Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $username = mysql_real_escape_string( $username ); //Sql injection prevention
- $existance = mysql_query("SELECT username FROM users WHERE username = '" . $username . "'");
- if( !$existance ){
- $query = "INSERT into `users` (username, password, email, trn_date) VALUES ('$username', '".md5($password)."', '$email', '$trn_date')";
- $result = mysql_query( $query );
- if ( $result ) {
- echo "<div class='form'><h3>You are registered successfully.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
- }
- else{
- //unsuccessful insertion
- }
- } else {
- //the user existed already, choose another username
- }
- ?>
- <?php
- $errorMessage = "";
- function quote_smart($value, $handle) {
- if (get_magic_quotes_gpc()) {
- $value = stripslashes($value);
- }
- if (!is_numeric($value)) {
- $value = "'" . mysql_real_escape_string($value, $handle) . "'";
- }
- return $value;
- }
- $email = $_POST['email'];
- $password = $_POST['password'];
- $username = $_POST['username'];
- $email1 = $_POST['email'];
- $username1 = $_POST['username'];
- $password1 = $_POST['password'];
- $email = htmlspecialchars($email);
- $password = htmlspecialchars($password);
- $username = htmlspecialchars($username);
- $connect = mysql_connect("localhost","DBuser", "DBpassword");
- if (!$connect) {
- die(mysql_error());
- }
- mysql_select_db("DBName");
- $results = mysql_query("SELECT * FROM users WHERE username = '$username'");
- while($row = mysql_fetch_array($results)) {
- $kudots = $row['username']; }
- if ($kudots != ""){
- $errorMessage = "Username Already Taken";
- $doNothing = 1;
- }
- $result = mysql_query("SELECT * FROM users WHERE email = '$email'");
- while($row2 = mysql_fetch_array($results)) {
- $kudots2 = $row2['email']; }
- if ($kudots2 != ""){
- $errorMessage = "Email Already in use";
- $doNothing = 1;
- }
- //test to see if $errorMessage is blank
- //if it is, then we can go ahead with the rest of the code
- //if it's not, we can display the error
- if ($errorMessage == "") {
- $user_name = "DBUsername";
- $pass_word = "DBPassword";
- $database = "DBName";
- $server = "localhost";
- $db_handle = mysql_connect($server, $user_name, $pass_word);
- $db_found = mysql_select_db($database, $db_handle);
- if ($db_found) {
- $email = quote_smart($email, $db_handle);
- $password = quote_smart($password, $db_handle);
- $username = quote_smart($username, $db_handle);
- if ($username1 == ""){
- $errorMessage = "You need a username";
- }
- if ($password1 == ""){
- $errorMessage = $errorMessage . "<br>You need a password.";
- }
- if (!(isset($_POST['email']))){
- $errorMessage = $errorMessage . "<br>You need an email.";
- }
- $SQL = "SELECT * FROM users WHERE email = $email";
- $result = mysql_query($SQL);
- $num_rows = mysql_num_rows($result);
- if ($num_rows > 0) {
- $errorMessage = "email already exists";
- $doNothing = 1;
- }
- if ($errorMessage == "") {
- $SQL = "INSERT INTO users (email, username, password) VALUES ($email, $username, $password)";
- $result = mysql_query($SQL);
- mysql_close($db_handle);
- //=================================================================================
- // START THE SESSION AND PUT SOMETHING INTO THE SESSION VARIABLE CALLED login
- // SEND USER TO A DIFFERENT PAGE AFTER SIGN UP
- //=================================================================================
- session_start();
- $_SESSION['email'] = "$email1";
- $_SESSION['password'] = "$password1";
- header ("Location: myaccount.php");
- else {
- $errorMessage = "Database Not Found";
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
