<?php include_once("scripts/global.php");$message = '';if(isset($_POST['user

1. <?php include_once("scripts/global.php");
2. $message = '';
3. if(isset($_POST['username']) && !empty($_POST['username'])){
4.    
5.     $username = $_POST['username'];
6.     $fname = $_POST['fname'];
7.     $lname = $_POST['lname'];
8.     $email = $_POST['email'];
9.     $pass1 = $_POST['pass1'];
10.     $pass2 = $_POST['pass2'];
11.  
12.     //error handling
13.     if ((!$username)||(!$fname)||(!$lname)||(!$email)||(!$pass1)||(!$pass2)) {
14.         $message = "Please insert all fields in the form below";
15.     } else {
16.         if($pass1 != $pass2){
17.             $message= "Your password fields do not match"; 
18.         }else{
19.             //securing the data
20.             $username = preg_replace("#[^0-9a-z]#i","",$username);
21.             $fname = preg_replace("#[^0-9a-z]#i","",$fname);
22.             $lname = preg_replace("#[^0-9a-z]#i","",$lname);
23.             $pass1 = sha1($pass1); 
24.             $email=mysql_real_escape_string($email);
25.            
26.             //check for duplicates
27.             $user_query=mysql_query("SELECT username FROM members WHERE username='$username'LIMIT 1") or die ("Could not check username");
28.             $count_username = mysql_num_rows($user_query);
29.             $email_query=mysql_query("SELECT email FROM members WHERE email='$email'LIMIT 1") or die ("Could not check email");
30.             $count_email = mysql_num_rows($email_query);
31.             if($count_username > 0){
32.                 $message ='Your username is already in use';
33.             }else if($count_email >0){
34.                 $message='Your email is already in use';
35.             }else{
36.                 $ip_address = $_SERVER['REMOTE_ADDR'];
37.                 $query = mysql_query("INSERT INTO members (username, firstname, lastname, email, password, ip_address, sign_up_date) VALUES ('$username', '$fname', '$lname', '$email', '$pass1', $ip_address', now())")or die("Could not insert your information");
38.                 $member_id = mysql_insert_id();
39.                 mkdir("users/$member_id",0755);
40.                 $message= "Register complete";
41.             }
42.         }
43.     }
44. }
45. ?>
46. <!doctype html>
47. <html>
48. <head>
49. <meta charset="utf-8">
50. <title>Untitled</title>
51. <link href="css/global.css" rel="stylesheet" type="text/css"/>
52. </head>
53. <body>
54. <div class="container center">
55.     <h1>Register</h1><br>
56.     <p><?php print("$message");?></p>
57.     <form action="register.php" method="post">
58.             <input type="text" name="username" placeholder="Username" /><br />
59.             <br /><input type="text" name="fname" placeholder="First name" /><br />
60.             <br /><input type="text" name="lname" placeholder="Last name" /><br />
61.             <br /><input type="text" name="email" placeholder="Email Address" /><br />
62.             <br /><input type="password" name="pass1" placeholder="Password" /><br />
63.             <br /><input type="password" name="pass2" placeholder="Validate Password" /><br />
64.             <br /><input type="submit" value="Submit" />  
65.     </form>
66.     </div>
67. </body>
68. </html>