signup form

1. <?php
2. include('header.php');
3.  
4. if(isset($_POST['user_signup'])) {
5.  
6. $username = mysqli_real_escape_string($conn, $_POST['username']);
7. $email = mysqli_real_escape_string($conn, $_POST['email']);
8. $get_ip = get_user_ip();
9.  
10. $check_username = mysqli_query($conn, "SELECT username FROM `users` WHERE `username`='".$username."'");
11. $username_exists = mysqli_num_rows($check_username);
12.  
13. $check_email = mysqli_query($conn, "SELECT email FROM `users` WHERE `email`='".$email."'");
14. $email_exists = mysqli_num_rows($check_email);
15.  
16. $check_ip = mysqli_query($conn, "SELECT ip FROM `users` WHERE `ip`='".$get_ip."'");
17. $ip_exists = mysqli_num_rows($check_ip);
18.  
19. if($username_exists == 1) {
20. $message = "<div class=\"alert alert-danger\">That username is not available.</div>";
21. } else if($email_exists == 1) {
22. $message = "<div class=\"alert alert-danger\">That email is already registered.</div>";
23. } else if($ip_exists == 1) {
24. $message = "<div class=\"alert alert-danger\">That ip is already registered to an account, you can only have  1 account.</div>";
25. } else if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
26. $message = "<div class=\"alert alert-danger\">Invalid email format. Valid: <i>admin@example.com</i></div>";
27. } else if(!preg_match("/^[a-z0-9]+$/i", $_POST['username'])) {
28. $message = "<div class=\"alert alert-danger\">Username must contain only letters and numbers.</div>";
29. } else if(empty($_POST['email']) || $_POST['email'] == "") {
30. $message = "<div class=\"alert alert-danger\">Email is empty, try again.</div>";
31. } else if(empty($_POST['username']) || $_POST['username'] == "") {
32. $message = "<div class=\"alert alert-danger\">Username is empty, try again.</div>";
33. } else if(empty($_POST['password']) || $_POST['password'] == "") {
34. $message = "<div class=\"alert alert-danger\">Password is empty, try again.</div>";
35. } else if(strlen($_POST['username']) > 20) {
36. $message = "<div class=\"alert alert-danger\">Username must be shorter than 20 characters.</div>";
37. } else if(strlen($_POST['username']) < 6) {
38. $message = "<div class=\"alert alert-danger\">Username must be greater than 5 characters.</div>";
39. } else {
40.  
41. $username = mysqli_real_escape_string($conn, $_POST['username']);
42. $email = mysqli_real_escape_string($conn, $_POST['email']);
43. $password = md5($_POST['password']);
44. $ip = get_user_ip();
45.  
46. $ref_id = "";
47. if(isset($_COOKIE['user_referral'])) {
48. $username = mysqli_real_escape_string($conn, $_POST['username']);
49. $ref_ip = get_user_ip();
50. $ref_id = $_COOKIE['user_referral'];
51. $referral_sql = mysqli_query($conn, "SELECT * FROM `users` WHERE `user_id`='{$ref_id}'");
52. $referral = mysqli_fetch_array($referral_sql, MYSQLI_ASSOC);
53.  
54. mysqli_query($conn, "INSERT INTO `users_referrals`(referral_username,referral_referral,referral_ip,referral_date_added) values('{$referral['username']}','{$username}','{$ref_ip}',NOW())");
55. }
56.  
57. if($config['site_signup_bonus'] > 0) {
58. $signup_point_bonus = $config['site_signup_bonus'];
59. } else {
60. $signup_point_bonus = 0;
61. }
62.  
63. mysqli_query($conn, "INSERT INTO `users`(email,username,ip,password,signup,online,points,referral) values('{$email}','{$username}','{$ip}','{$password}',NOW(),NOW(),'{$signup_point_bonus}','{$ref_id}')");
64.  
65. $_SESSION['username'] = $username;
66. echo "<script>document.location.href='".$config['site_url']."dashboard'</script>";
67.  
68. }
69. }
70.  
71. ?>
72.  
73. <div class="container">
74.  
75. <div class="row row-centered">
76. <div class="col-lg-5 col-centered">
77. <?php if(!isset($user)): ?>
78.       <form class="form-signin" role="form" method="post" action="signup.php">
79.         <h2 class="form-signin-heading">GiftCardsSky : Signup</h2>
80.  
81. <?php if(isset($message)) echo $message; ?>
82.  
83. <div class="form-group">
84.         <label for="inputEmail" class="sr-only">Username</label>
85.         <input type="email" name="email" id="email" class="form-control" placeholder="Email" required autofocus>
86.         </div>
87.        
88. <div class="form-group">
89.         <label for="inputEmail" class="sr-only">Username</label>
90.         <input type="text" name="username" id="inputUsername" class="form-control" placeholder="Username" required autofocus>
91.         </div>
92.        
93.         <div class="form-group">
94.         <label for="inputPassword" class="sr-only">Password</label>
95.         <input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
96.         </div>
97. <div class="form-group">
98.         <button class="btn btn-lg btn-primary btn-block" name="user_signup" type="submit">Sign up</button>
99.         </div>
100.       </form>
101. <?php else: ?>
102. <div class="alert alert-dismissable alert-danger">
103.   <button type="button" class="close" data-dismiss="alert">Ч</button>
104.   <strong>Oh.. </strong> You're already logged in <?php echo $user['username']; ?>!
105. </div>
106. <?php endif; ?>
107.  
108.     </div>
109.     </div>
110.     </div> <!-- /container -->
111.  
112.  
113. <?php include('footer.php'); ?>