$email = $db->stringEscape($_POST['email']);
string_validation($username, 8, 15);
//if password matches the retype, encrypt the user's password
if ($password == $password_again) {
//password encryption
$crypt_password = password_encrypt($password);
} else {
$error_flag++;
}
$temp = explode(".", $_FILES["avatar"]["name"]);
$extension = end($temp);
$destination .= "{$username}\\";
// try to create a new upload object
try {
$upload = new UploadFile($destination, "image");
$upload->setMaxSize($imageMaxSize);
$upload->upload(false);
$filename = $upload->getFilename();
$msgResult = $upload->getmessages();
} catch (Exception $e) {
$msgResult[] = $e->getMessage();
}
//upload user and avatar to db
if ($error_flag == 0) {
$query = "CALL add_user('" . $username . "', '" . $crypt_password . "' ,'" . $filename . "' , '" . $extension . "' , '" . $email . "' , '" . date('Y-m-d') . "' )";
if ($result = $db->query($query)) {
$_SESSION['user'] = $username;
echo "<script> location.href=\"account.php\" </script>";
if (isset($msgResult)) {
foreach ($msgResult as $msg) {
echo $msg . "*";
