Everyone replace it with:
Code:
<?php
#######Coded by espadian/Yadinho from HF and Rune-Server######
error_reporting(0);
require 'inc/db.php';
$username = sanitize($_POST['username']);
$password = sanitize($_POST['password']);
$pagain = sanitize($_POST['pagain']);
$email = sanitize($_POST['email']);
$usernamenotempty=TRUE;
$usernamevalidate=TRUE;
$usernamenotduplicate=TRUE;
$emailnotempty=TRUE;
$emailnotduplicate=TRUE;
$passwordnotempty=TRUE;
$passwordmatch=TRUE;
$passwordvalidate=TRUE;
function HashPassword($input) {
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
$hash = hash("sha256", $salt . $input);
$final = $salt . $hash;
return $final;
}
function sanitize($data){
$data = htmlspecialchars($data);
$data = mysql_real_escape_string($data);
$data = addslashes($data);
return $data;
}
$hashedpassword= HashPassword($password);
$checkusername = mysql_query("SELECT * FROM users WHERE username='$username'");
$query_username = mysql_num_rows($checkusername);
$checkemail = mysql_query("SELECT * FROM users WHERE email='$email'");
$query_email = mysql_num_rows($checkemail);
if(isset($_POST['register'])){
if(empty($username)){
$usernamenotempty = FALSE;
} else {
$usernamenotempty = TRUE;
}
if($query_username > 0){
$usernamenotduplicate = FALSE;
} else {
$usernamenotduplicate = TRUE;
}
if ((!(ctype_alnum($username))) || ((strlen($username)) >12)) {
$usernamevalidate=FALSE;
} else {
$usernamevalidate=TRUE;
}
if(empty($email)){
$emailnotempty = FALSE;
} else {
$emailnotempty = TRUE;
}
if($query_email > 0){
$emailnotduplicate = FALSE;
} else {
$emailnotduplicate = TRUE;
setcookie(email, $email);
}
$_SESSION['email'] = $email;
if ($password != $pagain){
$passwordmatch = FALSE;
} else {
$passwordmatch = TRUE;
}
}
if(isset($_POST['register'])){
if(empty($password)){
$passwordnotempty = FALSE;
} else {
$passwordnotempty = TRUE;
}
}
if ((!(ctype_alnum($password))) || ((strlen($password)) < 6)) {
$passwordvalidate=FALSE;
} else {
$passwordvalidate=TRUE;
}
if($password != $pagain){
$passwordmatch = FALSE;
} else {
$passwordmatch = TRUE;
}
if(($usernamenotduplicate ==TRUE)
&& ($usernamenotempty==TRUE)
&& ($usernamevalidate==TRUE)
&& ($passwordmatch==TRUE)
&& ($passwordnotempty==TRUE)
&& ($passwordvalidate==TRUE)
&& ($emailnotduplicate==TRUE)
&& ($emailnotempty==TRUE)){
mysql_query("INSERT INTO `users` (`Username`, `Password`, `Email`) VALUES ('$username', '$hashedpassword', '$email')") or die(mysql_error());
echo '<div class="alert alert-success">
<b>Done!</b> You are now a member, you will be redirected to the mainpage shortly.
</div>';
echo "<meta http-equiv=\"refresh\" content=\"3;index.php\">";
}
?>
<h1><center><b>Register an account!</b></center></h1>
<form method="POST">
<input type="text" class="input-xlarge" name="username" maxlength="12" placeholder="Username"></br>
<input type="password" class="input-xlarge" name="password" placeholder="Password(min 6 chars)"></br>
<input type="password" class="input-xlarge" name="pagain" placeholder="Password Again"></br>
<input type="text" class="input-xlarge" name="email" placeholder="E-mail Address"></br>
<button class="btn btn-large btn-block btn-success" name="register" type="submit">REGISTER</button>
<?php if ($usernamenotempty==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> You have entered an empty username
</div>';
if ($usernamevalidate==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> Your username should be alphanumeric and maximum of 12 characters
</div>';
if ($emailnotduplicate==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> Email already exists by one of our users
</div>';
if ($emailnotempty==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> You haven\'t filled in your E-mail addres
</div>';
if ($usernamenotduplicate==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> Your username already exists, please choose a diferent one
</div>';
if ($passwordnotempty==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> Your password is empty
</div>';
if ($passwordmatch==FALSE) echo '<div class="alert alert-alert">
<b>Error!</b> Passwords did not match eachother
</div>';
if ($passwordvalidate==FALSE) echo '<font color="red"><div class="alert alert-alert">
Your password should be atleast 6 characters long
</div>';?>
</form>