diff --git a/modules/member/member.class.php b/modules/member/member.class.php
index 5b842752c..ee17290ad 100644
--- a/modules/member/member.class.php
+++ b/modules/member/member.class.php
@@ -6,6 +6,8 @@
      **/
     class member extends ModuleObject {
 
+		var $useSha1 = false;
+
         /**
          * @brief constructor
          **/
diff --git a/modules/member/member.controller.php b/modules/member/member.controller.php
index 0919a606c..58b62a69b 100644
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@@ -721,7 +721,7 @@
 			$columnList = array('member_srl', 'password');
             $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
             // Verify the cuttent password
-            if(!$oMemberModel->isValidPassword($member_info->password, $current_password)) return new Object(-1, 'invalid_password');
+            if(!$oMemberModel->isValidPassword($member_info->password, $current_password, $member_srl)) return new Object(-1, 'invalid_password');
 
             // Check if a new password is as same as the previous password
             if ($current_password == $password) return new Object(-1, 'invalid_new_password');
@@ -1531,7 +1531,7 @@
 		    if(!$user_id || strtolower($this->memberInfo->user_id) != strtolower($user_id)) return new Object(-1, 'invalid_user_id');
 	    }
             // Password Check
-            if($password && !$oMemberModel->isValidPassword($this->memberInfo->password, $password)) return new Object(-1, 'invalid_password');
+            if($password && !$oMemberModel->isValidPassword($this->memberInfo->password, $password, $this->memberInfo->member_srl)) return new Object(-1, 'invalid_password');
             // If denied == 'Y', notify
             if($this->memberInfo->denied == 'Y') {
                 $args->member_srl = $this->memberInfo->member_srl;
@@ -1944,7 +1944,23 @@
             	$cache_key = 'object:'.$args->member_srl;
             	$oCacheHandler->delete($cache_key);
             }
-            $args->password = md5($args->password);
+
+			if($args->password)
+			{
+				if($this->useSha1 && function_exists('sha1'))
+				{
+					$args->password = md5(sha1(md5($args->password)));
+				}
+				else
+				{
+					$args->password = md5($args->password);
+				}
+			}
+			else if($args->hashed_password)
+			{
+				$args->password = $args->hashed_password;
+			}
+
             return executeQuery('member.updateMemberPassword', $args);
         }
 
diff --git a/modules/member/member.model.php b/modules/member/member.model.php
index e55ac0aae..6bdbd59d7 100644
--- a/modules/member/member.model.php
+++ b/modules/member/member.model.php
@@ -710,19 +710,56 @@
         /**
          * @brief Compare plain text password to the password saved in DB
          **/
-        function isValidPassword($hashed_password, $password_text) {
+        function isValidPassword($hashed_password, $password_text, $member_srl=null) {
             // False if no password in entered
             if(!$password_text) return false;
+
+			$isSha1 = ($useSha1 && function_exists('sha1'));
+
             // Return true if the user input is equal to md5 hash value
-            if($hashed_password == md5($password_text)) return true;
+            if($hashed_password == md5($password_text)){
+				if($isSha1 && $member_srl > 0)
+				{
+					$args = new stdClass();
+					$args->member_srl = $member_srl;
+					$args->hashed_password = md5(sha1(md5($password_text)));
+					$oMemberController = &getController('member');
+					$oMemberController->updateMemberPassword($args);
+				}
+				return true;
+			}
+
             // Return true if the user input is equal to the value of mysql_pre4_hash_password
-            if(mysql_pre4_hash_password($password_text) == $hashed_password) return true;
+            if(mysql_pre4_hash_password($password_text) == $hashed_password){
+				if($isSha1 && $member_srl > 0)
+				{
+					$args = new stdClass();
+					$args->member_srl = $member_srl;
+					$args->hashed_password = md5(sha1(md5($password_text)));
+					$oMemberController = &getController('member');
+					$oMemberController->updateMemberPassword($args);
+				}
+				return true;
+			}
+				
             // Verify the password by using old_password if the current db is MySQL. If correct, return true.
             if(substr(Context::getDBType(),0,5)=='mysql') {
                 $oDB = &DB::getInstance();
-                if($oDB->isValidOldPassword($password_text, $hashed_password)) return true;
+                if($oDB->isValidOldPassword($password_text, $hashed_password)){
+					if($isSha1 && $member_srl > 0)
+					{
+						$args = new stdClass();
+						$args->member_srl = $member_srl;
+						$args->hashed_password = md5(sha1(md5($password_text)));
+						$oMemberController = &getController('member');
+						$oMemberController->updateMemberPassword($args);
+					}
+					return true;
+				}
             }
 
+			if($isSha1 && $hashed_password == md5(sha1(md5($password_text)))) return true;
+
             return false;
         }