<?php// database info$dbhost = 'localhost';$dbname = 'test';$dbuser = 't

1. <?php
2. // database info
3. $dbhost = 'localhost';
4. $dbname = 'test';
5. $dbuser = 'test';
6. $dbpass = 'zyuZtKnnzwKejQqw';
7.  
8. // data sanitization
9. function sanitize($data)
10. {
11.     // remove whitespaces (not a must though)
12.     $data = @trim($data);
13.  
14.     // apply stripslashes if magic_quotes_gpc is enabled
15.     if(@get_magic_quotes_gpc())
16.         $data = @stripslashes($data);
17.            
18.     // a mySQL connection is required before using this function
19.     $data = @mysql_real_escape_string($data);
20.  
21.     return $data;
22. }
23.  
24. //creates a 3 character sequence
25. function createSalt()
26. {
27.     $string = @md5(uniqid(rand(), true));
28.     return @substr($string, 0, 3);
29. }
30.  
31. //retrieve our data from POST
32. $username = $_POST['username'];
33. $pass1 = $_POST['pwd1'];
34. $pass2 = $_POST['pwd2'];
35.  
36. if( $pass1 != $pass2 )
37.     @header('Location: login.php');
38.  
39. if( @strlen($username) > 8 )
40.     @header('Location: login.php');
41.  
42. if( @strlen($username) < 6 )
43.     @header('Location: login.php');
44.  
45. $hash = @sha1($pass1);
46.  
47. $salt = createSalt();
48.  
49. $hash = @sha1($salt . $hash); // salt hash
50.  
51. // connect to the database
52. $conn = @mysql_connect($dbhost, $dbuser, $dbpass);
53. @mysql_select_db($dbname, $conn);
54.  
55. // sanitize username
56. $username = @substr($username, 0, 8);
57. $username = sanitize($username);
58.  
59. $query = "
60. INSERT INTO `managers` (
61. sec_usr, sec_pwd, salt )
62. VALUES (
63. '$username' , '$hash' , '$salt' );";
64. @mysql_query($query);
65.  
66. @mysql_close();
67.  
68. @header('Location: login.php');
69.  
70. ?>