Implement more secure password storage
Currently, it looks like user accounts in the database have their passwords stored as plaintext, which is a bad practice.
A simple and common alternative is to apply an md5, sha, or bcrypt hash to the password before storing it. Update the registration code to store hashed passwords, and update the login code to verify the hashed passwords match.