— modernization

Before & after

AI-rewritten snippets with rationale. Apply individually or export as a single PR.

Critical

Replace mysql_query with PDO prepared statements

src/db/Queries.php

Legacy.diff

$result = mysql_query(
  "SELECT * FROM users WHERE email='" . $_POST['email'] . "'"
);

Modernized.diff

$stmt = $pdo->prepare(
  "SELECT * FROM users WHERE email = :email"
);
$stmt->execute(['email' => $request->input('email')]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);

Why: Eliminates SQL injection, removes deprecated mysql_* API (removed in PHP 7), and enables connection pooling.

High

Modernize callback hell to async/await

public/js/checkout.js

Legacy.diff

getCart(function(cart){
  validate(cart, function(err, ok){
    if (ok) charge(cart, function(res){ render(res); });
  });
});

Modernized.diff

const cart = await getCart();
const ok = await validate(cart);
if (ok) {
  const res = await charge(cart);
  render(res);
}

Why: Improves readability, enables structured error handling via try/catch, and removes nesting.

Critical

Replace MD5 password hashing with Argon2id

src/auth/Login.php

Legacy.diff

if (md5($password) === $row['password']) {
  login_user($row);
}

Modernized.diff

if (password_verify($password, $row['password'])) {
  login_user($row);
}
// On signup:
$hash = password_hash($password, PASSWORD_ARGON2ID);

Why: MD5 is cryptographically broken. Argon2id is memory-hard and the OWASP-recommended default.

Medium

Migrate jQuery DOM manipulation to native APIs

public/js/cart.js

Legacy.diff

$('.cart-item').live('click', function(){
  $(this).fadeOut(300, function(){ $(this).remove(); });
});

Modernized.diff

document.addEventListener('click', (e) => {
  const item = e.target.closest('.cart-item');
  if (!item) return;
  item.animate({ opacity: [1, 0] }, 300)
      .onfinish = () => item.remove();
});

Why: Removes 90KB jQuery dependency and uses event delegation that survives DOM updates.