<?php

$con = mysql_connect('localhost', 'runiaonl', 'Npcpk1@5');
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("runiaonl_mmotcg", $con);

if ($_POST["register"] == "me")
{
$username_control = 1;
$username2_control = 1;
$username3_control = 1;
$username4_control = 1;
$username5_control = 1; 
$username6_control = 1; 
$password_control = 1;
$password2_control = 1;
$password3_control = 1;
$password4_control = 1;
$password5_control = 1;
$email_control = 1;
$email2_control = 1;
$email3_control = 1;
$email4_control = 1;
$main_control = 1;
$terms_control = 1;

$username = $_POST["username"];
$email = $_POST["email"];

$accept = isset($_POST["terms"]) ? $terms='yes' : $terms='no';

function usersyntax_is_valid($username)
{
return !preg_match("/[^a-zA-Z0-9_]{2,15}/", $username);
}

function emailsyntax_is_valid($email)
{
return preg_match('/^[-A-Za-z0-9_.]+[@][A-Za-z0-9_-]+([.][A-Za-z0-9_-]+)*[.][A-Za-z]{2,8}$/', $email);
}

if($_POST["username"] == "")
{
$empty_username = "You did not enter a username.";
$username_control = 0;
}

elseif(strlen($_POST["username"]) < 3)
{
$empty_username = "Your username must be at least 3 characters long.";
$username2_control = 0;
}

elseif(strlen($_POST["username"]) > 15)
{
$empty_username = "Your username must not exceed 15 characters.";
$username3_control = 0;
}

elseif(!usersyntax_is_valid($_POST["username"]))
{
$empty_username = "Incorrect username format. (Please use alphanumeric or _)";
$username4_control = 0;
}

elseif($username_control == 1 && $username2_control == 1 && $username3_control == 1 && $username4_control == 1)
{
$uniqusername = mysql_real_escape_string(strtolower($_POST["username"])); 
$result = mysql_query("SELECT username FROM users WHERE username='$uniqusername' LIMIT 1");

if (mysql_num_rows($result) == 1)
{
$empty_username = "The username you chose already exists. Please choose a different username.";
$username5_control = 0;
unset($_POST['username']);
}
else
{
if($_POST["email"] == "")
{
$empty_email = "You must enter an e-mail address.";
$email_control = 0;
$main_control = 0;
}

elseif(!emailsyntax_is_valid($email))
{
$empty_email = "Incorrect e-mail format.";
$email2_control = 0;
$main_control = 0;
}

elseif($email_control == 1 && $email2_control == 1)
{
$uniquseremail = mysql_real_escape_string(strtolower($_POST['email']));
$result3 = mysql_query("SELECT email FROM users WHERE email='$uniquseremail' LIMIT 1");

if (mysql_num_rows($result3) == 1)
{
$empty_email = "The e-mail you enterd already exists!";
$email3_control = 0;
unset($_POST['email']);
}
else
{
$password = mysql_real_escape_string($_POST["password"]);
$password2 = mysql_real_escape_string($_POST["password2"]);

if($password == "")
{
$empty_password = "You must enter a password.";
$password_control = 0;
$main_control = 0;
}

elseif(strlen($password) < 6)
{
$empty_password = "Your password should be at least 6 characters long.";
$password4_control = 0;
$main_control = 0;
}

elseif(strlen($password) > 30)
{
$empty_password = "Your password must not exceed 30 characters.";
$password5_control = 0;
$main_control = 0;
}

elseif($password2 == "")
{
$empty_password2 = "You must confirm your password!";
$password2_control = 0;
$main_control = 0;
}

elseif($password2 !== "" && $password2 !== $password)
{
$empty_password2 = "The passwords didn't match!";
$password3_control = "0";
$main_control = 0;
}

elseif($terms == 'no')
{
$accept_terms = "You must accept the Terms and Conditions.";
$terms_control = 0;
$main_control = 0;
}

elseif($main_control == 1 && $terms_control == 1)
{

$actkey =  mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();
$IPaddress = $_SERVER[REMOTE_ADDR];
mysql_query("INSERT INTO users (username, email, password, ipaddress, status, activationkey) VALUES ('$uniqusername', '$uniquseremail', '$password', '$IPaddress', 'Verify', '$actkey')"); 

