[php]<?php include_once(“scripts/global.php”);
$message = ‘’;
if(isset($_POST[‘username’])){
$username = $_POST['username'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$vname = $_POST['vname'];
$vzip = $_POST['vzip'];
$event = $_POST['event'];
$date = $_POST['date'];
$guests = $_POST['guests'];
$hours = $_POST['hours'];
//error handleing
if ((!$username)||(!$fname)||(!$lname)||(!$email)||(!$pass1)||(!$pass2)||(!$vname)||(!$vzip)||(!$event)||(!$date)||(!$guests)||(!$hours)){
$message="Please complete all fields in the form below";
}else{
if($pass1 != $pass2){
$message = "Your password fields do not match!";
}else{
//securing the data
$username = preg_replace"#[*0-9a-z]#i","",$username);
$pass1 = sha1($pass1);
$email = mysql_real_escape_string($email);
//check for duplicates
$user_query = mysql_query("SELECT username FROM clients WHERE username='$username' LIMIT 1") or die ("Could not check username");
$count_username = mysql_num_rows($user_query);
$email_query = mysql_query("SELECT email FROM clients WHERE email='$email' LIMIT 1") or die ("Could not check email");
$count_email = mysql_num_rows($email_query);
if($count_username > 0){
$message = "Your Username is already in use.";
}else if($count_email > 0){
$message = "Your Email is already registered";
}else{
// insert clients
$query = mysql_query("INSERT INTO clients (username, firstName, lastName, email, password, vname, vzip, event, date, guests, hours)VALUES('$username','$fname',$'lname','$email','$pass1','$vname','$vzip','$event','$date','$guests''$hours')") or die('Could not insert your information');
$client_id = mysql_insert_id();
mkdir('users/$client_id',0755);
$message = "Your quote has now been submitted and your account is registered";
}
}
}
?>
[/php]