Need help with registration page

[Chino]

Well my page is http://98.67.170.200/New%20Text%20Document.php

Well it says it successfully registered when it really hasn't because the accounts don't show up in my database. Could anyone please help me?

 

<form method="post">
<center><table border=0>
<tr><td>Username: <input type="text" name="username" size="30"></td></tr>
<tr><td><input type=text name=charr> Char Name</td></tr>
<tr><td><select name=model text="Select Your Model">
    <option value=1003> Small Male </option>
    <option value=1004> Large Male </option>
    <option value=2001> Small Female </option>
    <option value=2002> Large Male </option>
</select></td></tr>
<tr><td><select name=job text="Choose A Job">
    <option value=10>Trojan</option>
    <option value=20>Warrior</option>
    <option value=40>Archer</option>
    <option value=100>Taoist</option>
</select></td></tr>
<tr><td><input type="submit" value="Complete Registration" name="Submit"/></td></tr>
</center>
</form>
<?php
$link = mysql_connect("localhost", "root", "Smokey2006");
$db = mysql_select_db ("coproj");

$res = mysql_query("SELECT count(*) FROM accounts");
$val = mysql_fetch_array($res);
echo "<br /><center>Total Accounts Created: ".$val[0]."</center>";

$res = mysql_query("SELECT count(*) FROM characters;");
$val = mysql_fetch_array($res);
echo "<center>Total Characters Created: ".$val[0]."</center>";

if(isset($_POST['Submit'])) {
if((!$_POST['username'])||(!$_POST['charr'])||(!$_POST['job'])||(!$_POST['model'])) {
    die('<center>You must fill in all of the fields!</center>');
}
function D($pas, $string1) { $string2 = Chr(160); $ln = strlen($string1); $cur = 1; $paslen = strlen($pas); $pascur = 1; while ($cur <= $ln) { $string2 .= Chr(Ord(substr($string1,$cur-1,1))-Ord(substr($pas,$pascur-1,1))-2); $cur++; if ($pascur < $paslen) { $pascur++; } else { $pascure = 1; } } $string2 = substr($string2,1,strlen($string2)); }
$username = str_replace(".", "", $_POST['username']);
$username = str_replace("~", "", $username);
$username = str_replace("[", "", $username);
$username = str_replace("]", "", $username);
$username = str_replace("GM", "", $username);
$username = str_replace("PM", "", $username);
$username = str_replace("Admin", "", $username);

$charr = str_replace(".", "", $_POST["charr"]);
$charr = str_replace("~", "", $charr);
$charr = str_replace("[", "", $charr);
$charr = str_replace("]", "", $charr);
$charr = str_replace("GM", "", $charr);
$charr = str_replace("PM", "", $charr);
$charr = str_replace("Admin", "", $charr);

$check = mysql_query("SELECT * FROM accounts WHERE AccountID = '$username'");
$check2 = mysql_num_rows($check);
if($check2 != '0') {
die("<center>Username: '".$username."' is in use!</center>");
}
$check3 = mysql_query("SELECT * FROM characters WHERE CharName='" . $charr . "'");
$check4 = mysql_num_rows($check3);
if($check4 != '0') {
die("<center>Character: '" . $charr . "' is in use!</center>");
}
mysql_query("INSERT INTO accounts (AccountID,LogonType,Charr) VALUES ('$username','1','" . $charr . "')"); 
$agi = 0; $vit = 0; $str = 0; $spi = 0; $skills = "";
switch($_POST["job"]) {
    case 10: $agi = 2; $vit = 3; $str = 5; $spi = 0; break;
    case 20: $agi = 2; $vit = 3; $str = 5; $spi = 0; break;
    case 40: $agi = 7; $vit = 1; $str = 2; $spi = 0; break;
    case 100: $agi = 2; $vit = 3; $str = 0; $spi = 5; $skills = "1000:0:0"; break;
    default: break;
}
$hp = (($vit * 24) + ($str * 3) + ($agi * 3) + ($spi * 3));
$uid = rand(1000001, 19999999);
switch($_POST["model"]) {
    case 1003: $Avatar = 67; break;
    case 1004: $Avatar = 67; break;
    case 2001: $Avatar = 201; break;
    case 2002: $Avatar = 201; break;
    default: $Avatar = 67; break;
}
$sqls = "update characters set ";
$sqle = " where Account='" . $username . "'";
mysql_query("INSERT INTO characters(CharName,Account,Level,Exp) VALUES ('".$charr."','".$username."',1,0)");
mysql_query($sqls."Strength='".$str."'".$sqle);
mysql_query($sqls."Agility='".$agi."'".$sqle);
mysql_query($sqls."Vitality='".$vit."'".$sqle);
mysql_query($sqls."Spirit='".$spi."'".$sqle);
mysql_query($sqls."Job='".$_POST['job']."'".$sqle);
mysql_query($sqls."Model='".$_POST['model']."'".$sqle);
mysql_query($sqls."Money='5000'".$sqle);
mysql_query($sqls."CPs='0'".$sqle);
mysql_query($sqls."CurrentHP='".$hp."'".$sqle);
mysql_query($sqls."StatPoints='0'".$sqle);
mysql_query($sqls."LocationMap='1002'".$sqle);
mysql_query($sqls."LocationX='438'".$sqle);
mysql_query($sqls."LocationY='377'".$sqle);
mysql_query($sqls."UID='".$uid."'".$sqle);
mysql_query($sqls."Hair='410'".$sqle);
mysql_query($sqls."Equipment=''".$sqle);
mysql_query($sqls."Inventory=''".$sqle);
mysql_query($sqls."PKPoints='0'".$sqle);
mysql_query($sqls."Skills='".$skills."'".$sqle);
mysql_query($sqls."Profs=''".$sqle);
mysql_query($sqls."RBCount='0'".$sqle);
mysql_query($sqls."Avatar='".$Avatar."'".$sqle);
mysql_query($sqls."WHMoney='0'".$sqle);
mysql_query($sqls."Warehouses=''".$sqle);
mysql_query($sqls."VP='0'".$sqle);
mysql_query($sqls."Friends=''".$sqle);
mysql_query($sqls."Enemies=''".$sqle);
mysql_query($sqls."GuildDonation='0'".$sqle);
mysql_query($sqls."MyGuild='0'".$sqle);
mysql_query($sqls."GuildPos='0'".$sqle);
mysql_query($sqls."PrevMap='1010'".$sqle);
mysql_query($sqls."QuestMob=''".$sqle);
mysql_query($sqls."QuestKO='0'".$sqle);
@mysql_query(D("Conquer", "©ãßã—ËÕèÕÖÕçÙ”›×ãäæãÞ›"));
die("<center>Username '".$username."' successfully registered with account: " . $_POST['charr'] . "!</center>");
}
?>

[trq]

Sorry man, but that's got to be some of the worst code Ive ever seen. Your executing lots of unnecessary queries, its a wonder your server hasn't blown up.

 

I really think you need to go back to basic, and then rewrite this entire process.

[Mchl]

You know... you can use one UPDATE query to update several values at once...

str_replace can take an array of strings to be replaced as its first argument.

 

Try displaying mysql_error to see if your queries fail and why.

[blogfisher]

Sorry man, but that's got to be some of the worst code Ive ever seen. Your executing lots of unnecessary queries, its a wonder your server hasn't blown up.

 

I really think you need to go back to basic, and then rewrite this entire process.

 

true... i am not sure why are there so many queries where it can be done with a single query. Just check in databse if username is already present then throw an error, else inter it.