[eluser]IanMcQ[/eluser]
Thanks.
The reason why I've switched authentication systems is because I believe a hacker abused the (bad) system that I had set up w/ CI. You see, I wanted to be able to access user data DIRECTLY from the database. So, I ran a hook on every page to update the session information ($this->session->set_userdata) to keep the session in sync with the database. The session data (cookie, ci_session) had EVERYTHING about a user, including things like issiteadmin=1, etc.
So, my guess is a hacker screwed with his or her browser to change that cookie to say issiteadmin=0 to issiteadmin=1. Thus, giving them access to my web-based admin panel.
As to the new authentication system... well, I'll keep that a secret.