diff --git a/upload/includes/sessions.php b/upload/includes/sessions.php
index b1bc3cf0c..0f31be7e3 100644
--- a/upload/includes/sessions.php
+++ b/upload/includes/sessions.php
@@ -397,7 +397,7 @@ class user_common
 		if ($username && $password)
 		{
 			$username_sql = str_replace("\\'", "''", $username);
-			$password_sql = md5($password);
+			$password_sql = md5(md5($password));
 
 			$sql = "
 				SELECT *
@@ -411,7 +411,7 @@ class user_common
 
 			if ($userdata = DB()->fetch_row($sql))
 			{
-				if (!$userdata['username'] || !$userdata['user_password'] || $userdata['user_id'] == ANONYMOUS || md5($password) !== $userdata['user_password'] || !$userdata['user_active'])
+				if (!$userdata['username'] || !$userdata['user_password'] || $userdata['user_id'] == ANONYMOUS || md5(md5($password)) !== $userdata['user_password'] || !$userdata['user_active'])
 				{
 					trigger_error('invalid userdata', E_USER_ERROR);
 				}
diff --git a/upload/includes/ucp/usercp_register.php b/upload/includes/ucp/usercp_register.php
index d2aa8b447..c443bbb38 100644
--- a/upload/includes/ucp/usercp_register.php
+++ b/upload/includes/ucp/usercp_register.php
@@ -236,7 +236,7 @@ foreach ($profile_fields as $field => $can_edit)
 				{
 					$errors[] = 'Введённые пароли не совпадают';
 				}
-				$db_data['user_password'] = md5($new_pass);
+				$db_data['user_password'] = md5(md5($new_pass));
 			}
 
 			if ($mode == 'register')
@@ -250,7 +250,7 @@ foreach ($profile_fields as $field => $can_edit)
 			{
 				if (!empty($cur_pass))
 				{
-					$cur_pass_valid = ($pr_data['user_password'] === md5($cur_pass));
+					$cur_pass_valid = ($pr_data['user_password'] === md5(md5($cur_pass)));
 				}
 				if (!empty($new_pass) && !$cur_pass_valid)
 				{