Normal
XAMPP's security issues can be sorted, however, it is best to only use it on a development environment not on a live one.Not to get down to the real problem! You said the attackers got access to the database, now this goes beyond any exploits known to any habbo content management systems, the attackers could execute a piece of code that could make changes to your database and/or drop certain tables or even the entire database itself yes, however, they cannot view the data parsed/inserted/present in the database. If the attackers are able to view that data, this means they either have a shell put onto your system OR someone has access to your server.Otherwise, can you paste your 'class.users.php'?
XAMPP's security issues can be sorted, however, it is best to only use it on a development environment not on a live one.
Not to get down to the real problem! You said the attackers got access to the database, now this goes beyond any exploits known to any habbo content management systems, the attackers could execute a piece of code that could make changes to your database and/or drop certain tables or even the entire database itself yes, however, they cannot view the data parsed/inserted/present in the database. If the attackers are able to view that data, this means they either have a shell put onto your system OR someone has access to your server.
Otherwise, can you paste your 'class.users.php'?