This is the most moronic thing I have ever heard. You should be using bcrypt at the very least. Sort this mess out. Sites should not at all be using MD5 these days for hashing+salting passwords; it's obsolete and easily reversed. Your incompetence is putting your users and their customers in danger.
github.com/abantecart/abantecart-src/blob/b303515a1ab790adede7ef227339e3f28e4ee97a/public_html/core/lib/encryption.php#L97
github.com/abantecart/abantecart-src/blob/b303515a1ab790adede7ef227339e3f28e4ee97a/public_html/core/lib/encryption.php#L97