YA: Simple Form Processing of Reg with Upload

<?php
/*    Simple functions to save typing    */
function postVal($name){ // Grabs the $_POST value and cleans it up
    $v = (isset($_POST[$name]))? trim($_POST[$name]): '';
    return (get_magic_quotes_gpc())? stripslashes($v) : $v;
}
function mres($v){ // Annonymouse function for mysqli_real_escape_string();
    Global $dbc;
    return mysqli_real_escape_string($dbc, $v);
}
function mres_pv($name){
    return mres(postVal($name));
}


require_once('appvars.php');
require_once('connectvars.php');


/*    FORM    */
$form = '
  <hr />
      <form enctype="multipart/form-data" method="post" action="' . $_SERVER['PHP_SELF'] . '">
    <input type="hidden" name="MAX_FILE_SIZE" value="' . GW_MAXFILESIZE . '" />


     <label for="username">Username:</label>
      <input type="text" name="username" value="' . postVal('username') . '" /><br />
      <label for="password1">Password:</label>
      <input type="password" name="password1" /><br />
      <label for="password2">Password (retype):</label>
      <input type="password" name="password2" /><br />
      <label for="email">E-mail Address:</label>
      <input type="text" name="email" value="' . postVal('email') . '" /><br />


      <label for="first_name">First Name:</label>
      <input type="text" id="first_name" name="first_name" value="' . postVal('first_name') . '" /></br>


      <label for="last_name">Last Name:</label>
      <input type="text" id="last_name" name="last_name" value="' . postVal('last_name') . '" /><br />


      <label for="gender">Gender:</label>
      <select name="gender">
          <option value="Male">Male</option>
          <option value="Female">Female</option>
      </select>  </br>
      <label for="dobdate">Date of Birth:</label>
      <select name="dobdate">
';
for($i=1;$i<=31;++$i){
    $form .= '            <option value="' . $i . '">' . $i . '</option>' . PHP_EOL;
}
$form .= '
        </select>

      <label for="dobmonth"></label>
      <select name="dobmonth">
        <option value="" selected="selected">---</option>
';
foreach(Array("JANUARY","FEBRUARY","MARCH","APRIL","MAY","JUNE","JULY","AUGUST","SEPTEMBER","OCTOBER","NOVEMBER","DECEMBER") as $month){
    $form .= '            <option value="' . $month . '">' . $month . '</option>' . PHP_EOL;
}
$form .= '
      </select>


      <label for="dobyear"></label>
      <select name="dobyear">

      <option selected="selected" value="">-----</option>
';
foreach(range(1921,1993) as $year){
    $form .= '            <option value="' . $year . '">' . $year . '</option>' . PHP_EOL;
}

$form .= '
      </select>
      </br>


      <label for="location">Location:</label>
      <select name="location">
      <option selected="selected" value="">---</option>
';

$locations = Array('Albenia','Iran','India');
foreach($locations as $local){
    $form .= '         <option value="' . $local . '">' . $local . '</option>';
}

$form .= '
      </select>
      </br>

      <label for="about_text">About Me:</label>
      <input type="text" id="about_text" name="about_text" value="' . postVal('about_text') . '" /><br />

<label for="screenshot">Screen shot:</label>
    <input type="file" id="screenshot" name="screenshot" /><br />

    <hr />
    <input type="submit" value="Add" name="submit" />
  </form>
';


if( isset( $_POST['submit']) ){
    // Grab the score data from the POST
    // Grab the profile data from the POST
    // Rememeber: All user input data is always possibly dangerous, always sanitize it. Even <select> values can be altered.
    $username = mres_pv('username');
    $password1 = $_POST['password1'];
    $password2 = $_POST['password2'];

    $f = $_FILES['screenshot'];
    $screenshot = mysqli_real_escape_string($dbc, trim($f['name']));
    $screenshot_type = $f['type'];
    $screenshot_size = $f['size'];
    $upload_error = $f['error']; // Should be 0, if there's no upload error.

