Return to Revisions

Nice Code, just a couple of points for now:

Security

• hash_hmac is the wrong tool for hashing passwords. Use bcrypt instead.
• You are outputing $firstname and $username without validating them, which could possibly lead to an xss attack via email

I didn't see anything else right now, but that doesn't mean that this is all.

Other

• why are you checking if the user exists manually (via $ensure)? Shouldn't your database schema take care of this?
• updating logged_in_member in login: couldn't you use update instead of delete and then insert?
• select * is bad practice and bad for performance, it is better to specify which columns you want.
• indentation and spacing: sometimes, they are off (eg if($selection_1->rowCount()){)
• Comments: I generally like your comments, but as @Bhathiya-JaDogg-Perera noted, they are a bit much (eg //For loop to build string, //Generate User Salt, Create user function creates user, etc). What I would rather want to know: hashData: what hashing method is used? createUser: does it only create the user? Or does it also send out mail?