Critical vulnerability alert - Auth bypass

Lines 7 to 8 in 1015ba6

    
           $query = "select * from amb_reg where email='$email' and password='$p'"; 
        
           $result = mysqli_query($db, $query);

In above code due to SQLinjection an un authenticated user can pass payload like cjhackerz@example.com' or '1'='1'-- as email to render query always true and select any table from database so entire AND condition will be ignored and any one will be able to login without password.

	$query = "select * from amb_reg where email='$email' and password='$p'";
	$result = mysqli_query($db, $query);