Untitled

<?php
include("db.php");
error_reporting(E_ALL);
$error = "";
if(isset($_POST['submit'])){


	//$sent = $_POST['sent'];
	$username = mysql_real_escape_string($_POST['username']);
	$pass = mysql_real_escape_string($_POST['pass']);
	$pass2 = mysql_real_escape_string($_POST['pass2']);
	$email = mysql_real_escape_string($_POST['email']);
if(isset($_COOKIE['reff']))
{
$reff = mysql_real_escape_string($_COOKIE['reff']);
}else{
$reff = "admin";
}
	$user_ip = $_SERVER['REMOTE_ADDR'];
	if($pass == $pass2){
		$pass = md5($pass);
		mysql_query("INSERT INTO users (username, password, email, user_ip, referral) VALUES ('$username', '$pass', '$email','$user_ip','$reff')")or die( mysql_error());
		header("location: login.php");
	}
	else{
	$error = "<center><strong>Passwords Don't Match</strong></center>";
	}
}
else{
	if ($error == ""){
	}
	else{
		echo "<div align='center'>";
		echo "<table class='Error' border='1'>";
		echo "<tr></tr>";
		echo "<td align='left'>Error: <strong>$error</strong></td>";
		echo "<tr></tr>";
		echo "</table>";
		echo "</div>";
	}
}
include("head.php");?>
<div align="center">
<table id="register" boder="1">
<form action="" method="POST">
<?php //<input type="hidden" name="sent" id="sent" value="1">?>

<th align="center">Register For Free<th>
<tr></tr>
<td align="right"><label>Username :</label><input type="text" name="username" id="username"></td>
<tr></tr>
<td align="right"><label>Password :</label><input type="password" name="pass" id="pass"></td>
<tr></tr>
<td align="right"><label>Retype Password :</label><input type="password" name="pass2" id="pass2"></td>
<tr></tr>
<td align="right"><label>Email :</label><input type="text" name="email" id="email"></td>
<tr></tr>
<td align="center"><input type="submit" name="submit" value="Register"></td>
<tr></tr>
</form>
</table>
<div>