I have been trying to figure out the right syntax to use but can't seem to figure it out. This is part of the code that i think is being affected.
private function _check_db($username, $password) {
global $db;
$user_row = $db->get_row("SELECT * FROM `user`, WHERE `username`= '". $db->escape($username) ."'");
//general return
if(is_object($user_row) && md5($user_row->password) == $password)
return true;
else
return false;
}