$to      = $uniquseremail;
$subject = " MMOTCG.com Registration";
$message = "Welcome to MMOTCG.com!\r\rYou, or someone using your email address, has requested registration at MMOTCG.com. You can complete registration by clicking the following link:\rhttp://www.runiaonline.com/mmotcg/register?verify=$actkey\r\rIf this is an error, ignore this email and you will be removed from our records.\r\rRegards,\rMMOTCG.com Staff";
$headers = 'From: admin@warreward.com' . "\r\n" .
    'Reply-To: admin@warreward.com' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();
$mail = mail($to, $subject, $message, $headers);
$register = "Thank you for registering. An email has been sent to $uniquseremail with an activation key. Please check your mail to complete registration.";

unset($_POST);

}
}
}
}
}
}

if($_GET[verify])
{
$sql = "SELECT * FROM users"; 
$result = mysql_query($sql) or die(mysql_error());

  while($row = mysql_fetch_array($result))
  {
    if ($_GET[verify] == $row["activationkey"])
    {
      echo "Thank you for activating your account. You may now login and play MMOTCG.com! Enjoy.";
      $sql="UPDATE users SET activationkey = '', status='activated' WHERE pid = $row[pid]";
      if (!mysql_query($sql))
      {
         die('Error: ' . mysql_error());
      }
    }
  }
}
else
{
?>

<h1>Register</h1>

<?php

echo '<font color="red" size="2">' . $empty_username;
echo $empty_password;
echo $empty_password2;
echo $empty_email;
echo $accept_terms;
echo $register . '</font>';

?>

<form action="<?=$PHP_SELF?>" method="post" name="regmain">
<table border="0">
<tr><td><b>Username:</b></td><td> 

<input type="text" name="username" size="15" class="inputSidebar" value="<?php
if($username_control != 0){ echo $_POST['username'];} 
elseif(username2_control !=0){ echo $_POST['username'];}
elseif(username3_control !=0){ echo $_POST['username'];}
elseif(username4_control !=0){ echo $_POST['username'];}
elseif(username5_control !=0){ echo $_POST['username'];}
elseif(username6_control !=0){ echo $_POST['username'];}
else{ echo ''; } ?>"></td></tr>

<tr><td colspan="2"><font size="2"><i>(Username must be between 3 - 15 characters, and contain no spaces).</i></font></td></tr>

<tr><td><b>Password:</b></td><td>

<input type="password" name="password" size="15" value="<?php
if($password_control != 0){ echo $_POST['password'];}
elseif($password4_control !=0){ echo $_POST['password'];}
elseif($password5_control !=0){ echo $_POST['password'];}
else{ echo ''; } ?>"></td></tr>

<tr><td colspan="2"><font size="2"><i>(Password must be between 6 - 30 characters).</i></font></td></tr>


<tr><td><b>Confirm Password:</b></td><td>

<input type="password" name="password2" size="15" value="<?php
if($password2_control != 0 && $password_control != 0){ echo $_POST['password2'];}
else{ echo ''; } ?>"></td></tr>

<tr><td colspan="2"><font size="2"><i>(Re-enter your password).</i></font></td></tr>

<tr><td><b>E-mail:</b></td><td>

<tr><td colspan="2"><font size="2"><i>(An activation email will be sent upon completion.).</i></font></td></tr>

<input type="text" name="email" size="15" value="<?php
echo $_POST['email']; ?>"></td></tr>
</table>

<tr><td align="right"><input type="checkbox" name="terms" value="visible">&nbsp;</td><td><b>I have read and agree to the <a href="#">Terms of Service</a> and the <a href="#">Privacy Policy</a>.</b></td></tr>
</table>
<br>
<br>

<input class="button" type="submit" name="submit" value="Register">
<input type="hidden" name="register" value="me">
</form>
<?php
}
?>