Though theres another downside to that, if he "Forgets" to change the code aswell, people would constantly need access to the files themselfs to make sure, someone trusted.
As requested by @CensoredExe, I have reviewed the code and discovered the following findings:
Due to the use of rand(0, 100) < 50, the house wins 51 times for 50 losses. This means a players probability of winning is approximately 49.5%.
Edit: @CensoredExe has edited the code so that it is no 50:50. However, as this change was not visible to users, this simply demonstrates the below point further.
There is no method of verifying that an individual bet transaction was using this probability. It is possible that the site administrators can change the probability for individual transactions or individual users.
All IP addresses for users are logged and viewable by site administrators.
Site administrators have the ability to edit transaction history and account balances without any record of this happening.
There is no method of verifying if the site administrators have enough money to pay back any money deposited.
Passwords are stored and hashed using the default PHP password hashing methods. They are not currently stored in a raw format.
There are various SQL injection vulnerabilities on the administration pages. They are unlikely to be exploitable by non-administrators I have highlighted these to @CensoredExe.
Site administration functionality does not use CSRF tokens, so the ability to manage accounts is vulnerable. This means it is possible for someone to deposit a fake amount of money onto the casino.
All of this is true at the time of writing. Some of these findings may change in the future.
Based on this, I am not in a position to verify the trustworthiness of the website, or it's legality.
This third part website is not endorsed by the Perpheads Development team.
I will be happy to re-review this at a future stage if changes are made.
Pretty sure you cannot log IP addresses without the user's permission. Also, you should use a framework. Don't try to implement your own security system, its useless to reinvent the wheel. If you don't want a large one bloated with too many features, there are a vast array of lightweight ones out there, even for the devil's language: php. @CensoredExe
@Sneaky this does not seem to be the case as this website doesn't contain sensitive information. And if so, there should be an option to completely delete all the information they have store about a user (and also to download all of it).