Is my registraition process secure?

[mdgrech]

This is my first time creating a user login system from scratch, I was hoping you guys could look over my register.php script and tell me if its secure. I’m using <?php echo $PHP_SELF; ?> as the form action, the script below is my register.php which I have included on the form page at the very top using include("register.php"), and for the form method I used post. Thanks guys :D

<?php
if (strlen($_POST) > 1)
{
$email = mysql_real_escape_string($_POST);
$password = md5(mysql_real_escape_string($_POST));
$reenterpassword = md5(mysql_real_escape_string($_POST));

# database connect
$connection = mysql_connect("localhost","root","password");
mysql_select_db("Sporometer", $connection);
$matchemail = mysql_query("SELECT * FROM Members WHERE Email=’".$email."’");

# Setup email checks
function checkemail($email){
return eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $email);}

# Setup email check
$passwordlength = strlen($_POST);

# Start validating user input

if (!$connection)
{
$message = "<p class=’stop’>Could not connect to database.</p>";
}
elseif (!(checkemail($email)))
{
$message = "<p class=’stop’>Invalid email</p>";
}
elseif (mysql_num_rows($matchemail) == 1)
{
$message = "<p class=’stop’>Email already registered.</p>";
}
elseif ($passwordlength < 5)
{
$message = "<p class=’stop’>Password to short.</p>";
}
elseif (!($password==$reenterpassword))
{
$message = "<p class=’stop’>Passwords must match.</p>";
}
else
{
mysql_query("INSERT INTO Members (Email, Password)
VALUES (‘$email’, ‘$password’)");

mysql_close($connection);
$message = "<p class=’go’>Successfully registered.</p>";
echo ‘<meta http-equiv="REFRESH" content="0;url=providers.php">’;
}
}

?>

[Author]

Posts