Spam User registering on Registration page
I have created a registration page using DataAssist 2.0.7.
In the registration page i have 2 emails generated by UE 4, one for the user and one for me.
I have noticed that there are tons of spam users created in the database, and no email is generated either to the user or to me.
How is this happening and how can i avoid it?
Below is the section of the code i'm using in the Registration.php page
<?php require_once('../Connections/scipt.php'); ?>
<?php require_once("../webassist/database_management/wa_appbuilder_php.php"); ?>
<?php require_once("../webassist/email/mail_php.php"); ?>
<?php require_once("../webassist/email/mailformatting_php.php"); ?>
<?php
$today = date("Y-m-d");
if (!isset($_SESSION)) {
session_start();
}
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
$MM_dupKeyRedirect="registration_error.php";
$loginUsername = $_POST['username'];
$LoginRS__query = sprintf("SELECT username FROM registration WHERE username=%s", GetSQLValueString($loginUsername, "text"));
mysql_select_db($database_scipt, $scipt);
$LoginRS=mysql_query($LoginRS__query, $scipt) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//if there is a row in the database, the username was found - can not add the requested username
if($loginFoundUser){
$MM_qsChar = "?";
//append the username to the redirect page
if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
$MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
header ("Location: $MM_dupKeyRedirect");
exit;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "registration")) {
$insertSQL = sprintf("INSERT INTO registration (name, surname, email, additional_email, `position`, department, institute, city, country, username, date_registered) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString(ucfirst($_POST['firstname']), "text"),
GetSQLValueString(ucfirst($_POST['surname']), "text"),
GetSQLValueString(strtolower($_POST['email']), "text"),
GetSQLValueString(strtolower($_POST['add_email']), "text"),
GetSQLValueString(ucwords($_POST['position']), "text"),
GetSQLValueString(ucwords($_POST['department']), "text"),
GetSQLValueString(ucwords($_POST['institute']), "text"),
GetSQLValueString(ucwords($_POST['city']), "text"),
GetSQLValueString($_POST['country'], "text"),
GetSQLValueString(strtolower($_POST['username']), "text"),
GetSQLValueString($_POST['date_registered'], "date"));
mysql_select_db($database_scipt, $scipt);
$Result1 = mysql_query($insertSQL, $scipt) or die(mysql_error());
$_SESSION['registrationID'] = mysql_insert_id();
}
?>
<?php
if (!isset($_SESSION))session_start();
if ((isset($_POST["Register_x"]))) {
//WA Universal Email object="mail"
set_time_limit(0);
$EmailRef = "waue_registration_1";
$BurstSize = 200;
$BurstTime = 1;
$WaitTime = 1;
$GoToPage = "";
$RecipArray = array();
$StartBurst = time();
$LoopCount = 0;
$TotalEmails = 0;
$RecipIndex = 0;
// build up recipients array
$CurIndex = sizeof($RecipArray);
$RecipArray[$CurIndex] = array();
$RecipArray[$CurIndex ][] = "".((isset($_POST["email"]))?$_POST["email"]:"") ."";
$TotalEmails += sizeof($RecipArray[$CurIndex]);
$RealWait = ($WaitTime<0.25)?0.25:($WaitTime+0.1);
$TimeTracker = Array();
$TotalBursts = floor($TotalEmails/$BurstSize);
$AfterBursts = $TotalEmails % $BurstSize;
$TimeRemaining = ($TotalBursts * $BurstTime) + ($AfterBursts*$RealWait);
if ($TimeRemaining < ($TotalEmails*$RealWait) ) {
$TimeRemaining = $TotalEmails*$RealWait;
}
$_SESSION[$EmailRef."_Total"] = $TotalEmails;
$_SESSION[$EmailRef."_Index"] = 0;
$_SESSION[$EmailRef."_Remaining"] = $TimeRemaining;
while ($RecipIndex < sizeof($RecipArray)) {
$EnteredValue = is_string($RecipArray[$RecipIndex][0]);
$CurIndex = 0;
while (($EnteredValue && $CurIndex < sizeof($RecipArray[$RecipIndex])) || (!$EnteredValue && $RecipArray[$RecipIndex][0])) {
