Detail: Check for valid chars for username & password.
Find:
else {
$user_name = trim($HTTP_POST_VARS['user_name']);
$user_password = trim($HTTP_POST_VARS['user_password']);
replace:
else {
$user_name = (isset($HTTP_POST_VARS['user_name'])) ? trim($HTTP_POST_VARS['user_name']) : "";
$user_name = preg_replace("/[^A-Za-z0-9_-]+/i", "", $user_name);
$user_password = (isset($HTTP_POST_VARS['user_password'])) ? trim($HTTP_POST_VARS['user_password']) : "";
$user_password = preg_replace("/[^A-Za-z0-9_-]+/i", "", $user_password);
user no use other char with
A-Z a-z0-9_- for user name and password.