SQL:
ALTER TABLE `vms_kontodaten` ADD `pwsalt` VARCHAR(10) NOT NULL DEFAULT '' AFTER `passwort`;
lib/session.lib.php:
$login_check = db_query("SELECT k.uid,k.passwort,k.status,k.hinweis FROM 
                                        ".$db_prefix."_userdaten u
                                        LEFT JOIN ".$db_prefix."_kontodaten k ON k.uid=u.uid
WHERE u.nickname='".$_POST['nickname']."' AND k.passwort=MD5(CONCAT('".$_POST['passwort']."',k.pwsalt)) LIMIT 1");

//....

// Wenn beim User alles O.K. ist!
if ($login_check['status'] == 1) {
  db_query("UPDATE ".$db_prefix."_kontodaten SET login_ip='".$ip."' , loginzeit='".time()."' WHERE uid=".$login_check['uid']." and passwort=MD5(CONCAT('".$_POST['passwort']."',pwsalt)) LIMIT 1");
content/konto/userprofil.php:
if ($_POST['aendern'] == 'Jetzt ändern!') {
  // Passwort ändern beginn!
  if ($_POST['pwd'] && $_POST['pwd2']) {
    if ($_POST['pwd'] == $_POST['pwd2']) {
      if (strlen($_POST['pwd']) >= 8) {
	$pwsalt = create_code(10);
	db_query("UPDATE ".$db_prefix."_kontodaten SET passwort = MD5('".$_POST['pwd'].$pwsalt."'), pwsalt = '".$pwsalt."' WHERE uid=".$_SESSION['uid']."");
content/intern/anmelden.php:
if ($_POST['newsletter'] == 1 and $_POST['paidmails'] == 1) $mailstatus = 3;
$pwsalt = create_code(10);
db_query("INSERT INTO ".$db_prefix."_kontodaten (uid,passwort,pwsalt,status,hinweis,kontostand,login_ip) VALUES ('".$_POST['uid']."',MD5('".$_POST['passwort_1'].$pwsalt."'),'".$pwsalt."','0','','0','".$ip."')");
db_query("INSERT INTO ".$db_prefix."_emaildaten (uid,emailadresse,freigabe_fuer) VALUES ('".$_POST['uid']."','".$_POST['emailadresse']."','".$mailstatus."')");
content/intern/daten.php:
if ($daten_anfordern['emailadresse']) {
  $neues_passwort = create_code(8);
  $pwsalt = create_code(10);
  db_query ("UPDATE ".$db_prefix."_kontodaten SET passwort=MD5('".$neues_passwort.$pwsalt."'), salt='".$pwsalt."' WHERE uid=".$daten_anfordern['uid']."");
Legende:
neue Zeile
modifizierte Zeile