The site was created in 2006 with little knowledge of security, so passwords were stored in md5() hashes without salt This is pure incompetence on your part, it being created in 2006 is not an excuse to have AWFUL security, you didn't realize maybe a decade later that you should probably update how...