<?phprequire("db.php");if (isset($_POST['register'])) { $username = $_POST

1. <?php
2. require("db.php");
3. if (isset($_POST['register'])) {
4. $username = $_POST['username'];
5. $email = $_POST['email'];
6. $personName= $_POST['fullname'];
7. $password = $_POST['password'];
8. $position = $_POST['position'];
9. $emailActivation = md5( rand(0,1000) );
10. $theDate = date('Y-m-d');
11. //Strip & Escape User
12. $username = stripslashes($_REQUEST['username']);
13. $username = mysqli_real_escape_string($con,$username);
14. //Strip & Escape email
15. $email = stripslashes($_REQUEST['email']);
16. $email = mysqli_real_escape_string($con,$email);
17. //Strip & Escape PW
18. $password = $_REQUEST['password'];
19. $hashPassword = password_hash($password, PASSWORD_DEFAULT);
20. $personName = $_REQUEST['fullname'];
21. $fullname = mysqli_real_escape_string($con,$personName);
22. $firstLast = explode (" ", $fullname);
23. $firstName = $firstLast[0];
24. $lastName = $firstLast[1];
25. $sql_u = "SELECT username FROM users WHERE username='$username' LIMIT=1";
26. $sql_e = "SELECT email FROM users WHERE email='$email'";
27. $res_u = mysqli_query($con, $sql_u);
28. $res_e = mysqli_query($con, $sql_e);
29. if (mysqli_num_rows($res_u) > 0) {
30. $name_error = "Sorry... username already taken";
31. }
32. else if(mysqli_num_rows($res_e) > 0){
33. $email_error = "Sorry... email already taken";
34. }
35. else{
36. $stmt = $con->prepare("INSERT INTO users (username, email, password, firstName, lastName, position, hash)
37. VALUES (?, ?, ?, ?, ?, ?, ?)") or die (mysqli_error($con));
38. $stmt ->bind_param("ssssssss", $username, $email, $hashPassword,$firstName,$lastName,$position,$emailActivation);
39. //Prepared Execute Goes Here
40. $stmt->execute();
41. $stmt->close();
42. mkdir("../profilePics/" . $username);
43. echo 'You Have Registered Successfully!<br>
44. To Login Go To <a href="login.php">Our Login Page</a>';
45. exit();
46. }
47. }
48. ?>