Source: login (security level: low)
Flip the security level in the header to compare the vulnerable and fixed code paths.
<?php // LOW: username concatenated raw -> classic auth bypass (e.g. username: admin'-- )
$q = "SELECT id,uname FROM users WHERE uname='$u' AND pass='".md5($p)."'";
$res=@mysqli_query(db(),$q); $ok=false; $loginname=$u;
if($res && $row=mysqli_fetch_assoc($res)){ $ok=true; $loginname=$row['uname']; }