The database credentials are hardcoded in the PHP code, which is visible by anyone with access to our Git repository. We need to come up with an alternate system so that our passwords are not leaked to the public.

Files

• sql.php
• getTeam.php
• pit.php

Let me know if you can see any others.

Follow up: might be a good idea to remove the MySQL username & the database name.

Alright, it's done, passwords are removed. If anyone ever tries to host this they'll need the .db-password file with the password in it (we should probably make a setup script for that).