<?phpinclude ('connect/connect.php');echo ($dbhost);//connect to MySQL o

1. <?php
2. include ('connect/connect.php');
3.  
4. echo ($dbhost);
5. //connect to MySQL or return an error
6. $conn = mysql_connect($dbhost, $dbuser, $dbpass)
7. or die('Could not connect: ' . mysql_error());
8.  
9. //set database name
10. $dbname = "l2jdb";
11.  
12. //select database or return an error
13. $dbselect = mysql_select_db("$dbname")
14. or die ('Could not select database');
15.  
16. //get username and password info from the form, protecting against SQL injection
17. $pass = mysql_real_escape_string($_POST["pass"]);
18. $confirm = mysql_real_escape_string($_POST["confirm"]);
19. $user = mysql_real_escape_string($_POST["name"]);
20.  
21. //validate user input
22. if(!preg_match('/^[a-zA-Z0-9]{5,20}$/',$user)) {
23. die ('Error: Usernames can only contain alphanumeric characters and must be between 5 and 20 characters in length.');
24. }
25.  
26. if(!preg_match('/^[a-zA-Z0-9]{5,20}$/',$pass)) {
27. die('Error: Passwords can only contain alphanumeric characters and must be between 5 and 20 characters in length.');
28. }
29.  
30. if($pass != $confirm) {
31. die('Error: Passwords do not match.');
32. }
33.  
34. //make sure user doesn't already exist and if it doesn't, add new record to the database
35. $result = mysql_query("SELECT login FROM accounts WHERE login='$user'");
36.  
37. if(mysql_num_rows($result)>0) {
38. die ('Error: Username already exists.');
39. }else{
40. mysql_query("INSERT INTO accounts (login, password, accessLevel) VALUES ('".$_POST['name']."', '".base64_encode(pack('H*', sha1($_POST['pass'])))."', 0)")
41. or die ('Error: ' . mysql_error());
42. }
43.  
44. //report successful registration
45. echo "Account created successfully.";
46.  
47. //close MySQL connection
48. mysql_close();
49.  
50. ?>