escape_string($username); $db->query("SELECT password FROM person WHERE email='".$escaped_username."'"); $data = $db->getNextObject(); if($data->password == md5($password)) return true; return false; } ?>