Shade

1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
2. <html>
3.   <head>
4.     <title>xxxxx</title>
5.     <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
6.   </head>
7.   <body>
8.   <?php
9.     if($_POST) {
10.     $username = $_POST['username'];
11.         $password = $_POST['password'];
12.         $confirm = $_POST['confirm'];
13.     $email = $_POST['email'];
14.    
15.     $username2 = $_POST['username'];
16.         $password2 = $_POST['password'];
17.         $confirm2 = $_POST['confirm'];
18.     $email2 = $_POST['email'];
19.    
20.     $regdate = date("Y-m-d");
21.  
22. require_once 'config.php';
23.  
24. $conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to mysql');
25.                  mysql_select_db($dbname);
26.            
27. $query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s')", mysql_real_escape_string($username));
28. $query2 = sprintf("SELECT COUNT(id) FROM users WHERE email = '%s'", mysql_real_escape_string($email));
29.          
30. $result = mysql_query($query);
31. $result2 = mysql_query($query2);
32.  
33. list($count) = mysql_fetch_row($result);
34. list($count2) = mysql_fetch_row($result2);
35.  
36. function assign_rand_value($num)
37. {
38.   switch($num)
39.   {
40. case "1": $rand_value = "a"; break; case "2": $rand_value = "b"; break; case "3": $rand_value = "c"; break; case "4": $rand_value = "d"; break; case "5": $rand_value = "e"; break; case "6": $rand_value = "f"; break; case "7": $rand_value = "g"; break; case "8": $rand_value = "h"; break; case "9": $rand_value = "i"; break; case "10": $rand_value = "j"; break; case "11": $rand_value = "k"; break; case "12": $rand_value = "l"; break; case "13": $rand_value = "m"; break; case "14": $rand_value = "n"; break; case "15": $rand_value = "o"; break; case "16": $rand_value = "p"; break; case "17": $rand_value = "q"; break; case "18": $rand_value = "r"; break; case "19": $rand_value = "s"; break; case "20": $rand_value = "t"; break; case "21": $rand_value = "u"; break; case "22": $rand_value = "v"; break; case "23": $rand_value = "w"; break; case "24": $rand_value = "x"; break; case "25": $rand_value = "y"; break; case "26": $rand_value = "z"; break; case "27": $rand_value = "0"; break; case "28": $rand_value = "1"; break; case "29": $rand_value = "2"; break; case "30": $rand_value = "3"; break; case "31": $rand_value = "4"; break; case "32": $rand_value = "5"; break; case "33": $rand_value = "6"; break; case "34": $rand_value = "7"; break; case "35": $rand_value = "8"; break;
41. case "36": $rand_value = "9"; break;
42.   }
43.  return $rand_value;
44. }
45.  
46.  
47.  
48. $confcode="";
49.    for($i=1; $i<=10; $i++)
50.    {
51.    mt_srand((double)microtime() * 1000000);
52.    $num = mt_rand(1,36);
53.    $confcode .= assign_rand_value($num);
54.    }
55.  
56.  
57.  
58. if($count >= 1) { ?><span style='color:red'>Error: that username is taken.</span><br /><?php }
59. if ($username != htmlspecialchars($username)) { ?><span style='color:red'>Error: name contains invalid characters.</span><br /><?php }
60. if (strlen($username) < 3) { ?><span style='color:red'>Error: name must conain at least 3 characters.</span><br /><?php }
61.  
62. if($password != $confirm) { ?><span style='color:red'>Error: Passwords do not match!</span><br /><?php }
63. if (strlen($password) < 6) { ?><span style='color:red'>Error: password must contain at least 6 cahracters.</span><br /><?php }
64.  
65. if($count2 >= 1) { ?><span style='color:red'>Error: that email is taken.</span><br /><?php }
66. if ($email != htmlspecialchars($email)) { ?><span style='color:red'>Error: email contains invalid characters.</span><br /><?php }
67. if (strlen($email) < 6) { ?><span style='color:red'>Error: invalid email.</span><br /><?php }
68.  
69. if ($count == 0 && $username = htmlspecialchars($username) && strlen($username) > 2 && $count2 == 0 && $email = htmlspecialchars($email) && strlen($email) > 5 && $password = $confirm && strlen($password) > 5) {
70.  
71. $query = sprintf("INSERT INTO users(username,password,email,regdate,confcode) VALUES ('%s','%s','%s','%s','%s');", mysql_real_escape_string($username2), mysql_real_escape_string(sha1($password2)), mysql_real_escape_string($email2), mysql_real_escape_string($regdate), mysql_real_escape_string($confcode));
72.                  mysql_query($query);
73. $to = $email;
74.                 $subject = 'browsergame e-mail address confirmation';
75.                 $message = "
76. <p>Hey! Thanks for signing up for the browsergame. Click below to confirm your e-mail address.</p>
77. <p><a href='http://www.xxxxxxx.org/confirm.php?email=$email?confcode=$confcode'>below</a></p>";
78.                 $headers = 'From: xxxx@xxx.xx' . "\r\n" .
79.                             'Content-type: text/html; charset=iso-8859-1' . "\r\n";
80.                 mail($to,$subject,$message,$headers);
81.             ?>
82. <span style='color:green'>Congratulations, you've registered successfully! A confirmation e-mail has been sent to the address you entered.</span><br />
83.  
84. <?php
85. }
86. }
87. ?>
88.  
89.     <form method='post' action='register.php'>
90. Username: <input type='text' name='username' /><br />
91. Password: <input type='password' name='password' /><br />
92. Confirm Password: <input type='password' name='confirm' /><br />
93. Email: <input type='text' name='email' /><br />
94. <input type='submit' value='Register!' />
95. </form>
96.   </body>
97. </html>