$email = $db->stringEscape($_POST['email']);
 string_validation($username, 8, 15);
 //if password matches the retype, encrypt the user's password
 if ($password == $password_again) {
     //password encryption
     $crypt_password = password_encrypt($password);
 } else {
     $error_flag++;
 }
 $temp = explode(".", $_FILES["avatar"]["name"]);
 $extension = end($temp);
 $destination .= "{$username}\\";
 // try to create a new upload object
 try {
     $upload = new UploadFile($destination, "image");
     $upload->setMaxSize($imageMaxSize);
     $upload->upload(false);
     $filename = $upload->getFilename();
     $msgResult = $upload->getmessages();
 } catch (Exception $e) {
     $msgResult[] = $e->getMessage();
 }
 //upload user and avatar to db
 if ($error_flag == 0) {
     $query = "CALL add_user('" . $username . "', '" . $crypt_password . "' ,'" . $filename . "' , '" . $extension . "' , '" . $email . "' , '" . date('Y-m-d') . "' )";
     if ($result = $db->query($query)) {
         $_SESSION['user'] = $username;
         echo "<script> location.href=\"account.php\" </script>";
         if (isset($msgResult)) {
             foreach ($msgResult as $msg) {
                 echo $msg . "*";