    // Error Checking
    $errors = Array(); // Will hold the error messages.

    // Required Entries
    if(empty($username) || empty($passsword1)){
        $errors[] = "Username and Password are required entries.";
    }

    // Check for existing username
    $stmt = "SELECT username FROM userinfo WHERE username='{$username}' LIMIT 1";
    $result = mysqli_query($dbc, $stmt);
    if( mysqli_num_rows($result) > 0){
        $errors[] = "Username is already Registered, please select another";
    }

    // Check for passwords match
    if( $password1 !== $password2){
        $errors[] = 'Passwords do not match.';
    }

    // Check for an upload error
    if( $upload_error !== UPLOAD_ERR_OK){ // PHP CONSTANT
        $uploadErrorMsgs = Array(
            1 => 'The selected file exceeds the allowable Server file size. Please select an alternate file. (' . GW_MAXFILESIZE . ' bytes)',
            2 => 'The selected file exceeds the allowable Upload file size. Please select an alternate file. (' . GW_MAXFILESIZE . ' bytes)',
            3 => 'Upload connection was interuppted or dropped. Please try again.',
            4 => 'Please select a file to upload.',
            6 => 'Internal Server Error (#UP606). Please inform site Admin and please try again later.', // Internal Operations Error
            7 => 'Internal Server Error (#UP707). Please inform site Admin and please try again.', // Internal Server Error
            8 => 'Internal Server Error (#UP808). Please inform site Admin and please try again later.' // PHP Extension Library stopped the upload.
        );
        $errors[] = $uploadErrorMsgs[(int)$upload_error];
    }

    // Check for allowed file types.
    $allowedFileTypes = Array( 'image/gif','image/jpeg','image/pjpeg','image/jpg','image/png');
    if( !in_array($screenshot_type, $allowedFileTypes)){
        $errors[] = 'Image type in not allowed. Only gif, jpeg and png images are allowed.';
    }

    // Error Checks Done

    // Check to see if any errors occurred.
    if( count( $errors ) === 0){
        // All Good, continue form processing

        // Move Uploaded File
        $target = GW_UPLOADPATH . $screenshot;
        if(!move_uploaded_file($f['tmp_name'], $target) ){
            die('Internal Server Error. Please try again later. #UP1011');
        }

        $userData = Array(
            'date' => date('Y-m-d H:i:s', time()),
            'user_name' => $username,
            'password' => sha1($password1),
            'email' => mres_pv('email'),
            'first_name' => mres_pv('first_name'),
            'last_name' => mres_pv('last_name'),
            'gender' => mres_pv('gender'),
            'dob_date' => mres_pv('dobdate'),
            'dob_month' => mres_pv('dobmonth'),
            'dob_year' => mres_pv('dobyear'),
            'location' => mres_pv('location'),
            'about_me' => mres_pv('about_text'),
            'screenshot' => $screenshot
        );
        $stmt = "INSERT INTO userinfo(" . implode(',', array_keys($userData)) . ") VALUES('" . implode("','", $userData) . "')";
        if(mysqli_query($dbc, $stmt)){
            $message = '<p>Your new account has been successfully created. You\'re now ready to <a href="login.php">log in</a>.</p>';
        }else{
            $message = '<p>Internal Server Error. Please Try Again Later.</p>';
        }
        mysqli_close($dbc);
    }else{
        $message = "<p>Form errors encountered. Please correct before continueing.<br>";
        foreach($errors as $msg){
            $message .= '• ' . $msg . '<br>';
        }
        $message .= '</p><br>' . $form;
    }
}else{
    $message = $form;
}

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://cosmicpals.net/signup5.php">
<html xmlns="http://cosmicpals.net/signup5.php" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Guitar Wars - Add Your High Score</title>
  <link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
  <h2>Guitar Wars - Add Your High Score</h2>
    <?php echo $message; ?>
</body>
</html>