--- index.php.dist	2021-12-29 16:56:23.550774294 +0100
+++ index.php	2021-12-29 17:21:35.718723211 +0100
@@ -155,8 +155,8 @@
 
 if(isset($_POST['submit_login']) and !empty($_POST['input_user'])) {
     include('modules/sec_2fa/libs/TwoFactorAuth.class.php');
-    $pass_md5 = md5($_POST['input_pass']);
-    if($pACL->authenticateUser($_POST['input_user'], $pass_md5)) {
+    //$pass_md5 = md5($_POST['input_pass']);
+    if($pACL->authenticateUser($_POST['input_user'], $_POST['input_pass'])) {
         session_regenerate_id(TRUE);
 
         if(file_exists('modules/sec_2fa/libs/TwoFactorAuth.class.php')) {
@@ -176,7 +176,7 @@
                 $oPn = new paloSantoNavigation(array(), $smarty);
                 $oPn->putHEAD_JQUERY_HTML();
                 $_SESSION['2fa_user'] = $_POST['input_user'];
-                $_SESSION['2fa_pass'] = $pass_md5;
+                $_SESSION['2fa_pass'] = $_POST['input_pass'];
                 $sCurYear = date('Y');
                 if ($sCurYear < '2013') $sCurYear = '2013';
                 $smarty->assign("currentyear", $sCurYear);
@@ -200,7 +200,7 @@
         $_SESSION['refresh_token'] = $refresh_token;
     
         $_SESSION['issabel_user'] = $_POST['input_user'];
-        $_SESSION['issabel_pass'] = $pass_md5;
+        $_SESSION['issabel_pass'] = $_POST['input_pass'];
         header("Location: index.php");
         writeLOG("audit.log", "LOGIN $_POST[input_user]: Web Interface login successful. Accepted password for $_POST[input_user] from $_SERVER[REMOTE_ADDR].");
         exit;
@@ -217,8 +217,7 @@
 
 // 2) Autentico usuario
 if (isset($_SESSION['issabel_user']) &&
-    isset($_SESSION['issabel_pass']) &&
-    $pACL->authenticateUser($_SESSION['issabel_user'], $_SESSION['issabel_pass'])) {
+    isset($_SESSION['issabel_pass'])) {
 
     $idUser = $pACL->getIdUser($_SESSION['issabel_user']);
     $pMenu = new paloMenu($arrConf['issabel_dsn']['menu']);