Programmer Application

<?php
$pagetop = "Register";
include("header.php");

if(!empty($user['id'])){
   echo "<center>You are already logged in as <strong>$username</strong></center>";
   include("footer.php");
   die;
}

if($_GET['action'] == "register"){
   
   $_POST['username'] = mysql_real_escape_string($_POST['username']);
   $_POST['password'] = mysql_real_escape_string($_POST['password']);
   $_POST['email'] = mysql_real_escape_string($_POST['email']);
   $check_username = mysql_query("SELECT * FROM users where username='{$_POST['username']}'") or die(mysql_error());
   
   echo "<center>";
   if(!$_POST['username'] || !$_POST['password'] || !$_POST['cpassword'] || !$_POST['email'] || !$_POST['security_code']){
      echo "You didn't fill out all of the required fields.";
   }elseif(str_replace(" ", "", $_POST['username']) != $_POST['username']){
      echo "Your username cannot contain any spaces.";
   }elseif(strlen($_POST['username']) < 4 || strlen($_POST['username']) > 12){
      echo "Your username must be between 4 and 12 characters.";
   }elseif(mysql_num_rows($check_username) > 0){
      echo "That username is already taken. Please try another one!";
   }elseif($_POST['password'] != $_POST['cpassword']){
      echo "The passwords you have entered don't match!";
   }elseif(str_replace(" ", "", $_POST['password']) != $_POST['password']){
      echo "Your password cannot contain any spaces.";
   }elseif(strlen($_POST['password']) < 6 || strlen($_POST['password']) > 12){
      echo "Your password must be between 6 and 12 characters.";
   }elseif(str_replace(" ", "", $_POST['email']) != $_POST['email']){
      echo "Your email cannot contain any spaces.";
   }elseif(strlen($_POST['email']) > 100){
      echo "Your email cannot be greater then 100 characters.";
   }elseif($_POST['security_code'] != $_SESSION['security_code']){
      echo "Your security code was incorrect. Please try again!";
   }else{
      $_POST['password'] = sha1(md5($_POST['password']));
      mysql_query("INSERT INTO users(username,password,email)
      VALUES('".$_POST['username']."', '".$_POST['password']."', '".$_POST['email']."')") or die(mysql_error());
      echo "Thank you for registering an account at Bake O Cake.<br /><strong>{$_POST['username']}</strong> you may proceed to the <a href='login.php'>Login</a>.</center>";
      include("footer.php");
      die;
   }
   echo "</center>";
}

ECHO<<<ECHO
<form action="?action=register" method="post">
<table align="center" width="380">
<tr>
<td colspan="2" align="center">
Register your <strong>FREE</strong> account at Bake O Cake!
</td>
</tr>
<tr>
<td>Username:</td>
<td><input type="text" name="username" value="{$_POST['username']}"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type="password" name="cpassword"></td>
</tr>
<tr>
<td>Email:</td>
<td><input type="text" name="email" value="{$_POST['email']}"></td>
</tr>
<tr>
<td>Security Code:</td>
<td>
<img src="captcha.php" /><br />
<input id="security_code" name="security_code" type="text" /></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="register" value="Register">
</td>
</tr>
</table>
</form>
ECHO;

include("footer.php");
?>