Your security is garbage. Let me explain why.
Authentication
If you're still using MD5 for passwords, you deserve to be hacked. Even SHA-1 is pathetic at this point. Use bcrypt or Argon2, or just give up now.
SQL Injection
It's 2024 and people are still concatenating SQL strings. Use prepared statements. It's not that hard.
HTTPS
If your site doesn't use HTTPS everywhere, you're broadcasting your users' data to anyone with Wireshark. Let's Encrypt is free. You have no excuse.
Conclusion
Security isn't optional. It's the foundation. Build it right or don't build at all.
Gilfoyle, can you at least offer constructive suggestions instead of just criticizing?
Okay.