sql_escape($username) . "'"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { $db->sql_freeresult($result); if (md5($password) == $row['user_password']) { return (empty($row['user_active'])) ? 0 : $row; } } return false; } ?>