PHP script
<?php
$uname=trim($_POST['userid']);
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$mname=$_POST['mname'];
$password=$_POST['password'];
$password2=$_POST['password2'];
$email=$_POST['email'];
$email2=$_POST['email2'];
$country=$_POST['country'];
$locale=$_POST['locale'];
$city=$_POST['city'];
$bday=$_POST['day'];
$bmonth=$_POST['month'];
$byear=$_POST['year'];
$sex=$_POST['sex'];
$agree=$_POST['agree'];
$ip=$_SERVER['REMOTE_ADDR'];
$status = "OK";
$msg="";
if (empty($_POST['userid'])) {
$msg=$msg. "You must enter a user name<br>";
$status = "NOTOK";
}
if (empty($_POST['fname'])){
$msg=$msg. "You must enter your first name.<br>";
$status = "NOTOK";
}
if (empty($_POST['lname'])){
$msg=$msg. "You must enter your last name<br>";
$status = "NOTOK";
}
if (empty($_POST['password'])){
$msg=$msg. "You must enter a password.<br>";
$status = "NOTOK";
}
if (empty($_POST['password2'])){
$msg=$msg. "You must re-enter your password.<br>";
$status = "NOTOK";
}
if (strpos($userText, " ") !== false) {
$msg=$msg. "Your user name can not contain any spaces.<br>";
$status="NOTOK";
}
if (empty($_POST['email'])){
$msg=$msg. "You must enter your email.<br>";
$status = "NOTOK";
}
if (empty($_POST['email2'])){
$msg=$msg. "You must re-enter your email.<br>";
$status = "NOTOK";
}
if(!isset($uname) or strlen($uname) <4){
$msg=$msg."User name must be between 4 and 10 characters.<BR>";
$status= "NOTOK";}
if(!isset($uname) or strlen($uname) >10){
$msg=$msg."User name must be between 4 and 10 characters.<BR>";
$status= "NOTOK";}
if($password != $password2){
$msg=$msg. "Passwords do not match. Passwords must match. Try again<BR>";
$status="NOTOK";}
if($email != $email2){
$msg=$msg. "Emails do not match. Emails must match. Try again<BR>";
$status="NOTOK";}
if($_POST['agree'] != "yes"){
$msg=$msg. "You must agree to the terms and conditions";
$status= "NOTOK";
}
$query = "SELECT * FROM USERS WHERE UNICK = '".mysql_real_escape_string($uname)."'";
$result = mysql_query($query) or die('MySQL Error: '.mysql_error());
if(mysql_num_rows($result)){
$msg=$msg."User Name already exists. Please try another one<BR>";
$status= "NOTOK";}
$query = "SELECT * FROM USERS WHERE UEMAIL = '".mysql_real_escape_string($email)."'";
$result = mysql_query($query) or die('MySQL Error: '.mysql_error());
if(mysql_num_rows($result)){
$msg=$msg."Email is already registered. Only one account per email is allowed.<BR>";
$status= "NOTOK";}
if ($status != "OK"){
echo "<div style=\"position:relative; top:0; left:0; width:500; height:500; z-index:1;\">$msg<form>
<input type=\"button\" value=\"Back to Previous Page\"
onClick=\"javascript: history.go(-1)\">
</form></div>";
}else{
$activation = md5(uniqid(rand(), true));
$password = md5($password);
if(mysql_query("insert into USERS(UID,UFNAME,UMNAME,ULNAME,UNICK,UGENDER,UPW,UEMAIL,UBDAY,UBMONTH,UBYEAR,UIP,UACTIVE,UCOUNTRY,ULOCALE,UCITY)
values('NULL','$fname','$mname','$lname','$uname','$sex','$password','$email','$bday','$bmonth','$byear','$ip','$activation','$country','$locale','$city')")){
$message = " Welcome to the BS Network!\r\rYou, or someone using your email address, has completed registration at thebsnetwork.org.\r You can complete registration by clicking the following link:\n\n";
$message .= WEBSITE_URL . '/activate.php?email=' . urlencode($email) . "&key=$activation";
$message .= "\r\rPlease do not respond to this email. This is an automated email generated through The BS Network's user registration program. \r\r If you have any questions, please contact support@thebsnetwork.org \r\r Thanks for registering! \r Sincerely, the BS Network.";
mail($email, 'The BS Network Registration Confirmation', $message, 'From:'.EMAIL);
echo "<div style=\"position:relative; top:0; left:0; width:500; height:500; z-index:1;\">Thank you for
registering! A confirmation email has been sent to $email <br>Please click on the Activation Link to Activate your account </div>";}
else{ echo "Database Problem, please contact Site admin";
//echo mysql_error();
}
}
?>
