register page, does anybody know of improvements?

helz

Hello all,
I have designed this registration script that well urm registers users to the database 🙂 so i can have a login and that with my site, all works grand this is just to see if anybody knows of any improvements that i could make to it.
Thanks in advance
Helz

<?
require "".$DOCUMENT_ROOT."/cgi-bin/connect.php";
function showForm() { 
    echo "Please fill out all forms.<br>
		  Register Form:<br> 
        <form action='index.php?login=register' method='post'> 
        <table> 
        <tr><td>Name</td><td><input type='text' name='regusername'></td></tr> 
        <tr><td>Password</td><td><input type='text' name='regpassword'></td></tr>
		<tr><td>Real Name</td><td><input type='text' name='regrealname'></td></tr>
        <tr><td colspan=2 align='center'><input type='submit' value='Register!' class='submit'></td></tr> 
        </table> 
        </form>"; 
}
$username = $_SESSION['user_name'];
if (!empty($username)) {
		die("You are already logged in: ".$username."! No need to register again!");
} else {
	if ($REQUEST_METHOD=="POST") {
			if ((isset($_POST['regusername'])) && (isset($_POST['regpassword']))) {
			#$rs = mysql_query("SELECT * FROM ".$membertable." WHERE username = '$username' AND password = '$password'",$cid); 
			//make sure theres only diffrent usernames. The above would make it possible to have karl : password and karl : pass 
			$rs = mysql_query("SELECT * FROM ".$membertable." WHERE username = '$regusername'"); 
			//if the user exists 
					if (mysql_num_rows($rs)>0) {   

						echo("The user already exists, please try again<br><br>".$back.""); 
						showForm();   

					}  

					else {
								$checkuser = preg_match("/^(\w+)$/",$regusername);
								$checkpass = preg_match("/^(\w+)$/",$regpassword);
//								$regpassword = md5($regpassword);// make password secure?
								if (($checkuser==1)&&($checkpass==1)) {
								  //the user does not exist set him into the user table 
								  mysql_query("INSERT INTO ".$membertable." 
											   (username, password, realname) VALUES 
											   ( '$regusername', md5('$regpassword'), '$regrealname' ) ");       

								  echo "Woohoo you have registered!<br><br>Redirecting to login page now...
										<META HTTP-EQUIV='refresh' CONTENT='3; URL=index.php?login=login'>";
								} else {
									echo "Your username/password has incorrect characters!<br>You are allowed letters,numbers and/or underscores!";
								}   

					} //end else
			}//end if user, entered information
	}// end if request method
	else {   

    showForm();  

	} //end if
}
?>

planetsim

Most obvious use SuperGlobals always code as if its off no matter even if its on.

You are also using Functions incorrectly each function should do one thing. So e.g. A database connection function should just be connect to a database not a query.

Your main function (the one that registers the user) has at least 3things happening, although it may seem like a good thing start taking those practices into OO