Fixed login vulnerability

git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@1224 e3e1d417-86f3-4887-817a-d78f3d33393f

web/zm_funcs.php

@@ -22,7 +22,7 @@ function userLogin( $username, $password )
 {
 	global $user, $cookies, $_SESSION, $_SERVER;
 
-	$sql = "select * from Users where Username = '$username' and Password = password('$password') and Enabled = 1";
+	$sql = "select * from Users where Username = '".mysql_escape_string($username)."' and Password = password('".mysql_escape_string($password)."') and Enabled = 1";
 	$result = mysql_query( $sql );
 	if ( !$result )
 		echo mysql_error();