Untitled

<p>
<?php
require('db.php');
$email = $_POST['email'];
$email = strip_tags($email);
function checkEmail($email) {
 // checks proper syntax
 if(preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9._-] +)+$/" , $email)) {
  // gets domain name
  list($username,$domain)=split('@',$email);
  // checks for if MX records in the DNS
  if(!checkdnsrr($domain, 'MX')) {
   return false;
  }
  // attempts a socket connection to mail server
  if(!fsockopen($domain,25,$errno,$errstr,30)) {
   return false;
  }
  return true;
 }
 return false;
}

$username = $_POST['username'];
$password = $_POST['password'];

$planet = $_POST['planet'];
$title = $_POST['title'];
$password2 = $_POST['password2'];
$confirm = $_POST['confirm'];
//define input as variables
$username = mysql_real_escape_string($username);
$title = mysql_real_escape_string($title);
$planet = mysql_real_escape_string($planet);
$password = mysql_real_escape_string($password);
$password2 = mysql_real_escape_string($password2);
$confirm = mysql_real_escape_string($confirm);
//make safe for database input
$username = strip_tags($username);

$password = strip_tags($password);
$password2 = strip_tags($password2);
$confirm = strip_tags($confirm);
//redundant html tag remover for added security
$row = mysql_query("SELECT * FROM members WHERE username='$username'");
$user = mysql_fetch_row($row);
//check username
$row1 = mysql_query("SELECT * FROM members WHERE planet='$planet'");
$user1 = mysql_fetch_row($row1);
//check planet
//now check for errors in input
if($password != $password2) {
$error = "Passwords do not match";
exit($error);
} elseif($email == null) {
$error = "You did not enter an e-mail address";
exit($error);
} elseif($username == null) {
$error = "You did not enter a username";
exit($error);
} elseif($planet == null) {
$error = "You did not enter a planet name";
exit($error);
} elseif($title == null) {
$error = "You did not enter a title";
exit($error);
} elseif(strlen($title) > 10) {
$error = "Your title is too long";
exit($error);
} elseif(strlen($planet) > 20) {
$error = "Your planet name is over 20 characters";
exit($error);
} elseif(strlen($planet) < 6) {
$error = "Your planet name is under 6 characters";
exit($error);
} elseif($password == null) {
$error = "You did not enter a password";
exit($error);
} elseif(strlen($username) > 20) {
$error = "Your username is over 20 characters";
exit($error);
} elseif(strlen($username) < 5) {
$error = "Your username is under 5 characters";
exit($error);
} elseif(strlen($password) < 6) {
$error = "Your password must be at least 6 characters";
exit($error);
} elseif(strlen($password) > 20) {
$error = "Your password cannot be longer than 20 characters";
exit($error);
} elseif($confirm != 15) {
$error = "You entered a wrong confirmation number";
exit($error);
} elseif($user != 0) {
$error = "That username is already taken";
exit($error);
} elseif($user1 != 0) {
$error = "That planet name has already been taken";
exit($error);
} else {
$email = trim($_POST['email']);
if(!checkEmail($email)) {
$error = "Invalid email address";
exit($error);
}
$hab = rand(0,3);
if($hab == 0)
$habitat = "Frozen";
elseif($hab == 1)
$habitat = "Molten";
elseif($hab == 2)
$habitat = "Desert";
elseif($hab == 3)
$habitat = "Terran";
$password = md5($password);
//encode password
mysql_query("INSERT INTO members (ip, username, password, email, planet, title, habitat) VALUES ('$ip', '$username', '$password', '$email', '$planet', '$title', '$habitat')");
echo "You have successfully registered. You may now <a href='index.php?id=login'>login</a>.";
mysql_close($con);
}
?>
</p>