Index: includes/password.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/password.inc,v
retrieving revision 1.2
diff -u -p -r1.2 password.inc
--- includes/password.inc	28 Apr 2008 09:25:26 -0000	1.2
+++ includes/password.inc	16 May 2008 01:56:02 -0000
@@ -173,7 +173,7 @@ function _password_get_count_log2($setti
  * @return
  *   A string containing the hashed password (and a salt), or FALSE on failure.
  */
-function user_hash_password($password, $count_log2 = 0) {
+function system_hash_password($password, $count_log2 = 0) {
   if (empty($count_log2)) {
     // Use the standard iteration count.
     $count_log2 = variable_get('password_count_log2', DRUPAL_HASH_COUNT);
@@ -184,10 +184,6 @@ function user_hash_password($password, $
 /**
  * Check whether a plain text password matches a stored hashed password.
  *
- * Alternative implementations of this function may use other data in the
- * $account object, for example the uid to look up the hash in a custom table
- * or remote database.
- *
  * @param $password
  *   A plain-text password
  * @param $account
@@ -196,7 +192,7 @@ function user_hash_password($password, $
  * @return
  *   TRUE or FALSE.
  */
-function user_check_password($password, $account) {
+function system_check_password($password, $account) {
   if (substr($account->pass, 0, 3) == 'U$P') {
     // This may be an updated password from user_update_7000(). Such hashes
     // have 'U' added as the first character and need an extra md5().
@@ -219,16 +215,13 @@ function user_check_password($password, 
  * DRUPAL_HASH_COUNT or if the user's password hash was generated in an update
  * like user_update_7000().
  *
- * Alternative implementations of this function might use other criteria based
- * on the fields in $account.
- *
  * @param $account
  *   A user object with at least the fields from the {users} table.
  *
  * @return
  *   TRUE or FALSE.
  */
-function user_needs_new_hash($account) {
+function system_needs_new_hash($account) {
   // Check whether this was an updated password.
   if ((substr($account->pass, 0, 3) != '$P$') || (strlen($account->pass) != 34)) {
     return TRUE;
Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.907
diff -u -p -r1.907 user.module
--- modules/user/user.module	7 May 2008 19:34:24 -0000	1.907
+++ modules/user/user.module	16 May 2008 01:56:02 -0000
@@ -214,8 +214,6 @@ function user_save($account, $array = ar
   $user_fields = $table['fields'];
 
   if (!empty($array['pass'])) {
-    // Allow alternate password hashing schemes.
-    require_once variable_get('password_inc', './includes/password.inc');
     $array['pass'] = user_hash_password(trim($array['pass']));
     // Abort if the hashing failed and returned FALSE.
     if (!$array['pass']) {
@@ -1289,8 +1287,6 @@ function user_authenticate($form_values 
   if (!empty($form_values['name']) && !empty($password)) {
     $account = db_fetch_object(db_query("SELECT * FROM {users} WHERE name = '%s' AND status = 1", $form_values['name']));
     if ($account) {
-      // Allow alternate password hashing schemes.
-      require_once variable_get('password_inc', './includes/password.inc');
       if (user_check_password($password, $account)) {
         if (user_needs_new_hash($account)) {
            $new_hash = user_hash_password($password);
Index: modules/user/user.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.pages.inc,v
retrieving revision 1.13
diff -u -p -r1.13 user.pages.inc
--- modules/user/user.pages.inc	14 Apr 2008 17:48:43 -0000	1.13
+++ modules/user/user.pages.inc	16 May 2008 01:56:02 -0000
@@ -363,3 +363,78 @@ function user_page() {
     return drupal_get_form('user_login');
   }
 }
+
+/**
+ * Hash a password using a secure hash.
+ *
+ * @param $password
+ *   A plain-text password.
+ * @param $count_log2
+ *   Optional integer to specify the iteration count. Generally used only during
+ *   mass operations where a value less than the default is needed for speed.
+ *
+ * @return
+ *   A string containing the hashed password (and a salt), or FALSE on failure.
+ */
+function user_hash_password($password, $count_log2 = 0) {
+  // Allow alternate password hashing schemes.
+  $base = variable_get('password_base', 'system');
+  $function = $base . '_hash_password';
+  if (drupal_function_exists($function)) {
+    return $function($password, $count_log2);
+  }
+  return FALSE;
+}
+
+/**
+ * Check whether a plain text password matches a stored hashed password.
+ *
+ * Alternative implementations of the default function may use other data in the
+ * $account object, for example the uid to look up the hash in a custom table
+ * or remote database.
+ *
+ * @param $password
+ *   A plain-text password
+ * @param $account
+ *   A user object with at least the fields from the {users} table.
+ *
+ * @return
+ *   TRUE or FALSE.
+ */
+function user_check_password($password, $account) {
+  // Allow alternate password hashing schemes.
+  $base = variable_get('password_base', 'system');
+  $function = $base . '_check_password';
+  if (drupal_function_exists($function)) {
+    return $function($password, $account);
+  }
+  return FALSE;
+}
+
+/**
+ * Check whether a user's hashed password needs to be replaced with a new hash.
+ *
+ * This is typically called during the login process when the plain text
+ * password is available.  A new hash is needed when the desired iteration count
+ * has changed through a change in the variable password_count_log2 or
+ * DRUPAL_HASH_COUNT or if the user's password hash was generated in an update
+ * like user_update_7000().
+ *
+ * Alternative implementations of the default function might use other criteria
+ * based on the fields in $account.
+ *
+ * @param $account
+ *   A user object with at least the fields from the {users} table.
+ *
+ * @return
+ *   TRUE or FALSE.
+ */
+function user_needs_new_hash($account) {
+  // Allow alternate password hashing schemes.
+  $base = variable_get('password_base', 'system');
+  $function = $base . '_needs_new_hash';
+  if (drupal_function_exists($function)) {
+    return $function($account);
+  }
+  return FALSE;
+}
