fixed excape

include/library/Crunchbutton/Admin/Auth.php

@@ -8,17 +8,14 @@ class Crunchbutton_Admin_Auth extends Cana_Model {
 
 	public static function localLogin($email, $password) {
 		$password = self::passwordEncrypt($password);
-		$query = sprintf('
+		$query = '
-			SELECT * 
+                        SELECT *
-			FROM admin
+                        FROM admin
-			WHERE
+                        WHERE
-				login="%s"
+                             	login="'.c::db()->escape($email).'"
-				AND pass="%s"
+                                AND pass="'.c::db()->escape($password).'"
-				AND active=1
+                                AND active=1
-				LIMIT 1',
+                                LIMIT 1';
-			@mysql_real_escape_string($email),
-			@mysql_real_escape_string($password)
-		);
 
 		return Admin::q($query)->get(0);