Untitled

<?php

//Get values passed from POST method
$username = $_POST['user'];
$password= $_POST['pass'];
$email= $_POST['email'];

//to prevent mysql injection
$username = stripcslashes($username);
$password = stripcslashes($password);
$email = stripcslashes($email);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$email = mysql_real_escape_string($email);

//connect to the database
$con = mysqli_connect("localhost", "root", "", "DB_Parasitica");
//mysql_select_db("DB_Parasitica");

if($_POST["login"]) {
//Query the database for user
$result = mysql_query("select * from accounts where username = '$username' and password = '$password'") or die("Failed to query database ".mysql_error());
$row = mysql_fetch_array($result);
if ($row['username'] == $username && $row['password'] == $password ){
	echo " Login success!!!  Welcome ".$row['username'];
	} else {
		echo "Failed to login...";
	}
}

if($_POST["register"] {
$sql = "INSERT INTO accounts (id, username, password, salt, email, active, subdays, lastlogin, failedattempts, created) VALUES ("", $username, $password, "", $email, "", "", "", "", "")";

if (mysqli_query($sql) {
	echo "New account registered successfully!";
} else {
	echo "failed to register " .mysqli_error();
}


}

mysqli_close($con);
?>