$starttime = microtime_float();
if ($EnteredValue) {
$RecipientEmail = $RecipArray[$RecipIndex][$CurIndex];
} else {
$RecipientEmail = $RecipArray[$RecipIndex][0][$RecipArray[$RecipIndex][2]];
}
$EmailsRemaining = ($TotalEmails- $LoopCount);
$BurstsRemaining = ceil(($EmailsRemaining-$AfterBursts)/$BurstSize);
$IntoBurst = ($EmailsRemaining-$AfterBursts) % $BurstSize;
if ($AfterBursts<$EmailsRemaining) $IntoBurst = 0;
$TimeRemaining = ($BurstsRemaining * $BurstTime * 60) + ((($AfterBursts<$EmailsRemaining)?$AfterBursts:$EmailsRemaining)*$RealWait) - (($AfterBursts>$EmailsRemaining)?0:($IntoBurst*$RealWait));
if ($TimeRemaining < ($EmailsRemaining*$RealWait) ) {
$TimeRemaining = $EmailsRemaining*$RealWait;
}
$CurIndex ++;
$LoopCount ++;
session_commit();
session_start();
$_SESSION[$EmailRef."_Index"] = $LoopCount;
$_SESSION[$EmailRef."_Remaining"] = round($TimeRemaining);
session_commit();
wa_sleep($WaitTime);
include("../webassist/email/waue_registration_1.php");
$endtime = microtime_float();
$TimeTracker[] =$endtime - $starttime;
$RealWait = array_sum($TimeTracker)/sizeof($TimeTracker);
if ($LoopCount % $BurstSize == 0) {
$TimePassed = (time() - $StartBurst);
if ($TimePassed < ($BurstTime*60)) {
$WaitBurst = ($BurstTime*60) -$TimePassed;
wa_sleep($WaitBurst);
}
else {
$TimeRemaining = ($TotalEmails- $LoopCount)*$RealWait;
}
$StartBurst = time();
}
if (!$EnteredValue) {
$RecipArray[$RecipIndex][0] = mysql_fetch_assoc($RecipArray[$RecipIndex][1]);
}
}
$RecipIndex ++;
}
$_SESSION[$EmailRef."_Total"] = 0;
$_SESSION[$EmailRef."_Index"] = 0;
$_SESSION[$EmailRef."_Remaining"] = 0;
session_commit();
session_start();
if ($GoToPage!="") {
header("Location: ".$GoToPage);
}
}
?>
<?php
if (!isset($_SESSION))session_start();
if ((isset($_POST["Register_x"]))) {
//WA Universal Email object="mail"
set_time_limit(0);
$EmailRef = "waue_registration_2";
$BurstSize = 200;
$BurstTime = 1;
$WaitTime = 1;
$GoToPage = "thanks.php";
$RecipArray = array();
$StartBurst = time();
$LoopCount = 0;
$TotalEmails = 0;
$RecipIndex = 0;
// build up recipients array
$CurIndex = sizeof($RecipArray);
$RecipArray[$CurIndex] = array();
$RecipArray[$CurIndex ][] = "adminSCIPT@med.usyd.edu.au";
$RecipArray[$CurIndex ][] = "info@andreabuldorini.com.au";
$TotalEmails += sizeof($RecipArray[$CurIndex]);
$RealWait = ($WaitTime<0.25)?0.25:($WaitTime+0.1);
$TimeTracker = Array();
$TotalBursts = floor($TotalEmails/$BurstSize);
$AfterBursts = $TotalEmails % $BurstSize;
$TimeRemaining = ($TotalBursts * $BurstTime) + ($AfterBursts*$RealWait);
if ($TimeRemaining < ($TotalEmails*$RealWait) ) {
$TimeRemaining = $TotalEmails*$RealWait;
}
$_SESSION[$EmailRef."_Total"] = $TotalEmails;
$_SESSION[$EmailRef."_Index"] = 0;
$_SESSION[$EmailRef."_Remaining"] = $TimeRemaining;
while ($RecipIndex < sizeof($RecipArray)) {
$EnteredValue = is_string($RecipArray[$RecipIndex][0]);
$CurIndex = 0;
while (($EnteredValue && $CurIndex < sizeof($RecipArray[$RecipIndex])) || (!$EnteredValue && $RecipArray[$RecipIndex][0])) {
$starttime = microtime_float();
if ($EnteredValue) {
$RecipientEmail = $RecipArray[$RecipIndex][$CurIndex];
} else {
$RecipientEmail = $RecipArray[$RecipIndex][0][$RecipArray[$RecipIndex][2]];
}
$EmailsRemaining = ($TotalEmails- $LoopCount);
$BurstsRemaining = ceil(($EmailsRemaining-$AfterBursts)/$BurstSize);
$IntoBurst = ($EmailsRemaining-$AfterBursts) % $BurstSize;
if ($AfterBursts<$EmailsRemaining) $IntoBurst = 0;
$TimeRemaining = ($BurstsRemaining * $BurstTime * 60) + ((($AfterBursts<$EmailsRemaining)?$AfterBursts:$EmailsRemaining)*$RealWait) - (($AfterBursts>$EmailsRemaining)?0:($IntoBurst*$RealWait));
if ($TimeRemaining < ($EmailsRemaining*$RealWait) ) {
$TimeRemaining = $EmailsRemaining*$RealWait;
}
?>
PS a part of the final code is missing due to character limitations!
Cheers
Andrea