<?php
//Initiliaze Database connection
require("config.php");
//IMPORTANT STUFF
$username = mysql_real_escape_string(stripslashes($_POST["strUsername"]));
$password = mysql_real_escape_string(stripslashes($_POST["strPassword"]));
$pass1 = gen_token($password, $username);
$age = mysql_real_escape_string(stripslashes($_POST["intAge"]));
$dob = mysql_real_escape_string(stripslashes($_POST["strDOB"]));
$email = mysql_real_escape_string(stripslashes($_POST["strEmail"]));
$gender = mysql_real_escape_string(stripslashes($_POST["strGender"]));
$classid = mysql_real_escape_string(stripslashes($_POST["ClassID"]));
$eyecolor = mysql_real_escape_string(stripslashes($_POST["intColorEye"]));
$skincolor = mysql_real_escape_string(stripslashes($_POST["intColorSkin"]));
$haircolor = mysql_real_escape_string(stripslashes($_POST["intColorHair"]));
$hairid = $_POST['HairID'];
//Checks if Email has Already been used
$emailcheck = mysql_query("SELECT id FROM users WHERE Email='$email'") or die("status=Error&strReason=" . mysql_error());
if (mysql_num_rows($emailcheck) != 0) {
die("status=Taken&strReason=The email is already in used by another user.");
}
//Checks If Username has been Taken
$sql = mysql_query("SELECT * FROM users WHERE Username = '$username'") or die("status=Error&strReason=" . mysql_error());
if (mysql_num_rows($sql) !=0) {
die("status=Taken&strReason=The username is already in use by another character.");
} else {
//Sets Hairname & hairfile
switch ($hairid) {
//MALE HAIR
case 52:
$hairname = 'Default';
$hairfile = 'hair/M/Default.swf';
break;
case 55:
$hairname = 'Goku1';
$hairfile = 'hair/M/Goku1.swf';
break;
case 58:
$hairname = 'Goku2';
$hairfile = 'hair/M/Goku2.swf';
break;
case 64:
$hairname = 'Normal2';
$hairfile = 'hair/M/Normal2.swf';
break;
case 92:
$hairname = 'Ponytail8';
$hairfile = 'hair/M/Ponytail8.swf';
break;
//FEMALE HAIR
case 14:
$hairname = 'Pig1Bangs1';
$hairfile = 'hair/F/Pig1Bangs1.swf';
break;
case 18:
$hairname = 'Pig2Bangs2';
$hairfile = 'hair/F/Pig2Bangs2.swf';
break;
case 26:
$hairname = 'Pony2Bangs2';
$hairfile = 'hair/F/Pony2Bangs2.swf';
break;
case 83:
$hairname = 'Bangs2Long';
$hairfile = 'hair/F/Bangs2Long.swf';
break;
case 84:
$hairname = 'Bangs3Long';
$hairfile = 'hair/F/Bangs3Long.swf';
break;
}
$time = date("Y-m-d");
//Inserts Character Info into DB
$sql2 = mysql_query("INSERT INTO `users` (`Username`, `Password`, `Access`, `ActivationFlag`, `Age`, `Gender`, `Email`, `Level`, `Gold`, `Coins`, `Exp`, `ColorHair`, `ColorSkin`, `ColorEye`, `ColorBase`, `ColorTrim`, `ColorAccessory`, `DateCreated`, `UpgradeExpire`, `UpgradeDays`, `BankSlots`, `HouseSlots`, `BagSlots`, `HairID`, `HairFile`, `HairName`, `Permamute`, `Quests`, `Settings`, `Achievement`, `Country`, `AchievementID`, `CurrentServer`) VALUES ('$username', '$pass1', '0', '5', '15', '$gender', '$email', '1', '0', '0', '0', '$haircolor', '$skincolor', '$eyecolor', '0', '0', '0', '$time', '$time', '-1', '0', '20', '150', '$hairid', '$hairfile', '$hairname', '0', '00000000000000000000000000000000000000000000000000', '0', '0', 'US', '', 'Offline');") or die("status=Error&strReason=" . mysql_error());
//Selects New User ID
$sql3 = mysql_query("SELECT * FROM users WHERE Username='$username'") or die("status=Error&strReason=" . mysql_error());
$user = mysql_fetch_assoc($sql3) or die("status=Error&strReason=" . mysql_error());
$userId = $user['id'];
//Add's Starting Armor
switch ($classid) {
case 2:
$addarmour = mysql_query("INSERT INTO users_items (itemid, userid, equipped, equipment, level) VALUES ('2', '$userId', '1', 'ar', '1')");
break;
case 4:
$addarmour = mysql_query("INSERT INTO users_items (itemid, userid, equipped, equipment, level) VALUES ('4', '$userId', '1', 'ar', '1')");
break;
case 3:
$addarmour = mysql_query("INSERT INTO users_items (itemid, userid, equipped, equipment, level) VALUES ('3', '$userId', '1', 'ar', '1')");
break;
case 5:
$addarmour = mysql_query("INSERT INTO users_items (itemid, userid, equipped, equipment, level) VALUES ('5', '$userId', '1', 'ar', '1')");
break;
}
// ADDS DEFAULT WEAPON
$addweapon = mysql_query("INSERT INTO users_items (itemid, userid, equipped, equipment, level) VALUES ('1', '$userId', '1', 'Weapon', '1')" );
// ADDS USERS FRIEND LIST
$addfriends = mysql_query("INSERT INTO users_friends (userid, friends) VALUES ($userId, '')" );
//SUCCESS
echo "status=Success";
}
function gen_token($pass, $salt) {
$salt = strtolower($salt);
$str = hash("sha512", $pass.$salt);
$len = strlen($salt);
return strtoupper(substr($str, $len, 17));
}
?>
答案 0 :(得分:0)
我会计算总是会发生的4个INSERT命令(假设成功)。这是正确的,还是只有部分工作?
没有什么是不正确的。您将mysql_query结果存储在变量中,但不对它们执行任何操作。也许尝试测试这些值以查看MySQL返回的内容?
您也没有测试是否有任何POST的值为空,空或无效。始终验证正在POST的内容 - 为了快速调试,你可以做一个print_r($ _ POST);.