Hi,
I have 8 years experience in PHP development and can definitely point out the vulnerabilities on your website.
Here is a free one: Although you are enforcing SSL but your cookies do not have secure flag set.
Note that we won't be able to fix your code for $30, but we will point out the vulnerabilities and point you in the right direction.
Looking forward to work with you.
Regards,
Jatinder Thind