<?phpinclude("../config.php");session_start();$password = md5($_POST['pass

1. <?php
2. include("../config.php");
3. session_start();
4. $password = md5($_POST['password']);
5. if(!isset($_SESSION["account"]))
6. {
7. $email = htmlspecialchars($_POST['email']);
8. $query = mysql_query("SELECT mail FROM users WHERE mail = '$email' LIMIT 1");
9. if(mysql_num_rows($query) > 0)
10. header("Location: ./index.php?error=email");
11. }
12. else
13. {
14. $account = $_SESSION['account'];
15. $query = mysql_query("SELECT * FROM users WHERE mail = '$account' LIMIT 1");
16. $user = mysql_fetch_array($query);
17. $password = $user['password'];
18. $email = $_SESSION['account'];
19. }
20.  
21. $username = $_POST['username'];
22. $query = mysql_query("SELECT username FROM users WHERE username = '$account' LIMIT 1");
23. if(mysql_num_rows($query) > 0)
24. header("Location: ./index.php?error=username");
25.  
26. if(!preg_match('/^[a-zA-Z0-9._:,-]+$/i', $username))
27. header("Location: ./index.php?error=username");
28. $query = mysql_query("INSERT INTO users (username, password, mail, look, motto, account_created, last_online, ip_last, ip_reg, auth_ticket,credits) VALUES ('".$_POST['username']."', '".$password."', '".$email."', '".$_POST['figure']."', 'Habboon', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['REMOTE_ADDR']."', '', '5000')");
29. mysql_query("UPDATE users SET credits = '5000' WHERE username = '".$username."'");
30. $query = mysql_query("SELECT * FROM users WHERE username = '$username' LIMIT 1");
31. $user = mysql_fetch_array($query);
32. $id = $user['id'];
33. $query = mysql_query("INSERT INTO user_stats (id, RoomVisits, OnlineTime, Respect, RespectGiven, GiftsGiven, GiftsReceived, DailyRespectPoints, DailyPetRespectPoints) VALUES ($id, 0, 0, 0, 0, 0, 0, 3, 3)");
34.  
35. $_SESSION['account'] = $email;
36.  
37. header("Location: ../characters.php");
38. ?>