Untitled

<?php
$con = mysql_connect('localhost', 'root', '') OR die("Error: ".mysql_error());
mysql_select_db('maplestory', $con) OR die("Error: ".mysql_error());

function protect($string){
    $string = mysql_real_escape_string($string);
    $string = strip_tags($string);
    $string = addslashes($string);
    return $string;
}
if(!$_POST['submit']) {
    echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\" align=\"center\">\n";
    echo "<form method=\"post\" action=\"".$self."\">\n";
    echo "<tr><td colspan=\"2\" align=\"center\" bgcolor=\"#333333\"><font color=\"#ffffff\">Registration</font></td></tr>\n";
    echo "<tr><td>Username:</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
    echo "<tr><td>Password:</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
    echo "<tr><td>Confirm:</td><td><input type=\"password\" name=\"passconf\"></td></tr>\n";
    echo "<tr><td align=\"left\"><input type=\"submit\" name=\"submit\" value=\"Done\"></form></td></tr>\n";
    echo "</form></table>\n";
} else {
    $username = protect($_POST['username']);
    $password = sha1($_POST['password']);
    $confirm = sha1($_POST['passconf']);

    $errors = array();

        if(!$username) {
            $errors[] = "Username is not defined!";
        }

        if(!$password) {
            $errors[] = "Password is not defined!";
        }

        if($password) {
            if(!$confirm) {
                $errors[] = "Confirmation password is not defined!";
            }
        }

        if($username) {
            if(!ctype_alnum($username)) {
                $errors[] = "Username can only contain numbers and letters!";
            }

            $range = range(1,12);
            if(!in_array(strlen($username),$range)) {
                $errors[] = "Username must be between 1 and 12 characters!";
            }
        }

        if($password && $confirm) {
            if($password != $confirm) {
                $errors[] = "Passwords do not match!";
            }
        }

        if($username) {
            $sql = "SELECT * FROM `accounts` WHERE `name`='".$username."'";
            $res = mysql_query($sql) or die(mysql_error());
                if(mysql_num_rows($res) > 0) {
                    $errors[] = "The username you supplied is already in use!";
                }
        }

        if(count($errors) > 0) {
            foreach($errors AS $error) {
                echo $error . "<br>\n";
            }
        } else {
            $sql1 = "INSERT INTO `accounts`
                    (`name`,`password`)
                    VALUES ('".$username."','".$password."')";
            $res4 = mysql_query($sql1) or die(mysql_error());
            echo "<font align=\"center\"><b>You have successfully registered!</b></font>";
        }
}
?>