Untitled

<?php

require_once("config10.php");

session_start();

if(!empty($_POST["security"])){

    if($_SESSION["security"]  != $_POST["security"]) { $errors[] = "Invalid input. Please try again."; }

}

$security = rand(10000, 100000);
$_SESSION["security"] = $security;

if(!empty($_POST["accountname"]) && !empty($_POST["password"]) && !empty($_POST["password2"]) && !empty($_POST["email"]) && $_POST["expansion"] != "" && !empty($_POST["security"])){

    $mysql_connect = mysqli_connect($mysql["host"], $mysql["username"], $mysql["password"]) or die("Unable to connect to the database.");
    mysqli_select_db($mysql_connect, $mysql["realmd"]) or die("Unable to select logon database.");

    $post_accountname = mysqli_real_escape_string($mysql_connect, trim(strtoupper($_POST["accountname"])));
    $post_password = mysqli_real_escape_string($mysql_connect, trim(strtoupper($_POST["password"])));
    $post_password_final = mysqli_real_escape_string($mysql_connect, SHA1("".$post_accountname.":".$post_password.""));
    $post_password2 = trim(strtoupper($_POST["password2"]));
    $post_email = mysqli_real_escape_string($mysql_connect, trim($_POST["email"]));
    $post_expansion = mysqli_real_escape_string($mysql_connect, trim($_POST["expansion"]));

    $check_account_query = mysqli_query($mysql_connect, "SELECT COUNT(*) FROM account WHERE username = '".$post_accountname."'");
    $check_account_results = mysqli_fetch_array($check_account_query);
    if($check_account_results[0]!=0){ $errors[] = "The requested account name is already in use. Please try again."; }

    if(strlen($post_accountname) < 3) { $errors[] = "The requested account name is to short. Please try again."; }
    if(strlen($post_accountname) > 32) { $errors[] = "The requested account name is to long. Please try again."; }
    if(strlen($post_password) < 6) { $errors[] = "The requested password is to short. Please try again."; }
    if(strlen($post_password) > 32) { $errors[] = "The requested password is to long. Please try again."; }
    if(strlen($post_email) > 64) { $errors[] = "The requested e-mail address is to long. Please try again."; }
    if(strlen($post_email) < 8) { $errors[] = "The requested e-mail address is to short. Please try again."; }
    if(!ereg("^[0-9a-zA-Z%]+$", $post_accountname)) { $errors[] = "Your account name can only contain letters or numbers. Please try again."; }
    if(!ereg("^[0-9a-zA-Z%]+$", $post_password)) { $errors[] = "Your password can only contain letters or numbers. Please try again."; }
    if(!ereg("^[0-2%]+$", $post_expansion)) { $errors[] = "Invalid input. Please try again."; }
    if(strlen($post_expansion) > 1) { $errors[] = "Invalid input. Please try again."; }
    if($post_accountname == $post_password) { $errors[] = "The passwords do not match. Please try again."; }
    if($post_password != $post_password2) { $errors[] = "The passwords do not match. Please try again."; }

    if(!is_array($errors)){

        mysqli_query($mysql_connect, "INSERT INTO account (username, sha_pass_hash, email, last_ip, expansion) VALUES ('".$post_accountname."', '".$post_password_final."', '".$post_email."', '".$_SERVER["REMOTE_ADDR"]."', '".$post_expansion."')") or die(mysqli_error($mysql_connect));

    $errors[] = 'You have successfully created the account: <font color="yellow">'.$post_accountname.'</font>.';

    }

    mysqli_close($mysql_connect);

}

function error_msg(){

    global $errors;

    if(is_array($errors)){

        foreach($errors as $msg){

            echo '<div class="errors">'.$msg.'</div>';

        }

    }

}

?>