Untitled

<?php
	session_start();

	if( isset($_SESSION['user'])!="" ){
		header("Location: home.php");
	}
	include_once 'dbconnect.php';
	include_once 'serial.php';

	$error = false;
	if ( isset($_POST['btn-signup']) ) {

		// clean user inputs to prevent sql injections
		$captcha = trim($_POST['captcha']);
		$captcha = strip_tags($captcha);
		$captcha = htmlspecialchars($captcha);

		$name = trim($_POST['name']);
		$name = strip_tags($name);
		$name = htmlspecialchars($name);
		$name = mysql_real_escape_string($name);

		$pass = trim($_POST['pass']);
		$pass = strip_tags($pass);
		$pass = htmlspecialchars($pass);
		$pass = mysql_real_escape_string($pass);

		//basic captcha validation
		if (empty($captcha)) {
			$error = true;
			$captchaError = "Please enter captcha";
			} else if ($_POST['captcha'] != $_SESSION['captcha']) {
			$error = true;
			$captchaError = "Please enter correct captcha";
		}

		// basic name validation
		if (empty($name)) {
			$error = true;
			$nameError = "Please enter your name.";
			} else if (strlen($name) < 3 or strlen($name) > 15 ) {
			$error = true;
			$nameError = "Name must have atleat 3 characters.";
			} else if (!preg_match("/^[a-zA-Z0-9]+$/",$name)) {
			$error = true;
			$nameError = "Name must contain alphabets, numbers and space.";
		}

		// repeated name validation
		$sql = "SELECT * FROM users where userName= :username";
		$select = $db->prepare($sql);
		$select->bindValue(':username', $name, PDO::PARAM_STR);
		$select->execute();

		if( $select->rowCount() > 0 ) {
			$error = true;
			$nameError = "Name already exist!";
		}

		// password validation
		if (empty($pass)){
			$error = true;
			$passError = "Please enter password.";
			} else if(strlen($pass) < 6) {
			$error = true;
			$passError = "Password must have atleast 6 characters.";
		}

		// password encryption
		$cost = 'xx';
		$salt = substr(strtr(base64_encode(openssl_random_pseudo_bytes(22)), '+', '.'), 0, 22);
		$password = crypt($pass, '$2a$' . $cost . '$' . $salt . '$');

		// if there's no error, continue to signup
		if( !$error ) {
			$sql = "INSERT INTO users(userName,userPass,userCode) VALUES(:username, :userpass, :usercode)";
			$statement = $db->prepare($sql);
			$statement->bindValue(':username', $name, PDO::PARAM_STR);
			$statement->bindValue(':userpass', $password, PDO::PARAM_STR);
			$statement->bindValue(':usercode', $serial, PDO::PARAM_STR);
			$res = $statement->execute();

			if ($res) {

				// create a purchase register table
				$sql = "SELECT userId FROM users WHERE userName = :username";
				$select = $db->prepare($sql);
				$select->bindValue(':username', $name, PDO::PARAM_STR);
				$select->execute();
				$response = $select->fetch();
				$userid = $response['userId'];
				$sql = "INSERT INTO purchases(userId,purchases) VALUES(:userid, :purchases)";
				$statement = $db->prepare($sql);
				$statement->bindValue(':userid', $userid, PDO::PARAM_INT);
				$statement->bindValue(':purchases', "", PDO::PARAM_STR);
				$statement->execute();
				$errTyp = "success";
				$errMSG = "Successfully registered!";
				unset($name);
				unset($email);
				unset($pass);
				} else {
				$errTyp = "danger";
				$errMSG = "Something went wrong!";
			}
		}
	}
?>
<!DOCTYPE html>
<html>
	<head>
		<meta http-equiv="pragma" content="no-cache">
		<title>ALL FREE</title>
		<link rel="icon" href="fav.png" type="image/x-icon"/>
		<link rel="shortcut icon" href="fav.png" type="image/x-icon"/>
		<link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css"  />
		<link rel="stylesheet" href="assets/css/style.css" type="text/css" />
	</head>
	<body>

		<?php include 'navbar.php';?>

		<div class="container1">

			<div class="primback">

				<div class="adminpanel">

					<center><h1>Welcome to US</h1></center><br>

				</div>

				<?php include 'products.php';?>

			</div>
			<div class="formback">
				<div id="login-form">
					<form name="register" method="post" action="index.php" autocomplete="off">

						<div class="col-md-12">

							<div class="form-group">
								<center><h2 class="">Register</h2></center>
							</div>

							<div class="form-group">
								<hr />
							</div>

							<?php
								if ( isset($errMSG) ) {

								?>
								<div class="form-group">
									<div class="alert alert-<?php echo ($errTyp=="success") ? "success" : $errTyp; ?>">
										<span class="glyphicon glyphicon-info-sign"></span> <?php echo "Save account recovery code: <br>", $serial; ?>
									</div>
								</div>
								<?php
								}
							?>

							<div class="form-group">
								<div class="input-group">
									<span class="input-group-addon"><span class="glyphicon glyphicon-user"></span></span>
									<input value="" type="text" name="name" class="form-control" placeholder="Enter Name" maxlength="15" value="<?php echo $name ?>" />
								</div>
								<span class="text-danger"><?php echo $nameError; ?></span>
							</div>

							<div class="form-group">
								<div class="input-group">
									<span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
									<input type="password" name="pass" class="form-control" placeholder="Enter Password" maxlength="32" />
								</div>
								<span class="text-danger"><?php echo $passError; ?></span>
							</div>

							<div class="form-group">
								<div class="input-group">
								<span class="input-group-addon" id="basic-addon1"><img src="captcha.php" /></a></span>
								<input type="text" name="captcha" class="form-control" placeholder="Enter Captcha" maxlength="5" />
							</div>
							<span class="text-danger"><?php echo $captchaError; ?></span>
						</div>

						<div class="form-group">
							<button type="submit" class="btn btn-block btn-primary" name="btn-signup">Sign Up</button>
						</div>

						<div class="form-group">
							<hr />
						</div>

						<div class="form-group">
							<a href="login.php">Login Here...</a>
						</div>

					</div>

				</form>
			</div>
		</div>
	</body>
</html>