I found terrible mistakes and I didn't search it all
Few questions
1) Poor coded on front end.
2) What PHP7 updates you did and how you used them?
3) How the MySQL is connected from PHP
4) So many other questions to answer but no... it works and we don't see errors means we buy it right?
here is a small example of deprications
<b>Strict Standards</b>: Non-static method Donate\Vendor\File::listSubdirs() should not be called statically in <b>/home/asmanavi/domains/demo.l2ds.eu/public_html/app/views/admin/config_form.view.php
From my perspective lot of unnecessary functions, old bypassable captchas, unknown algorithm method used for passwords, POST/GETS (I want to think they are cleaned) uses propably 99% same method names and I could go on, since so many information is not known... in other words this is a fast show off for kids. good front end by the way..
PS : if the PHP is written as the HTML in front end better trash it