After

	function txp_validate($user,$password)
	{
		include_once txpath.'/lib/txplib_admin.php';

		$safe_user = doSlash($user);
		$pass_hash = doSlash(generate_pwd_hash(doSlash($password)));

		$name = safe_field("name", "txp_users", "name = '$safe_user' and pass = '".$pass_hash."' and privs > 0");
		if ($name !== FALSE)
		{
			// update the last access time
			safe_update("txp_users", "last_access = now()", "name = '$safe_user'");
			return $name;

		}

		return false;
	}

Before

	function txp_validate($user,$password)
	{
		$safe_user = doSlash($user);
		$passwords = array();

		$passwords[] = "password(lower('".doSlash($password)."'))";
		$passwords[] = "password('".doSlash($password)."')";

		if (version_compare(mysql_get_server_info(), '4.1.0', '>='))
		{
			$passwords[] = "old_password(lower('".doSlash($password)."'))";
			$passwords[] = "old_password('".doSlash($password)."')";
		}

		$name = safe_field("name", "txp_users",
			"name = '$safe_user' and (pass = ".join(' or pass = ', $passwords).") and privs > 0");

		if ($name !== FALSE)
		{
			// update the last access time
			safe_update("txp_users", "last_access = now()", "name = '$safe_user'");
			return $name;

		}
		
		return false;
	}