Calebrw
commented
7 years ago Closed Calebrw closed 7 years ago
Calebrw
commented
7 years ago 
mariofont
commented
7 years ago Yep, should be fixed now.
My first concern is that the password is stored as plain text with no hashing. Take a look at PHP's password_hash function. While it is true that in theory an end-user should never see the raw PHP, it's certainly possible that something go wrong and then you have the end user's password out for the world to see. Given the fact that humans often re-use passwords, this means a hacker could gain access to other accounts.