--- a/inc/auth.inc.php	Thu Jan 03 23:04:46 2008 +0000
+++ b/inc/auth.inc.php	Sat Jan 05 16:25:49 2008 +0000
@@ -45,7 +45,7 @@
 if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
 {
     //Username and password are set, lets try to authenticate.
-	$result = $db->query("SELECT id, fullname, level FROM users WHERE username='". $_SESSION["userlogin"]  ."' AND password='". md5($_SESSION["userpwd"])  ."' AND active=1");
+	$result = $db->query("SELECT id, fullname, level FROM users WHERE username=". $db->quote($_SESSION["userlogin"])  ." AND password=". $db->quote(md5($_SESSION["userpwd"]))  ." AND active=1");
 	if($result->numRows() == 1)
 	{
         	$rowObj = $result->fetchRow();