register.php

A website for keeping track of wishes for your character in WoW Users are able to make a user accoun

<?php
session_start();
include "magickey.inc.php";

if ((isset($_SESSION['user_logged']) && $_SESSION['user_logged'] != "") || 
    (isset($_SESSION['magickey']) &&  $_SESSION['magickey'] == $magickey) )
{
	// YES = send home
	header("Refresh: 5; URL=index.php");
	echo "You are currently logged in, you shouldnt be here. we are redirecting you back home <br />";
	echo "If your browser doesnt support this, <a href=\"index.php\">click here</a><br />";
	echo "You could always try to <a href=\"logout.php\">logout</a> first.";
	die();
}
include "conn.inc.php";

	

if (isset($_POST['submit']) && $_POST['submit'] == "Register")
{
	//coming from a submit
	if ($_POST['username'] != "" && $_POST['password'] != "")
	{
		//form was filled, check it
		$s_username = addslashes($_POST['username']);
		$query = "SELECT username FROM users WHERE username = '" . $s_username . "';"; //sanitise
		$result = mysql_query($query) 
		or die(mysql_error());
		
		//check input is just alpha characters
		
		if (mysql_num_rows($result) != 0)
		{
			//someone already has that username
			include "register.head.inc.php"; 
			include "header.inc.php"; 
			echo "<p><h1>Register an account</h1><h2>Oops!</h2>Someone already has that account name<br />".
				"Choose a different account name</p>";
			include "register.form.inc.php"; 
		}
		elseif (preg_match("/^\w{5,30}$/",$_POST['username'])==0)
        {
			include "register.head.inc.php"; 
			include "header.inc.php"; 
			echo "<p><h1>Register an account</h1><h2>Oops!</h2>Invalid username:<br />".
				"You can only use alphabet characters and numbers, and must be 5-30 characters long<br />".
				"Try again.</p>";
			include "register.form.inc.php";
		}
		else
		{
			//insert into db
			$s_username = addslashes($_POST['username']);
			$s_password = addslashes($_POST['password']);
			$query = "INSERT INTO users (username, password) " .
				"VALUES ('" . $s_username . "', " .
               "(PASSWORD('" . $s_password . "')));"; //sanitise
			$result = mysql_query($query) 
			or die(mysql_error());

			//set session
			$_SESSION['user_logged'] = $_POST['username']; //sanitise
			$_SESSION['magickey'] = $magickey;
			
			if ($_POST['cookie'] == "yes")
			{
				$token = mt_rand();
				$tokenquery = "UPDATE users SET logintoken = '".$token."' WHERE username = '". $s_username."' LIMIT 1;"; //sanitise
				$tokenresult = mysql_query($tokenquery) or die(mysql_error());
				setcookie("wishlogin", $_POST['username']."__".$token."__".$magickey);
			}
			
			//redirect to index
			$s_username = htmlentities($s_username);
			include "register.head.inc.php"; 
			include "header.inc.php"; 
			echo "<p><h1>Account registered</h1>Thank you ".$s_username ." for registering!<br />" .  //sanitise
				"You can go to the <a href=\"index.php\">home page</a>, or go and <a href=\"alt_new.php\">make an alt</a></p>";

			//header("Refresh: 5; URL=index.php");
			die();
		}
	}
	else
	{
		//empty fields
		include "register.head.inc.php"; 
		include "header.inc.php"; 
		echo "<p><h1>Register an account</h1><h2>Oops!</h2>You need to fill both username and password fields<br />Try again.</p>";
		include "register.form.inc.php";
	}
}
else
{
	//first visit to page
	include "register.head.inc.php"; 
	include "header.inc.php";
	echo "<p><h1>Register an account</h1>Enter your details for your account and get started</p>";
	include "register.form.inc.php"; 
}

?>
	</body>
</html>