Untitled

<?php
include('../session.php');
$greskica="";
$uspjesnoDodan="";
$erorcode=1;

if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username  = preg_replace('/\s+/', '', mysqli_real_escape_string($db, $_POST['username']));
$password  = mysqli_real_escape_string($db, $_POST['password']);
$password2 = mysqli_real_escape_string($db, $_POST['password2']);
$ime       = preg_replace('/\s+/', '', stripslashes(mysqli_real_escape_string($db, $_POST['ime'])));
$prezime   = preg_replace('/\s+/', '', stripslashes(mysqli_real_escape_string($db, $_POST['prezime'])));
$role      = mysqli_real_escape_string($db, $_POST['role']);

if ($password == $password2) {
                $erorcode=0;
                $pwhash = password_hash($password, PASSWORD_DEFAULT);
} else {
                $erorcode=1;
                $greskica ="<div class='alert alert-danger'>Password are not the same</div>";
}

if ($role > 1 || $role < 0) {
                $erorcode=1;
                $greskica = "<div class='alert alert-danger'>User role error</div>";
}else{
    $erorcode=0;
}

if($erorcode == 0){
//Provjeri postojil takav username
$stmt_provjeriIsti = $db->prepare("SELECT username FROM users WHERE BINARY username = ? ");
$stmt_provjeriIsti->bind_param('s', $username);
$stmt_provjeriIsti->execute();
$stmt_provjeriIsti->bind_result($username2);
$stmt_provjeriIsti->store_result();
$stmt_provjeriIsti->fetch();
if ($stmt_provjeriIsti->num_rows == 1) {
                $greskica = "<div class='alert alert-danger'>Username already exist</div>";
                mysqli_stmt_close($stmt_provjeriIsti);
                mysqli_close($db);
} else {
                $stmt_dodajKorisnika = $db->prepare("INSERT INTO users (username, password, firstname, lastname, role) VALUES (?, ?, ?, ?, ?)");
                $stmt_dodajKorisnika->bind_param('ssssi', $username, $pwhash, $ime, $prezime, $role);

                if ($stmt_dodajKorisnika->execute()) {
                                $nulica          = "";
                                $stmt_dodajSliku = $db->prepare("INSERT INTO userimage (user, url, lastUpload) VALUES (?, ?, ?)");
                                $stmt_dodajSliku->bind_param('sss', $username, $nulica, $nulica);
                                $stmt_dodajSliku->execute();
                                $stmt_dodajSliku->close();
                                $uspjesnoDodan = "<div class='alert alert-success'>User added successfully</div>";
                }

                $stmt_dodajKorisnika->close();
                mysqli_close($db);
}
}
}
?>