@: I have noticed a few concerns with this kit.
Although you are using mysqli … you are not doing any form of SQL Injection protection. You may need to look at this to try and protect the Backend Services a little better.
Your passwords are also being stored in the database in plain text, if the database ever gets compromised all your user accounts will be compromised. You may need to look at doing some type of one-way encryption with a salt to the system.
You can also optimise the kit by adding a require_once function call on each page and include your DB details from there, this will make it more efficient and easier to use.
I also recommend that you clear the register form in UMG once you have registered an account successfully. On failure you should at least clear the password and confirm password as a precautionary measure.
On a side note, I had to change some of the PHP code in order to run properly on Linux and on my local development machine.