i haz no idea what the domain name hazto do with anything but if its 100% custom made and if you use databases i hope you search your database with prepare statements and not mysql_real_escape_string or whatever thats called. the same with using md5 or sha1 for hashing passwords, its totally useless.