registering script

OTHER_INFORMATION/php files/create_account.php

+<?php
+require_once 'connect_db.php';
+if (isset($_POST['username']) && isset($_POST['firstname']) && isset($_POST['lastname']) && isset($_POST['password'])) {
+
+
+    $key = 'fu4823yfu03$&u3Sy(48%$>gh)83*hf201*&fg3"!fh9HFG8';
+
+    require_once 'encode_decode.php';
+
+    $username = htmlspecialchars($_POST['username']);
+    $firstname = encrypt(htmlspecialchars($_POST['firstname']),$key);
+    $lastname = encrypt(htmlspecialchars($_POST['lastname']),$key);
+    $password = htmlspecialchars(password_hash($_POST['password'], PASSWORD_DEFAULT));
+
+    //init the connection and sql
+    $stmt = mysqli_stmt_init($connect);
+
+    if (AccountCheck($username, $connect)) {
+        echo "username_taken";
+
+        exit();
+    } else {
+
+        $sql = "INSERT INTO user_museum VALUES (?,?,?,?);";
+
+        if (!mysqli_stmt_prepare($stmt, $sql)) {
+            echo "failure";
+        } else {
+
+            mysqli_stmt_bind_param($stmt, "ssss", $username, $firstname,$lastname, $password);
+
+            mysqli_stmt_execute($stmt);
+            echo "success";
+        }
+
+        mysqli_stmt_close($stmt);
+        exit();
+    }
+}
+
+function AccountCheck($username, $connect)
+{
+
+    $sql2 = 'SELECT * FROM user_museum WHERE username= ?;';
+    $stmt2 = mysqli_stmt_init($connect);
+
+    if (!mysqli_stmt_prepare($stmt2, $sql2)) {
+        echo "sql_error";
+    } else {
+        mysqli_stmt_bind_param($stmt2, 's', $username);
+        mysqli_stmt_execute($stmt2);
+
+        $result = mysqli_stmt_get_result($stmt2);
+
+        if (mysqli_fetch_assoc($result)) {
+
+            mysqli_stmt_close($stmt2);
+            return true;
+        } else {
+            mysqli_stmt_close($stmt2);
+            return false;
+        }
+    }
+};
\ No newline at end of file