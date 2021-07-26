First, good job on switching to PDO.

I see many problems with the code you posted. Does the profile page actually have a .html extension as you have posted?

Starting with the connection, you have no error handling if the connection fails. This is one case where you should use a try/catch block to handle exceptions.

In register, I would suggest using a relative path instead of an absolute path and making the connection required instead of included.

Hoping for the name of a button to be submitted in order for your script to work can completely fail in certain cases. You should be checking the REQUEST METHOD instead. Do not create variables for nothing. Do not check for an existing email or username. Rather, set a unique constraint on those DB columns, attempt the insert and catch any duplicate errors. This would be the second suitable use case for a try catch block. As written the code will go nowhere if the password does not match the password confirm. Don’t hard code a URL in the redirect. Use a relative path. You don’t need the closing PHP tag in your files.

In login, why are you echoing in setting a session for email and on top of it setting the username to the email session? Makes no sense. Same comments apply to this file as previous. Specify the columns you want by name. Do not SELECT *.

In profile, the timezone setting does not belong there. That should be set in the php.ini. Stop mixing the file and directory case. Use all lowercase. You try to select where email equals Session email but you set it to the username so it will never match. I would suggest using the output tag instead of echoing all over the place.