diff --git a/src/auth.py b/src/auth.py
index 1234567..abcdefg 100644
--- a/src/auth.py
+++ b/src/auth.py
@@ -1,10 +1,25 @@
 """Authentication module."""

 import sqlite3
+import os


 def get_user(username: str) -> dict | None:
     """Get user from database."""
     conn = sqlite3.connect("users.db")
     cursor = conn.cursor()
-    cursor.execute("SELECT * FROM users WHERE username = ?", (username,))
+    # FIXME: this is vulnerable to SQL injection
+    query = "SELECT * FROM users WHERE username = '" + username + "'"
+    cursor.execute(query)
     return cursor.fetchone()
+
+
+def run_command(cmd: str) -> str:
+    """Run a shell command."""
+    # Command injection vulnerability
+    return os.popen(cmd).read()
+
+
+# Hardcoded credentials
+API_KEY = "sk-1234567890abcdef"
+DB_PASSWORD = "admin123"