Untitled

<?php
require './conn/connect.php';

//connect to MySQL or return an error
$conn = @mysql_connect($dbhost, $dbuser, $dbpass)
or die('Could not connect , Try it later ...');

//set database name
$dbname = "l2jdb";

//select database or return an error
$dbselect = mysql_select_db("$dbname")
or die ('Could not select database , Try it later ...');

//get username and password info from the form, protecting against SQL injection
$pass = mysql_real_escape_string($_POST["pass"]);
$confirm = mysql_real_escape_string($_POST["confirm"]);
$user = mysql_real_escape_string($_POST["name"]);
$email = mysql_real_escape_string($_POST["mail"]);

if($_POST['submit'])
{
    if( trim($pass) != "" && trim($confirm) != "" && trim($user) != "" && trim($email) != "" )
    {
        //validate user input
        if(!preg_match('/^[a-zA-Z0-9]{5,14}$/',$user) && preg_match('/^[a-zA-Z0-9]{5,20}$/',$pass) && preg_match('/^[a-zA-Z0-9]{5,30}$/',$email))
        {
            header("Location: account-2.html");
            die();
            //die ('Usernames can only contain alphanumeric characters and must be between 5 and 20 characters in length.');
        }
        else if(!preg_match('/^[a-zA-Z0-9]{5,20}$/',$pass) && preg_match('/^[a-zA-Z0-9]{5,14}$/',$user) && preg_match('/^[a-zA-Z0-9]{5,30}$/',$email))
        {
            header("Location: account-3.html");
            die();
            //die('Passwords can only contain alphanumeric characters and must be between 5 and 20 characters in length.');
        }
        else if(!preg_match('/^{5,30}$/',$email) && preg_match('/^[a-zA-Z0-9]{5,20}$/',$pass) && preg_match('/^[a-zA-Z0-9]{5,20}$/',$user))
        {
            header("Location: account-4.html");
            die();
            //die('Passwords can only contain alphanumeric characters and must be between 5 and 20 characters in length.');
        }
        else if($pass != $confirm)
        {
            header("Location: account-5.html");
            die();
        }
        else
        {
            //make sure user doesn't already exist and if it doesn't, add new record to the database
            $result = mysql_query("SELECT login FROM accounts WHERE login='$user'");
            $mailresult = mysql_query("SELECT email FROM account_email WHERE email='$email'");

            if(mysql_num_rows($result)>0 || mysql_num_rows($mailresult)>0)
            {
                header("Location: account-6.html");
                die();
                //die ('Username already exists.');
            }
            else
            {
                mysql_query("INSERT INTO accounts (login, password, accessLevel) VALUES ('".$_POST['name']."', '".base64_encode(pack('H*', sha1($_POST['pass'])))."', 0)");
                mysql_query("INSERT INTO account_email (login, email) VALUES ('".$_POST['name']."', '".$_POST['mail']."')")
                or die("Error");
            }

                //report successful registration
                //header("Location: account-5.html");
            header ("Location: account-7.html");

            //close MySQL connection
            mysql_close();
        }
    }
    else
    {
        header ("Location: account-1.html");
        exit();
    }
}
else
{
    echo "Account Manager for Lineage 2 Avocado<br>Leave This Page :)";
    //close MySQL connection
    mysql_close();
}
?>