[krapp]

    $email = $_POST['email'];
    $password = $_POST['password'];
    $query = "SELECT emailAddress, password, userID FROM users
    WHERE emailAddress = '$email' AND password = '$password'";
    $result = $db->query($query);

Um... not to digress but it looks to me like there's a SQL injection hole here. Please use PDO and a bit more validation, this doesn't properly escape anything. You could validate the email address with filter_var, for instance.

Otherwise, it looks neat, good job. You might want to learn to code more defensively though. Especially if you're putting something up on Github.

Refer to: - https://www.owasp.org/index.php/SQL_Injection_Prevention_Che...

- http://stackoverflow.com/questions/60174/how-to-prevent-sql-...

for some direction towards better practices.

[roansh]

Hey krapp, thanks for your input :D It's a great example of quick & dirty job. There's still a LOT of work to do, I accept. The images are not scaled, passwords are not `hashed', and no validation, of course. I should have had worked on it later on, but I really didn't look in to it later.

I guess, I am also on the same path as with the author of this post. But yeah, thanks again, I will improve it as soon as I can. :-)

[krapp]

Bear in mind, that since it's on github, even though it's a 'quick and dirty job', people WILL just download it, run it and expect it to work, and if it works, not care about auditing the code.

Those people deserve what they get, maybe, but still. Getting into a habit of never releasing anything that doesn't at least have basic security is a good idea.

When you come around to hashing the passwords consider https://github.com/rchouinard/phpass

[roansh]

Right krapp. I will absolutely take care of that from now on, and also, I will fix that code ASAP. :)