I am using the auth system to integrate login with other CMS. Theres no problem with it, the problem is other.
The integrated CMS does a check for some "illegal" characters in the url, and one of those is ";". If it finds one of those characters, it will display a "Access Denied" Message.

The problem is that sometimes phpBB urls have "&" instead of "&"... The places where I see those errors most are:
When using phpBB login form
MCP functions like Move topic, lock topic, ban/warn users...
Changing password/email in UCP

If I remove that part of the CMS that does the illegal characters check, my website will be more vunerable to sql attacks.