nope you didnt. this is ur reg_do.php:
Code:
<?php
/* Store user details */
$name = $_POST['name'];
$pass = sha1($_POST['pass']);
$email = $_POST['email'];
$dob = $_POST['dob'];
$vpass = sha1($_POST['vpass']);
include('./config2.php');
$sel = 'SELECT * FROM accounts WHERE name="'.$_POST['name'].'"';
if($name == ""){
echo 'No username filled in.';
exit();
}elseif(mysql_num_rows(mysql_query($sel)) >= 1 ){
echo '<link rel=stylesheet href="style.css" type="text/css"><center>This username does already exists!</center>';
exit();
}elseif($pass == ""){
echo '<link rel=stylesheet href="style.css" type="text/css"><center>No password filled in.</center>';
exit();
}elseif($vpass != $pass){
echo '<link rel=stylesheet href="style.css" type="text/css"><center>The passwords did not match.</center>';
exit();
}else{
$d = 'INSERT INTO accounts (name, password, email, birthday) VALUES ("'.$name.'", "'.$pass.'", "'.$email.'", "'.$dob.'")';
mysql_query($d) OR die (mysql_error());
echo '<link rel=stylesheet href="style.css" type="text/css"><center>Your account has been created, you can now login!</center>';
}
?>
you are missing this, which verifies the code :
Code:
if(strtoupper($_POST['code']) == $_SESSION['code']) {
echo '<script type="text/javascript">alert("Congradulations, You have entered the Security code correctly.")</script>';
} else {
echo '<script type="text/javascript">alert("You have entered a wrong Security code, Please try again!")</script><META HTTP-EQUIV="refresh" CONTENT="0;URL='.$regpage.'">';
exit();
}
and:
Code:
$code = mysql_real_escape_string(trim($_SESSION['code']));