Emails should be hashed with SHA1. That way in the event of a data breach, people can’t spam all your users’ emails.
MySQL has the built-in
SHA1() function for this.
Here’s how you would change all the current plain-text emails to hashed emails.
UPDATE `accounts` SET `email` = SHA1(`email`);
Here’s how to hash the email when inserting it on register.
INSERT INTO `accounts` (`username`, `email`) VALUES ('$username', SHA1('$email'))
Here’s how to find the account of the email for pages such as forgot password (which you’re missing right now, you need to add Forgot password page)
SELECT `username` FROM `accounts` WHERE `email` = SHA1('$email')
Hope you do this soon, everyone makes mistakes that lead to accidental disclosures of information. And you’re not the most cautious person, so hashing the emails before an angry competitor such as razu or Henix has the time to find a bug in RestoreCord is a good idea.
If a user forgets their email, you can confirm they’re the actual owner with their IP address.