="center">
<?php
dbConnect();
pdm_characters();#check HEAP table exists
$res = mysql_query("select cid, name, type from $dbName.pdm_characters order by type") or die(mysql_error());
$marker = "X";
$firstOne = 1;
$cTypes["A"] = "Alien";
$cTypes["M"] = "Magic";
$cTypes["S"] = "Spirit";
while ($row = mysql_fetch_row($res))
{
if ($marker != $row[2]) #new type (alien/magic etc)
{
if ($marker != "X")
{
echo "</table>\n";
}
$cn = $cTypes[$row[2]];
echo "\n<table cellpadding=\"0\" cellspacing=\"0\" border=1>
<tr><td colspan=\"3\" align=\"center\"><div class=\"sheader\"> $cn characters</div></td></tr><tr bgcolor=\"#efefef\">";
$marker = $row[2];
}
echo "\n<td><table><tr><td align=center>$row[1]</td></tr><tr><td align=center>
<img alt=\"Pick me!\" src=\"images/$row[0]0.gif\"></td></tr><tr>
<td align=center><input type=\"radio\" name=\"character\" value=\"$row[0]\"";
if ($firstOne and $character == "")
{
$firstOne = 0;
echo " CHECKED ";
}
if ($character == $row[0])
{
echo " CHECKED ";
}
echo "></td></tr></table></td>";
}
echo "</tr></table>
<table width=\"551\" cellpadding=0 cellspacing=0><tr><td colspan=\"3\"><div class=\"sheader\">character details</div></td></tr>
<tr><td align=\"center\">Name<br><input size=20 maxlength=20 type=text name=\"name\" value = \"$name\"></td>";
?>
<td align="center">Password<br><input type="password" name="password1" size=20 maxlength=20></td>
<td align="center">Password again<br><input type="password" name="password2" size=20 maxlength=20></td></tr>
<tr><td colspan="3" align="center"><input type="submit" value="Register my character"></td></tr></table>
</td></tr></table>
<hr>
</form>
</centER>
Anyone able to offer up any advice or where its going wrong, If I remove the validation stuff, it still doesn't insert the user into the database.
Cheers