Help, Please

[GetReady]

Hey can anyone explain to me why when someone registers this is show as the message for registering;

 

INSERT INTO `UserDetails` (userName,class,e_mail,password,commander,active,uniqueLink,DefBaseLevel,OffBaseLevel, money,lastTurnTime,attackTurns,currentUnitProduction,currentSpySkill, trainedAttackSold,trainedAttackMerc,trainedDefSold,trainedDefMerc,untrainedSold,untrainedMerc,spies) VALUES ('m0000','0','[email protected]','40681103','','0','gk1269710742','0','0', '2800','1269710742','17','0','0', '0','0','0','0','1','0','0')

 

Codes below Any help would be great, Thanks.

 

<?
include "db_connect.php";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>

	<title></title>
	<link href="css/common.css" rel="stylesheet" type="text/css">
	<link href="css/main.css" rel="stylesheet" type="text/css">



	<meta name="keywords" content="">
	<meta name="description" content="">
	<meta name="author" content="">
	<SCRIPT language=javascript src="js/js"></SCRIPT>
	<script language="javascript" type="text/javascript">
	<!--
	function checkCR(evt) {
	var evt = (evt) ? evt : ((event) ? event : null);
	var node = (evt.target) ? evt.target : ((evt.srcElement) ? evt.srcElement : null);
	if ((evt.keyCode == 13) && (node.type=="text")) {return false;}
	}
	document.onkeypress = checkCR;
	//-->
	</script></head>

<body bgcolor="#000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" text="#ffffff">
<?
include "top.php";
?>
<table width="100%" border="0" cellspacing="0" cellpadding="5">
  <tbody><tr> 
    <TD class=menu_cell style="PADDING-LEFT: 15px" vAlign=top width=140>
<?
include ("left.php");
?>
    </td>
      <td style="padding-left: 15px; padding-top: 12px; padding-right: 15px;" valign="top" align="left"> 
        <font color="red">
        <?
			if ($cgi['submit'])	{
				if(($HTTP_SERVER_VARS['REMOTE_ADDR'])&&(isIP($HTTP_SERVER_VARS['REMOTE_ADDR']))){
					$echoS= "Oops. Somebody has already registered from this IP. If you beleive it is a fault you can contact us via mail {$conf['mail']}.";
				}
				elseif (!$cgi['username']){
					$echoS= "You should enter user name.";
				}elseif (getUserDetailsByName($cgi['username'])){
					$echoS= "That username has already been taken.";
				}elseif($cgi['email']!=$cgi['email2'] ){
					$echoS= "Mails you have entered are not equal.";
				}elseif(!preg_match("/^.+?@.+?\..+?/i",$cgi['email']) ){
					$echoS= "You should enter correct e-mail.";
				}elseif(getUserDetailsByEmail($cgi['email'])){
					$echoS= "That e-mail has already been taken.";
				}elseif(!$cgi['tos']){
					$echoS= "You should agree to comply with the terms of service.";
				}elseif(!$cgi['rules']){
					$echoS= "You should agree to comply with the rules.";
				}elseif(!$cgi['cheat']){
					$echoS= "You should promise not to try to gain an unfair advantage by breaking the rules.";
				}elseif(!$cgi['account']){
					$echoS= "You should agree to have ONLY account.";
				}elseif(!$cgi['turing']||(strtolower ($cgi['turing'])!=strtolower ($_SESSION['number1']))){
					$echoS= "You should type the text that you see on the image.";
				}
				else{
					//echo "Registering";
					$isResistered=1;
					$pas=genRandomPas();
					createUser($cgi['username'],
						$cgi['class'],
						$cgi['email'],
						$pas,
						$cgi['uniqid']					
						);
					if ($cgi['uniqid']){
						updateUser($cgi['uniqid']," untrainedSold=untrainedSold+1 ");
					}
					$us=getUserDetailsByName($cgi['username'], " ID ");
					addIP($HTTP_SERVER_VARS['REMOTE_ADDR'],$us->ID);
					//echo "==".$cgi['email']."==";
				  	$ism=mail($cgi['email'],"activation e-mail","Your name is: {$cgi['username']} \n Your activation password is {$pas} ");
					//echo "--$ism--";
				  	echo "<br><br><center><font color=red>Your activation password was sent to your e-mail.</font></center><br><br><br><br>";

