[Share] Simple Account Creation page

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Nupper wrote:

      A simple Account creation page for Ascemu

      This is one i seen dedicated to ascemu and still in Testing phase.
      mediafire.com/download/r34lzplkj46g4tb/Reg.rar

      It dose work with the current structure.


      Thank you for this, I'm sure it'll be useful for some people

      But...

      You really shouldn't be using string concatenation to build queries in 2015. It's dangerous, and a quick look at the code suggests to me that in this case it's also vulnerable.

      w3schools.com/php/php_mysql_prepared_statements.asp seems to explain how to do prepared statements quite well, I'd strongly recommend using this instead

      I'd also recommend explicitly setting people to not have GM powers on signup, relying on the default value could very easily go awry if someone has modified the database to use az by default ;)
      AscEmu is a place for learning - don't be afraid of criticism, we don't bite <3

      Remember you can join us on Discord by clicking this invite link: discord.gg/2YJSg5M
    • Evairfairy wrote:

      Nupper wrote:

      A simple Account creation page for Ascemu

      This is one i seen dedicated to ascemu and still in Testing phase.
      mediafire.com/download/r34lzplkj46g4tb/Reg.rar

      It dose work with the current structure.


      Thank you for this, I'm sure it'll be useful for some people

      But...

      You really shouldn't be using string concatenation to build queries in 2015. It's dangerous, and a quick look at the code suggests to me that in this case it's also vulnerable.

      w3schools.com/php/php_mysql_prepared_statements.asp seems to explain how to do prepared statements quite well, I'd strongly recommend using this instead

      I'd also recommend explicitly setting people to not have GM powers on signup, relying on the default value could very easily go awry if someone has modified the database to use az by default ;)


      There should be no setting to allow GM powers on signup

      I have also allow ascemu to adapt and recode this if this to add improvements and the coder has also given permission.
    • Nupper wrote:


      There should be no setting to allow GM powers on signup

      I have also allow ascemu to adapt and recode this if this to add improvements and the coder has also given permission.


      I'm referring to the MySQL default of not assigning a GM - my line of reasoning was that it's a dangerous assumption to make because if it's changed to default to az for some reason, new accounts will be registered with full GM powers (and I've seen at least one environment where that was the case for testing purposes) but thinking back on it, it's poor advice for a number of reasons, so disregard that.

      As for changing the script, we'll most likely provide an official driver at some point so that people aren't running their own queries directly on the database, but that's a very low priority at the moment given how much other work needs doing. There are a lot of other problems with this script outside of what I mentioned so we most likely won't end up basing any other work off of it, but as I said before it's probably useful to someone, so thanks
      AscEmu is a place for learning - don't be afraid of criticism, we don't bite <3

      Remember you can join us on Discord by clicking this invite link: discord.gg/2YJSg5M
    • Evairfairy wrote:

      Nupper wrote:


      There should be no setting to allow GM powers on signup

      I have also allow ascemu to adapt and recode this if this to add improvements and the coder has also given permission.


      I'm referring to the MySQL default of not assigning a GM - my line of reasoning was that it's a dangerous assumption to make because if it's changed to default to az for some reason, new accounts will be registered with full GM powers (and I've seen at least one environment where that was the case for testing purposes) but thinking back on it, it's poor advice for a number of reasons, so disregard that.

      As for changing the script, we'll most likely provide an official driver at some point so that people aren't running their own queries directly on the database, but that's a very low priority at the moment given how much other work needs doing. There are a lot of other problems with this script outside of what I mentioned so we most likely won't end up basing any other work off of it, but as I said before it's probably useful to someone, so thanks

      Thanks for the suggestion about prepared statements. Anyway, I made this site for free to Nupper and everyone have my full access to edit the the code. So if something could be done in a better way feel free to change :)