Untitled

<?php
session_start();
include("../config.php");
if($_POST['register']){
$checkemail = mysql_query("SELECT mail FROM users WHERE mail ='".$_POST[email]."'");
$email_exist = mysql_num_rows($checkemail);
if($_POST['email'] == ""){
header("location: ./start.php?error=email");
}elseif($email_exist > 0){
header("location: ./start.php?error=emailexist");
}elseif($_POST['password'] == ""){
header("location: ./start.php?error=password&email=".$_POST[email]."");
}elseif($_POST['secretquestion'] == ""){
header("location: ./start.php?error=secretquestion&email=".$_POST[email]."");
}elseif($_POST['bdday'] == "" or $_POST['bdmonth'] == "" or $_POST['bdyear'] == ""){
header("location: ./start.php?error=birthday&email=".$_POST[email]."");
}
}elseif($_POST['register2']){
$checkuser = mysql_query("SELECT username FROM users WHERE username ='".$_POST[username]."'");
$user_exist = mysql_num_rows($checkuser);
if($_POST['username'] == ""){
header("location: ./look.php?error=username&email=".$_POST['email']."&bdday=".$_POST['bdday']."&bdmonth=".$_POST['bdmonth']."&bdyear=".$_POST['bdday']."&figure=".$_POST['figure']."&secretquestion=".$_POST['secretquestion']."&referid=".$_POST['referid']."");
}elseif(!preg_match('/^[a-zA-Z0-9._:,-]+$/i', $_POST['username'])){
header("location: ./look.php?error=invalidusername&email=".$_POST['email']."&bdday=".$_POST['bdday']."&bdmonth=".$_POST['bdmonth']."&bdyear=".$_POST['bdday']."&figure=".$_POST['figure']."&secretquestion=".$_POST['secretquestion']."&referid=".$_POST['referid']."");
}elseif($user_exist > 0){
header("location: ./look.php?error=usernameexist&email=".$_POST['email']."&bdday=".$_POST['bdday']."&bdmonth=".$_POST['bdmonth']."&bdyear=".$_POST['bdday']."&figure=".$_POST['figure']."&secretquestion=".$_POST['secretquestion']."&referid=".$_POST['referid']."");
}else{
if($_POST['referid'] != ""){
$checkip = mysql_query("SELECT ip_last FROM users WHERE ip_last = '".$_SERVER['REMOTE_ADDR']."'") or die(mysql_error());
$checkip_exist = mysql_num_rows($checkip);
$checkrefer = mysql_query("SELECT ip FROM user_refers WHERE ip = '".$_SERVER['REMOTE_ADDR']."'") or die(mysql_error());
$checkrefer_exist = mysql_num_rows($checkip);
if($checkip_exist == "0" && $checkrefer_exist == "0"){
$reqpoints = mysql_query("SELECT * FROM users WHERE id = '".$_POST['referid']."'");
$pointss = mysql_fetch_array($reqpoints);
$sumarpuntos = $pointss['points']+1;
mysql_query("UPDATE users SET points = '".$sumarpuntos."' WHERE id = '".$_POST['referid']."'");
mysql_query("INSERT INTO user_refers (ip,username,refered,date) VALUES ('".$_SERVER['REMOTE_ADDR']."','".$_POST['username']."','".$pointss['username']."','".time()."')") or die(mysql_error());
}
}
$password = md5($_POST['password']);
$cumple= date("d-m-Y", strtotime("".$_POST['bdday']."-".$_POST['bdmonth']."-".$_POST['bdyear'].""));
$variable_1 = mysql_real_escape_string($_POST['username']);
$variable_2 = mysql_real_escape_string($password);
$variable_3 = mysql_real_escape_string($_POST['email']);
$variable_4 = mysql_real_escape_string($_POST['figure']);
$variable_5 = mysql_real_escape_string($_POST['secretquestion']);
$variable_6 = mysql_real_escape_string($cumple);

$query = mysql_query("INSERT INTO users (username, password, mail, look, motto, account_created, last_online, ip_last, ip_reg, auth_ticket, secretquestion, birthday) VALUES ('".$variable_1."', '".$variable_2."', '".$variable_3."', '".$variable_4."', 'Nuevo en ciudadpixel', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['REMOTE_ADDR']."', '','".$variable_5."','".$variable_6."')");
$query = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."' LIMIT 1");
$user = mysql_fetch_array($query);
$id = $user['id'];
$query = mysql_query("INSERT INTO user_stats (id, RoomVisits, OnlineTime, Respect, RespectGiven, GiftsGiven, GiftsReceived, DailyRespectPoints, DailyPetRespectPoints) VALUES ($id, 0, 0, 0, 0, 0, 0, 3, 3)");
$_SESSION['account'] = $_POST['email'];
header("Location: ../avatars.php");
}
}else{
header("location: start.php");
}
?>