Файл: reg.php
Строк: 71
<?php
$reg = "reg";
if($_GET['page']==$reg)
{
include ("head.php");
echo <<< sss
<div class="nav">
<form action=reg.php?page=add method=post>
Логин: *<br />
<input name="user" maxlength="15" type="text" value=""><br />
Пароль: * <br />
<input name="pass" maxlength="20" type="text" value=""><br />
Имя: *<br />
<input name="name" maxlength="60"type="text" value=""><br />
Пол: <br />
<select size="1" name="pol">
<option value="Мужской">Мужской</option>
<option value="Женский">Женский</option>
</select><br />
E-mail:<br />
<input name="email" maxlength="70" type="text" value=""><br />
Введите код:<br />
<img style='margin-top:1px;' src='img/cap.png'>
<input style='margin-left:6px;' name='pr' type='text' size='5' maxlength='6'><br />
<input type='submit' value='Регистрация'>
</form>
</div>
<a href="index.php">Назад</a>
sss;
include ("foot.php");
exit();
}
$add = "add";
if($_GET['page']==$add)
{
include ("conf.php");
$user = htmlspecialchars(mysql_real_escape_string(trim($_POST['user'])));
$pass = htmlspecialchars(mysql_real_escape_string(trim($_POST['pass']))); if ($pass == ''){unset($pass); }
$email = htmlspecialchars(mysql_real_escape_string(trim($_POST['email'])));
$pol = htmlspecialchars(mysql_real_escape_string(trim($_POST['pol'])));
$name = htmlspecialchars(mysql_real_escape_string(trim($_POST['name']))); if ($name == ''){unset($name); }
$pr = htmlspecialchars(mysql_real_escape_string(trim($_POST['pr'])));
$count_users = mysql_result(mysql_query("SELECT COUNT(*) FROM userlist WHERE user='$user'",$db),0);
if ($count_users)
{
include ("head.php");
echo "<div class='nav'>Извините, введённый вами ник уже зарегистрирован. Введите другой ник.</div>";
echo <<<sss
<div class='nav'>
• <a href="reg.php?page=reg">Назад</a>
</div>
sss;
include ("foot.php");
exit();
}
if (isset($user) && isset($pass) && isset($name))
{
if ($pr != 154321) { include ('head.php'); echo "<div class='nav'>Неверный код с картинки!<br /><input name='back' type='button' value='Назад' onclick='javascript:self.back();'></div>"; include ("foot.php"); exit();}
$datereg = date("Y-m-d");
$result = mysql_query("INSERT INTO userlist (user,pass,email,pol,name,datereg,photo,money,status,lvl,benz,vat,sky) VALUES ('$user','$pass','$email','$pol','$name','$datereg','0','$regmoney','К гонкам готов!','0','100','50','$regsky')");
if ($result == 'true')
{
include ("head.php");
echo "<div class='nav'>Вы успешно зарегистрировались!</p></div>";
echo "<a href=index.php>Войти в игру</a>";
sss;
include ("foot.php");
exit();
}
}
else
{
include ("head.php");
echo "<div class='nav'>Вы ввели не всю информацию!</div>";
echo <<<sss
<a href="reg.php?page=reg">Назад</a>
sss;
include ("foot.php");
exit();
}
}
?>