- $password = crypt $password, substr($login, 0, 2) if (!$password || !$is_crypted);
- $stored_password = crypt $stored_password, substr($login, 0, 2) if (!$stored_password);
+ # Empty password hashes in the database mean just that -- empty
+ # passwords. Hash it for easier comparison.
+ $stored_password = SL::Auth::Password->hash(password => $stored_password) unless $stored_password;
+ ($algorithm, $stored_password) = SL::Auth::Password->parse($stored_password);
+ ($algorithm2, $password) = SL::Auth::Password->parse(SL::Auth::Password->hash_if_unhashed(password => $password, algorithm => $algorithm, login => $login));