				}
			}

			?>
        </font><br><? if (!$isResistered) { ?>
<form action="register.php" method="post">
          <table border="0" class="table_lines" cellspacing="0" cellpadding="6">
            <tbody>
              <tr> 
                <th colspan="2">Register</th>
              </tr>
              <tr> 
                <td colspan="2"><font color="red"><? echo $echoS;	?></font></td>
              </tr>
              <tr> 
                <td>Desired Username:</td>
                <td><input type="text" name="username" value="<?=$cgi['username']?>"></td>
              </tr>
              <tr> 
                <td>Desired class:</td>
                <td> <select name="class">
                    <? 
					for ($i=0; $i<count($conf["class"]);$i++){
					echo "<option value=$i ";
					if ((strpos ( $cgi['join'], $conf['class'][$i]['name'])!== false)||($cgi['class']==$i)) { echo " selected "; }
					echo " >{$conf['class'][$i]['name']}</option> ";
					}
					?>
                  </select> </td>
              </tr>
              <tr> 
                <td>Password:</td>
                <td>Will be e-mailed to the address below</td>
              </tr>
              <tr> 
                <td><b>Valid</b> E-mail Address:</td>
                <td><input type="text" name="email" value="<?=$cgi['email']?>"></td>
              </tr>
              <tr> 
                <td>E-mail Address Again:</td>
                <td><input type="text" name="email2" value="<?=$cgi['email2']?>"></td>
              </tr>
              <tr> 
                <td colspan="2"><input type="checkbox" name="tos" value="true">
                  I have read and agree to comply with the <a href="tos.php" target="_new">terms 
                  of service</a></td>
              </tr>
              <tr> 
                <td colspan="2"><input type="checkbox" name="rules" value="true">
                  I have read and agree to comply with the <a href="help.php#rules" target="_new">rules</a></td>
              </tr>
              <tr> 
                <td colspan="2"><input type="checkbox" name="cheat" value="true"> 
                  I promise not to try to gain an unfair advantage by breaking 
                  the rules</td>
              </tr>
              <tr> 
                <td colspan="2"><input type="checkbox" name="account" value="true"> 
                  This is my <b>ONLY</b> account</td>
              </tr>
              <tr>
	<td colspan="2">Copy the text below into the adjacent box.</td>
</tr>
<tr>
	<td align="center"><img src="imageclick.php?<? $SID=session_name()."=".session_id(); echo $SID; $number=genUniqueTxt(6); $_SESSION['number1']=$number; ?>" alt="random chars"></td>
	<td><input type="text" name="turing"></td>
</tr>
              <tr> 
                <td>Commander:</td>
                <td valign="middle"><? 
			$str="None";
			if ($cgi['uniqid']){
				$us=getUserDetails($cgi['uniqid']);
				$str=$us->userName;
				echo "<input type=hidden name=uniqid value='{$cgi['uniqid']}'>";
				echo '<a href="stats.php?id='.$cgi['uniqid'].'">';
			}
			echo $str;
			if ($cgi['uniqid']){
				echo "</a>";
			}
			 ?>
                  <font style="font-size: 8pt;"> [Note: This cannot be changed 
                  once you register]</font></td>
              </tr>
              <tr> 
                <td colspan="2" align="center"><input type="submit" name=submit value="Register"></td>
              </tr>
            </tbody>
          </table>
<input type="hidden" name="hash" value="f7610358ffcc3db6558310ea4a166bcb">
</form>

<?
  }  include ("bottom.php");
?>	
</td>
</tr>
</tbody></table>
</body></html>

 

 

[GetReady]

Any chance with a little help on this? Seen quite a few topics going above it and would rather it didn't get buried. Thanks.

[trq]

Maybe if you post the code that is within register.php

[GetReady]

That is the code withing Register.php 

[trq]

We need to see the createUser() function then.

[GetReady]

function createUser($userName,$class,$e_mail,$password,$commander,$active=0,$uniqueLink="",$DefBaseLevel=0,$OffBaseLevel=0,
$money=2800,$lastTurnTime=0,$attackTurns=17,$currentUnitProduction=0,$currentSpySkill=0,
$trainedAttackSold=0,$trainedAttackMerc=0,$trainedDefSold=0,$trainedDefMerc=0,$untrainedSold=1,$untrainedMerc=0,$spies=0){

$str = "INSERT INTO `UserDetails` (userName,class,e_mail,password,commander,active,uniqueLink,DefBaseLevel,OffBaseLevel,
money,lastTurnTime,attackTurns,currentUnitProduction,currentSpySkill,
trainedAttackSold,trainedAttackMerc,trainedDefSold,trainedDefMerc,untrainedSold,untrainedMerc,spies) VALUES ('$userName','$class','$e_mail','$password','$commander','$active','$uniqueLink','$DefBaseLevel','$OffBaseLevel',
'$money','$lastTurnTime','$attackTurns','$currentUnitProduction','$currentSpySkill',
'$trainedAttackSold','$trainedAttackMerc','$trainedDefSold','$trainedDefMerc','$untrainedSold','$untrainedMerc','$spies')";
//echo "$str<br>";
$q = @mysql_query($str);
if (!$q) {
	print ('Query failed: '.mysql_error());
	return;
}

 

I believe that's it... But i cannot see for the life of me why its showing the data being inserted to the database as a message when registering.. Any help will be appreciated, Thanks.

[PFMaBiSmAd]

Does the email message body contain ONLY and exactly what you showed in the first post or does it also contain any portion of -

 

Your name is:  ... Your activation password is

 

It sounds like there is another mail() function call that is sending the query string, either as part of some custom error reporting or perhaps to notify an administrator of what was just inserted into the database.

 

You need to search through all the code on that page or included/required by that page to see if there are any more mail() function calls or even if some other method is being used to send mail (such as the phpmailer or pear mailer classes.) Also, are there any set_error_handler() statements?

[GetReady]

Sorry i wasn't more clear its not in the email itself that this message is coming up... Its on the actual registration page... as the message saying that the registration was a success, Its rather odd as i cannot find out what is causing this for the life of me.

[PFMaBiSmAd]

// echo "$str<br>";

The code you posted contains that line of commented out code. If the actual code being executed on the server is the version of the code before that line was commented out, the query would be echoed on the web page.

 

Have you checked what the actual code is in the file that is on the server?

[GetReady]

// echo "$str<br>";

 

Solved the issue, cant believe i missed that!! Thanks man much appreciated!