There were no any changes in passwords-related code between Mibew 1.6.7 and 1.6.8.
You've gave a link to the commit in the
master branch which stands for the upcoming Mibew 2.0. And that commit is actually just a port of
this commit in the
legacy branch.
The switch to a properly salted and hashed passwords was between Mibew 1.6.5 and Mibew 1.6.6. But we saved the backwards compatibility with old hashing, so that's why install script still use plain MD5 hashing. Since one should change the default empty password anyway.
So... For now I don't know what's your problem. Do you use the same database for your new Mibew installation or a new one? Are there any messages in error logs?