Untitled

<body style="background-color:black;color:yellow;font-family:verdana;">
<table align=center>
<tr><td>
<form method="post" action="">
<p style="text-align:center;">
</td></tr>
<td>
Username:
</td></tr>
<td>
<input name="username" type="text" maxlength="14" />
</td></tr>
<td>
Password:
</td></tr>
<td>
<input name="password" type="password" maxlength="12" />
<input type="hidden" name="option" value="com_content"/>
<input type="hidden" name="view" value="section"/>
<input type="hidden" name="layout" value="blog"/>
<input type="hidden" name="id" value="id"/>
<input type="hidden" name="Itemid" value="5"/>


</td></tr>

<td align=left width=50%>
Email:
</td></tr>

<td>
<input name="email" type="text" maxlength="255" />
</td></tr><td align="center">
<INPUT TYPE=RADIO NAME="expansion" VALUE="0">Original</td></tr><td>
<INPUT TYPE=RADIO NAME="expansion" VALUE="1">TBC</td></tr><td>
<INPUT TYPE=RADIO NAME="expansion" VALUE="2" CHECKED >WOTLK
</td></tr>
<td>
<button type="submit">Submit</button>
</td></tr></table>
</p>
<p><?php var_dump($_SERVER["SCRIPT_NAME"]); ?></p>
</form>
</body>
</html>

<?php
include("db.conf.php");
function error_s ($text) {
    echo("<p style=\"background-color:black;color:yellow;font-family:verdana;\">" . $text);
    echo("

<a style=\"color:orange;\" href=\"index.php?option=com_content&view=category&layout=blog&id=2&Itemid=5\">Go back...</a></p>");
};

$user_chars = "#[^a-zA-Z0-9_\-]#";
$email_chars = "/^[^0-9][A-z0-9_]+([.][A-z0-9_]+)*[@][A-z0-9_]+([.][A-z0-9_]+)*[.][A-z]{2,4}$/";

$con = @mysql_connect($ip, $user, $pass);
if (!$con) {
    error_s("Unable to connect to database: " . mysql_error());
};

if (!empty($_POST)) {
        if ((empty($_POST["username"]))||(empty($_POST["password"]))||(empty($_POST["email"]))||(empty($_POST["expansion"])) ) {
                error_s("You did not enter all the required information.");
                exit();
        } else {
                $username = strtoupper($_POST["username"]);
                $password = strtoupper($_POST["password"]);
                $email = strtoupper($_POST["email"]);
                $expansion = $_POST["expansion"];
                if (strlen($username) < 5) {
                        error_s("Username too short.");
                        exit();
                };
                if (strlen($username) > 14) {
                        error_s("Username too long.");
                        exit();
                };
                if (strlen($password) < 8) {
                        error_s("Password too short.");
                        exit();
                };
                if (strlen($password) > 12) {
                        error_s("Password too long.");
                        exit();
                };
                if (strlen($email) < 4) {
                        error_s("Email was too short.");
                        exit();
                };
                if (strlen($email) > 255) {
                        error_s("Email was too long.");
                        exit();
                };
                if (preg_match($user_chars,$username)) {
                        error_s("Username contained illegal characters.");
                        exit();
                };
                if (preg_match($user_chars,$password)) {
                        error_s("Password contained illegal characters.");
                        exit();
                };
                if (!preg_match($email_chars,$email)) {
                        error_s("Email was in an incorrect format.");
                        exit();
                };
                $username = mysql_real_escape_string($username);
                $password = mysql_real_escape_string($password);
                $email = mysql_real_escape_string($email);
                $qry = @mysql_query("select username from " . mysql_real_escape_string($r_db) . ".account where username = '" . $username . "'", $con);
                if (!$qry) {
                    error_s("Error querying database: " . mysql_error());
                };
                if ($existing_username = mysql_fetch_assoc($qry)) {
                        foreach ($existing_username as $key => $value) {
                                $existing_username = $value;
                        };
                };
                $existing_username = strtoupper($existing_username);
                if ($existing_username == strtoupper($_POST['username'])) {
                        error_s("That username is already taken.");
                        exit();
                };
                unset($qry);
                $qry = @mysql_query("select email from " . mysql_real_escape_string($r_db) . ".account where email = '" . $email . "'", $con);
                if (!$qry) {
                    error_s("Error querying database: " . mysql_error());
                };
                if ($existing_email = mysql_fetch_assoc($qry)) {
                        foreach ($existing_email as $key => $value) {
                                $existing_email = $value;
                        };
                };
                if ($existing_email == $_POST['email']) {
                        error_s("That email is already in use.");
                        exit();
                };
                unset($qry);
                $sha_pass_hash = sha1(strtoupper($username) . ":" . strtoupper($password));
                $register_sql = "insert into " . mysql_real_escape_string($r_db) . ".account (username, sha_pass_hash, email, expansion) values (upper('" . $username . "'),'" . $sha_pass_hash . "','" . $email . "','" . $expansion . "')";
                $qry = @mysql_query($register_sql, $con);
                if (!$qry) {
                    error_s("Error creating account: " . mysql_error());
                };
                echo("Account successfully created.");
                exit();
        };
} else {
        echo($page);
};

?>