<?phprequire_once dir(__FILE__) . '/../db.php';//get username and passwo

1. <?php
2.  
3. require_once dir(__FILE__) . '/../db.php';
4.  
5. //get username and password info from the form, protecting against SQL injection
6. $pass = mysql_real_escape_string($_POST["pass"]);
7. $confirm = mysql_real_escape_string($_POST["confirm"]);
8. $user = mysql_real_escape_string($_POST["name"]);
9.  
10. //validate user input
11. if(!preg_match('/^[a-zA-Z0-9]{5,20}$/',$user)) {
12. die ('Error: Usernames can only contain alphanumeric characters and must be between 5 and 20 characters in length.');
13. }
14.  
15. if(!preg_match('/^[a-zA-Z0-9]{5,20}$/',$pass)) {
16. die('Error: Passwords can only contain alphanumeric characters and must be between 5 and 20 characters in length.');
17. }
18.  
19. if($pass != $confirm) {
20. die('Error: Passwords do not match.');
21. }
22.  
23. //make sure user doesn't already exist and if it doesn't, add new record to the database
24. $result = mysql_query("SELECT login FROM accounts WHERE login='$user'");
25.  
26. if(mysql_num_rows($result)>0) {
27. die ('Error: Username already exists.');
28. }else{
29. mysql_query("INSERT INTO accounts (login, password, accessLevel) VALUES ('".$_POST['name']."', '".base64_encode(pack('H*', sha1($_POST['pass'])))."', 0)")
30. or die ('Error: ' . mysql_error());
31. }
32.  
33. //report successful registration
34. echo "Account created successfully.";
35.  
36. //close MySQL connection
37. mysql_close();
38.  
39. ?>