Code based is cool, but it has meltable issues

I found about Security Vulnerabilities
1- 2 SQL Injection Risks
2- Authorization Inconsistencies
3- File Upload Vulnerabilities
4- Token Security Issues.
5- Payment Gateway Security

You might enhance this, You have to conceder this is not something better for live and large scale.
You must invest in securing this app before use.
over all it is good to start with