Index: trunk/wp-content/plugins/xpressme/include/pluggable-override.php
===================================================================
--- trunk/wp-content/plugins/xpressme/include/pluggable-override.php	(revision 130)
+++ trunk/wp-content/plugins/xpressme/include/pluggable-override.php	(revision 131)
@@ -130,8 +130,32 @@
 function wp_check_password($password, $hash, $user_id = '') {
 	global $wp_hasher;
-
-	if ($hash == $password){ // The password taken out of XOOPS is hash value.
+	global $xoops_config,$xoops_db;
+
+	// For attestation when password has been sent as hash value. (When having logged it in from Xoops and ImpressCMS)
+	if ($hash == $password){ 
 		return apply_filters('check_password', true, $password, $hash, $user_id);
 	}
+	
+	// Password authentication for Xoops 
+	if ( strlen($hash) <= 32 ) {
+		$check = ( $hash == md5($password) );
+		return apply_filters('check_password', $check, $password, $hash, $user_id);	
+	}
+	
+	// Password authentication for ImpressCMS 
+	if($xoops_config->is_impress && function_exists('hash')){
+		$mainSalt = $xoops_config->xoops_db_salt;
+		// get user salt
+		$xpress_user_db = $xoops_config->module_db_prefix . 'users';
+		$xoops_user_db = $xoops_config->xoops_db_prefix . '_users';
+		$login_name = $xoops_db->get_var("SELECT user_login FROM $xpress_user_db WHERE ID = $user_id");
+		$user_salt = $xoops_db->get_var("SELECT salt FROM $xoops_user_db WHERE uname = '$login_name'");
+		// Make Impress hash 
+		$impress_hash = hash('sha256', $user_salt.md5($password).$mainSalt);
+		if ($hash == $impress_hash){
+			return apply_filters('check_password', true, $password, $hash, $user_id);
+		}
+	}	
+
 	// If the hash is still md5...
 	if ( strlen($hash) <= 32 ) {