Xin nhờ code lại để sử dụng với pass có md5

[chiencpt]

Bạn nào có thể giúp mình code lại cái này (file đính kèm) vì hiện nó chỉ chạy với password là NO MD5, nhưng db của mình lại dùng md5 (ở chổ Password. Hiện mình đang sử dụng web của BCS) - Cám ơn nhiều:

- Dĩ nhiên nếu được BCS giúp thì tốt quá !!!

<?
$conection = mssql_connect("ServerName","UerName","Password") or die("SQL connection fail, verify your connection config.");
mssql_select_db("MuOnline",$conection);
function anti_injection( $mensaje )
{
$banlist = array
("insert","select","drop","update","delete","disti nct","having","truncate","replace",
"handler","like","procedure","limit","order by","group by","<",">","/","'"," ","=","*",",","-");
if ( eregi ( "[a-zA-Z0-9]+", $mensaje ) )
{
$mensaje = trim ( str_replace ( $banlist, '', strtolower ( $mensaje ) ) );
}
else
{
$mensaje = NULL;
}
return $mensaje;
}
if(trim($HTTP_POST_VARS["id"]) != "" && trim($HTTP_POST_VARS["clave"]) != "")
{
$sql = "SELECT memb___id FROM MEMB_INFO WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."' and memb__pwd='".anti_injection($HTTP_POST_VARS["clave"])."'";
$result = mssql_query($sql);
if($row = mssql_fetch_array($result))
{
$sqlexiste = "SELECT AccountID FROM EXTWAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'";
$resultexiste = mssql_query($sqlexiste);
if($rowexiste = mssql_fetch_array($resultexiste))
{
$sqlchar = mssql_query("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."'");
$rschar = mssql_fetch_array($sqlchar);
if(($rschar['ConnectStat'])==0)
{
$sqlbaul = mssql_query("SELECT number FROM WAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'");
$rsbaul = mssql_fetch_array($sqlbaul);
if(($rsbaul['number'])==1)
{
/* If I want my original vault */
/* Save 2nd vault in extwarehouse table */
$sql ="update extwarehouse set items=(select items from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
$sql ="update extwarehouse set money=(select money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
/* Update main vault to original content */
$sql ="update warehouse set items=(select items from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
$sql ="update warehouse set money=(select money from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
/* Set vault number */
$sql ="update warehouse set number=0 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
/* Clean main vault last data */
$sql ="delete charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
}
if(($rsbaul['number'])==0)
{
/* If I want 2nd vault */
/* Save main vault data into charbaul table */
$sql ="insert into charbaul(accountid, items, money)(select accountid, items, money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."')";
mssql_query($sql);
/* Update main vault to 2nd vault data */
$sql ="update warehouse set items=(select items from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
$sql ="update warehouse set money=(select money from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
/* Set vault number */
$sql ="update warehouse set number=1 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
}
echo "-".anti_injection($HTTP_POST_VARS["id"])." vault changed successfully !!!";
}
else
{
echo "You must be off line, vault change not proceed !!!";
}
}
else
{
echo "You don't have extravault, contact your administrator !!!";
}
}
else
{
echo "Login fail !!!";
}
mssql_free_result($result);
}
else
{
echo "You must to complete all field to login ok !!!";
}
mssql_close();
?>
-----------------------------------------------------------------------------

[MrAaa]

Đính kèm File kiểu này thì bố thằng tây mà code được.

Không Upload được nó vào đâu thì cũng phải đưa nó vào thẻ PHP chứ.

[MrAaa]

PHP Code:

<?
$conection = mssql_connect("ServerName","UerName","Password") or die("SQL connection fail, verify your connection config.");
mssql_select_db("MuOnline",$conection);
function anti_injection( $mensaje )
{
$banlist = array
("insert","select","drop","update","delete","disti  nct","having","truncate","replace",
"handler","like","procedure","limit","order by","group by","<",">","/","'"," ","=","*",",","-");
if ( eregi ( "[a-zA-Z0-9]+", $mensaje ) )
{
$mensaje = trim ( str_replace ( $banlist, '', strtolower ( $mensaje ) ) );
}
else
{
$mensaje = NULL;
}
return $mensaje;
}
if(trim($HTTP_POST_VARS["id"]) != "" && trim($HTTP_POST_VARS["clave"]) != "")
{
$sql = "SELECT memb___id FROM MEMB_INFO WHERE  memb___id='".anti_injection($HTTP_POST_VARS["id"])."' and  memb__pwd='".anti_injection($HTTP_POST_VARS["clave"])."'";
$result = mssql_query($sql);
if($row = mssql_fetch_array($result))
{
  $sqlexiste = "SELECT AccountID FROM EXTWAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'";
  $resultexiste = mssql_query($sqlexiste);
  if($rowexiste = mssql_fetch_array($resultexiste))
  {
   $sqlchar = mssql_query("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."'");
   $rschar = mssql_fetch_array($sqlchar);
   if(($rschar['ConnectStat'])==0)
   {
    $sqlbaul = mssql_query("SELECT number FROM WAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'");
    $rsbaul = mssql_fetch_array($sqlbaul);
    if(($rsbaul['number'])==1)
    {
     /* If I want my original vault */
     /* Save 2nd vault in extwarehouse table */
     $sql ="update extwarehouse set items=(select items from warehouse  where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where  accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update extwarehouse set money=(select money from warehouse  where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where  accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Update main vault to original content */
     $sql ="update warehouse set items=(select items from charbaul where  accountid='".anti_injection($HTTP_POST_VARS["id"])."') where  accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update warehouse set money=(select money from charbaul where  accountid='".anti_injection($HTTP_POST_VARS["id"])."') where  accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Set vault number */
     $sql ="update warehouse set number=0 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Clean main vault last data  */
     $sql ="delete charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
    }
    if(($rsbaul['number'])==0)
    {
     /* If I want 2nd vault */
     /* Save main vault data into charbaul table */
     $sql ="insert into charbaul(accountid, items, money)(select  accountid, items, money from warehouse where  accountid='".anti_injection($HTTP_POST_VARS["id"])."')";
     mssql_query($sql);
     /* Update main vault to 2nd vault data */
     $sql ="update warehouse set items=(select items from extwarehouse  where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where  accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update warehouse set money=(select money from extwarehouse  where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where  accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Set vault number */
     $sql ="update warehouse set number=1 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
    }
    echo "-".anti_injection($HTTP_POST_VARS["id"])." vault changed successfully !!!";
   }
   else
   {
    echo "You must be off line, vault change not proceed !!!";
   }
  }
  else
  {
   echo "You don't have extravault, contact your administrator !!!";
  }
}
else
{
  echo "Login fail !!!";
}
mssql_free_result($result);
}
else
{
echo "You must to complete all field to login ok !!!";
}
mssql_close();
?>