The fix affects two files user_add_save.php and user_add_errors.php. Make them as follows:

New code for user_add_save.php

<?
include"master_inc.php";
$lastname = strip_tags(substr($_POST['lastname'],0,32));
$firstname = strip_tags(substr($_POST['firstname'],0,32));
$phone = strip_tags(substr($_POST['phone'],0,32));
$password_hint=$_REQUEST['password_hint'];
//user unique?
$username = strip_tags(substr($_POST['username'],0,32));
if(trim($username)!=='' || strlen(trim($username)) >= 4){
//email unique?
$sql="SELECT * FROM users WHERE username='$username'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count>0){
$username_already_in_use = 104;
}

}else{
$username_too_short = 104;}//email format check
$email_raw = $_REQUEST['email'];
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@([a-z0-9-]{2,3})+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email_raw))
{
$email = $email_raw;
}else{
$bad_email=104;
}
//email unique?
$sql="SELECT * FROM users WHERE email='$email'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count>0){
$email_already_in_use=104;
}
//Secure Password Format Checks
$pw_clean = strip_tags(substr($_POST['password'],0,32));
if (preg_match("/[A-Z]+[a-z]+[0-9]/", $pw_clean, $matches)) {
}else{
$pw_insecure = 104;
}
if($username_already_in_use==104 OR $email_already_in_use==104 OR $pw_insecure==104 OR $bad_email==104 OR $username_too_short==104){
header(
"location:user_add_errors.php?pw_insecure=$pw_insecure&email_already_in_use=$email_already_in_use&username_already_in_use=$username_already_in_use&bad_email=$bad_email&username_too_short=$username_too_short");
die();
}
//End Error Checks_________________________________________________________//Encrypt Password
$encrypted_pw = md5($pw_clean);
$query = "INSERT INTO `users` (`username`,
`password`,
`lastname`,
`firstname`,
`email`,
`phone`,
`password_hint`)
VALUES
(
'$username',
'$encrypted_pw',
'$lastname',
'$firstname',
'$email',
'$phone',
'$password_hint')";
// save the info to the database
$results = mysql_query( $query );
// print out the results
if( $results )
{
echo( "<font size='2' face='Verdana, Arial, Helvetica, sans-serif'>Your changes have been made sucessfully. <br><br><a href='login.php'>Back to login</a></font> " );
}
else
{
die( "Trouble saving information to the database: " . mysql_error() );
}
//email unique?
$sql="SELECT * FROM users";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){$query = "UPDATE `users` SET `permissions`='5' WHERE `email`='$email'";
// save the info to the database
$results = mysql_query( $query );
// print out the results
if( $results )
{ echo( "<font size='2' face='Verdana, Arial, Helvetica, sans-serif'><br><br>Since this is the first user in the database we have configured the account with administrative privileges. Subsequent changes to permission levels can be made in the database. Thank you.<br></font> " );
}
else
{
die( "<font size='2' face='Verdana, Arial, Helvetica, sans-serif'>Trouble saving information to the database:</font> " . mysql_error() );
}

}
?>

New code for user_add_errors.php
<div align="center">
<p><A href="http://www.amsmerchant.com" target="_blank"></A> <strong><font size="4" face="Verdana, Arial, Helvetica, sans-serif">Errors</font></strong><br />
<a href="login.php"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Login</font></a></p>
<table width="500" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><?
$username_already_in_use = $_REQUEST['username_already_in_use'];
$email_already_in_use = $_REQUEST['email_already_in_use'];
$pw_insecure = $_REQUEST['pw_insecure'];
$bad_email = $_REQUEST['bad_email'];
$username_too_short = $_REQUEST['username_too_short'];

if($username_too_short==104){echo"<font size='2' color='#ff0000' face='Verdana, Arial, Helvetica, sans-serif'>
That username is too short. Please make it more than 4 characters.<br><br></font>";}

if($username_already_in_use==104){echo"<font size='2' color='#ff0000' face='Verdana, Arial, Helvetica, sans-serif'>
That username is already in use. Please try again or log in to your existing account.<br><br></font>";}
if($email_already_in_use==104){echo"<font size='2' color='#ff0000' face='Verdana, Arial, Helvetica, sans-serif'>
That email is already in use. That probably means you have an existing account. Log in or <a href='email_password.php'>reset your password</a><br><br></font>";}
if($pw_insecure==104){echo"<font size='2' color='#ff0000' face='Verdana, Arial, Helvetica, sans-serif'>
Your Password is not formatted correctly. Please choose a password that is between 4 and 20 characters and has at least 1 uppercase letter, one lower case letter and one number I.E. <i>Hello23</i>.<br><br></font>";}

if($bad_email==104){echo"<font size='2' color='#ff0000' face='Verdana, Arial, Helvetica, sans-serif'>
Your email does not appear to be valid<br><br></font>";}

?></td>
</tr>
</table>
<form action="user_add_save.php" method="post" name="form" id="form">
<table width="474" border="0" cellspacing="0" cellpadding="5">
<tr>
<td width="177"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Username</font></td>
<td width="277"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">
<input type = "text" value="<? echo$username; ?>" name="username" width="50" />
</font></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Password</font></td>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">
<input type = "text" value="<? echo$password; ?>" name="password" width="50" />
</font></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Last Name </font></td>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">
<input type = "text" value="<? echo$lastname; ?>" name="lastname" width="50" />
</font></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">First name </font></td>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">
<input type = "text" value="<? echo$firstname; ?>" name="firstname" width="50" />
</font></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Email</font></td>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">
<input type = "text" value="<? echo$email; ?>" name="email" width="50" autocomplete="OFF" />
</font></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Phone</font></td>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">
<input type = "text" value="<? echo$phone; ?>" name="phone" width="50" autocomplete="OFF" />
</font></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Password Hint </font></td>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">
<input type = "text" value="<? echo$password_hint; ?>" name="password_hint" width="50" />
</font></td>
</tr>
</table>
<p><font size="1" face="Arial, Helvetica, sans-serif">
<input type="submit" value="Save and Continue" name="submit2" />
</font></p>
</form>
<p>
<?
?>
</p>
<p>&nbsp;</p>
</div>