A rather large and important update:

revised most of the SQL queries and tried to make drupal as secure as possible (while trying to avoid redundant/duplicate checks).  For drupal's sake, try to screw something up.  See the mail about PHPNuke being hacked appr. 6 days ago.  The one who finds a problem is rewarded a beer (and I'm willing to ship it to Norway if required).  I beg you to be evil.  Try dumping a table a la "http://localhost/index.php?date=77778;DROP TABLE users" or something. ;)