=== modified file 'modules/user/user.install'
--- modules/user/user.install	2007-11-04 14:33:06 +0000
+++ modules/user/user.install	2007-11-22 15:37:20 +0000
@@ -282,3 +282,9 @@ function user_schema() {
   return $schema;
 }
 
+function user_update_1() {
+  $ret = array();
+  // pgsql only has a two op concat.
+  $ret[] = update_sql('UPDATE {users} SET pass = MD5(CONCAT(CONCAT(pass, init), created))');
+  return $ret;
+}

=== modified file 'modules/user/user.module'
--- modules/user/user.module	2007-11-20 13:44:38 +0000
+++ modules/user/user.module	2007-11-22 15:38:45 +0000
@@ -149,7 +149,8 @@ function user_load($array = array()) {
       $params[] = $value;
     }
     else if ($key == 'pass') {
-      $query[] = "pass = '%s'";
+      // postgresql only has a two op concat.
+      $query[] = "pass = MD5(CONCAT(CONCAT('%s', init), created))";
       $params[] = md5($value);
     }
     else {
@@ -202,7 +203,8 @@ function user_save($account, $array = ar
   if (is_object($account) && $account->uid) {
     user_module_invoke('update', $array, $account, $category);
     $query = '';
-    $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
+    $old_account = db_fetch_object(db_query('SELECT data, init, created FROM {users} WHERE uid = %d', $account->uid));
+    $data = unserialize($old_account->data);
     // Consider users edited by an administrator as logged in, if they haven't
     // already, so anonymous users can view the profile (if allowed).
     if (empty($array['access']) && empty($account->access) && user_access('administer users')) {
@@ -211,7 +213,7 @@ function user_save($account, $array = ar
     foreach ($array as $key => $value) {
       if ($key == 'pass' && !empty($value)) {
         $query .= "$key = '%s', ";
-        $v[] = md5($value);
+        $v[$key] = md5($value);
       }
       else if ((substr($key, 0, 4) !== 'auth') && ($key != 'pass')) {
         if (in_array($key, $user_fields)) {
@@ -230,6 +232,11 @@ function user_save($account, $array = ar
         }
       }
     }
+    if (isset($values['pass'])) {
+      $init = isset($values['init']) ? $values['init'] : $old_account->init;
+      $created = isset($values['created']) ? $values['created'] : $old_account->created;
+      $values['pass'] = md5($values['pass'] . $init . $created);
+    }
     $query .= "data = '%s' ";
     $v[] = serialize($data);
 
@@ -287,25 +294,28 @@ function user_save($account, $array = ar
       switch ($key) {
         case 'pass':
           $fields[] = $key;
-          $values[] = md5($value);
+          $values[$key] = md5($value);
           $s[] = "'%s'";
           break;
         case 'mode':       case 'sort':     case 'timezone':
         case 'threshold':  case 'created':  case 'access':
         case 'login':      case 'status':
           $fields[] = $key;
-          $values[] = $value;
+          $values[$key] = $value;
           $s[] = "%d";
           break;
         default:
           if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
             $fields[] = $key;
-            $values[] = $value;
+            $values[$key] = $value;
             $s[] = "'%s'";
           }
           break;
       }
     }
+    if (isset($values['pass'])) {
+      $values['pass'] = md5($values['pass'] . (isset($values['init']) ? $values['init'] : '') . $values['created']);
+    }
     db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
     $array['uid'] = db_last_insert_id('users', 'uid');