Shane Hollis - 2019-02-24 07:30:53
Nice job. Thanks for sharing the code.
There are a couple of suggestions i would make.
1 - The config.php contains user names, passwords etc. It would be best to move those out to an INI file located outside the web root e.g
-- / WWW/--index.php
There seems to be no filtering on session vars or DB input.
I know that PDO prepared statements will save you from some of the db hacks, it still leaves unfiltered input to go to the session vars.
Slightly strong filtering on username etc would keep it a bit tighter.
But nice job - well documented and coded.