Untitled

        <form name=form1 action="index.php" method="POST">
            <p>
              <input type="hidden" name="register" value="true">
              <input type="text" name="username" class="tb11" value="Username"  onclick="if(this.value==\'Username\'){this.value=\'\'};"><br><br>
              <input type="password" name="password" class="tb11" value="Password" onClick="if(this.value==\'Password\'){this.value=\'\'};"><br><br>
              <input type="password" name="password2" class="tb11" value="Password" onClick="if(this.value==\'Password\'){this.value=\'\'};"><br><br>
              <input type="text" name="referer" class="tb11" value="Referer" onClick="if(this.value==\'Referer\'){this.value=\'\'};">
              <br><br><select name="location" class="tb11">
                <option selected>Location</option>
                <option>Europe</option>
                <option>North America</option>
                <option>South America</option>
                <option>Asia</option>
                <option>Australia</option>
                <option>Africa</option>
              </select>
              <br>
              <br>
              <input type="text" name="email" class="tb11" value="Email" onClick="if(this.value==\'Email\'){this.value=\'\'};"><br<br><center>
              <input type="submit" class="mmmm" name="submit" value="Enter Hotel">
          </p>
        </form><br> <?php
    } else if (array_key_exists('register', $_REQUEST) && array_key_exists('username', $_REQUEST)) {
        $username = $_REQUEST['username'];
        $password = $_REQUEST['password'];
        $password2 = $_REQUEST['password2'];
        $email = mysql_real_escape_string($_REQUEST['email']);
        $ip = $_SERVER['REMOTE_ADDR'];
        $location = $_REQUEST['location'];
        $referer = $_REQUEST['referer'];

        if(empty($username) || empty($password) || empty($email)) error_redirect("Please fill in all the fields");
        if(!preg_match("~^[\d|,_.A-Za-z]+$~", $_POST['username']) || strlen($_POST['username']) > 12 || strlen($_POST['username']) < 3 || strpos(strtolower($_POST['username']), "MOD-") || strpos(strtolower($_POST['username']), "ADMIN-")) error_redirect("Invaild username", true);
        if(!preg_match("~^[\d|,_.A-Za-z@-]+$~", $_POST['email']) || !strpos($_POST['email'], '@')) error_redirect("Please type in a vaild email");
        if(!valid("username", $username)) error_redirect("Invalid username. Only Characters A - Z, a - z, . - # $ and Numbers are allowed", true);
        if(!valid("password", $password)) error_redirect("Invalid password. Only letters and numbers are allowed", true);
        if($password != $password2) { error_redirect("Password do not match", true); }

        $password = md5(sha1($password));
            if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='$username'")) == 0) {
                mysql_query("INSERT INTO users (username, real_name, password, mail, credits, ip_last, ip_reg)
                                        VALUES ('$username', $location, '$password', '$email', '25', '$ip', '$ip')");
                                        error_redirect("Registration Complete");