Restored some changes from the last commit. Turns out, the HASHSALT_FILE is still used elsewhere ó_Ò

fp-includes/core/core.system.php

@@ -59,6 +59,15 @@ function system_save($file, $array) {
 	// } else die('Wrong number of parameters!');
 }
 
+function system_hashsalt_save($force = false) {
+	global $fp_config;
+	if ($force || !file_exists(HASHSALT_FILE))
+		return system_save(HASHSALT_FILE, array(
+			'fp_hashsalt' => $fp_config ['general'] ['blogid'] . ABS_PATH . BLOG_BASEURL . mt_rand()
+		));
+	return true;
+}
+
 define('SYSTEM_VER', '1.2.dev');
 
 function system_ver() {

fp-includes/core/core.users.php

@@ -59,9 +59,6 @@ function user_login($userid, $pwd, $params = null) {
 		user_add($user);
 		// ... and update user data from re-read user file
 		$user = user_get($userid);
-
-		// after updating the user, we don't need the password hash file any more
-		io_delete_file(HASHSALT_FILE);
 	}
 
 	if ($loggedin) {

setup/lib/main.lib.php

@@ -131,6 +131,8 @@ function validate() {
 
 	config_save();
 
+	system_hashsalt_save();
+
 	user_add($user);
 
 	return true;