Untitled


<?php
$trueornot = false; // defining a checker variable
$secret = '6LchoxEUAAAAABYh_YqXNpM7YX_VYQCVXqGhKLZi'; // google secret key
$response = $_POST['g-recaptcha-response']; // taking google recaptcha's response
$userip = $_SERVER['REMOTE_ADDR']; // taking the remote ip adress of the user
$url = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret&response=$response&remoteip=$userip"); // connecting to google's recaptcha confirm

$resultarray = json_decode($url , TRUE);
if ($resultarray['success'] == 1) { // checking if user is not a bot
    $trueornot = true;
} else {
    echo "<script>alert('Please complete the Captcha!')</script>"; // notifing the user he didn't complete the captcha
    $trueornot = false;
    header( "refresh:0.00001;url=index.html" ); // redirecting to the same page
}
if(isset($_POST['submit1']) && $trueornot)  // checking if the submit button is clicked and if the user has completed the captcha
{

                $myApplicationSalt = '$6$1234567890123456'; // application salt
                // database variables
                $db_server = 'localhost';
                $db_name = 'root';
                $db_password = "";
                $db = "loginregister";
                // connecting to the database
                $conn = mysqli_connect($db_server,$db_name,$db_password,$db);
                // collecting data
                $a = 0;
                $password = $_POST['pw'];
                $firstname = $_POST['fname'];
                $lastname = $_POST['lname'];
                $username = $_POST['uname'];
                $email = $_POST['email'];
                // making sure it has no mysqli injections
                $firstname = mysqli_real_escape_string($conn , $firstname);
                $lastname = mysqli_real_escape_string($conn , $lastname);
                $username = mysqli_real_escape_string($conn , $username);
                $email = mysqli_real_escape_string($conn , $email);
                // encrypting the password
                $password = md5($password);
                // selecting every account from the existing database where the email equals to the email the user has submitted
                $sql = "SELECT email FROM registration WHERE email='".$email."'";
                $result = mysqli_query($conn , $sql);
                $row = mysqli_fetch_array($result , MYSQLI_ASSOC); // fetching the row
                if (mysqli_num_rows($result) == 1) { // checking if email is already in use
                    echo "<script>window.alert('This email is already in use!')</script>";
                    header( "refresh:0;url='index.html'");
                } else {
                $sqlu = "SELECT uname FROM registration WHERE uname='".$username."'"; // selecting every account from the existing database where the username equals the username the user has submitted
                $result1 = mysqli_query($conn , $sqlu);
                $row1 = mysqli_fetch_array($result1 , MYSQLI_ASSOC); // fetching the row
                if (mysqli_num_rows($result1) == 1) { // checking if username is already in use
                    echo "<script>window.alert('This username is already in use!')</script>";
                    header( "refresh:0;url='index.html'"); // redirecting
                } else {
                    $query = mysqli_query($conn , "INSERT INTO registration(fname , lname , uname , email , pw)VALUES ('$firstname' , '$lastname' , '$username' , '$email' , '$password')"); // sending the database our variables
                    $a = 1;
                    }
                }
                if ($a == 1) { // finishing the registration and redirecting the user
                    echo "You are now registered!";
                    header( "refresh:2;url=../login.php" );

                }
            }


 ?>