[Security] Remnants of SQL Injection
Great work on the initial private report of vulnerabilities. Now that there are fewer, I think we can track them publicly without repercussions.
This line in
session.php is an SQL injection.
$query = "SELECT email FROM users WHERE email='$user_check'";
See, this is the problem with the
mysqli_real_escape_string approach. It is too easy to miss something.