diff --git a/web/zm_actions.php b/web/zm_actions.php
index 976d02910..941090cce 100644
--- a/web/zm_actions.php
+++ b/web/zm_actions.php
@@ -1535,10 +1535,12 @@ if ( isset($action) )
 			$types = array();
 			$changes = getFormChanges( $db_user, $new_user, $types );
 
+			if ( $new_user['Password'] )
+				$changes['Password'] = "Password = password('".$new_user['Password']."')";
+			else
+				unset( $changes['Password'] );
 			if ( count( $changes ) )
 			{
-				if ( $changes['Password'] )
-					$changes['Password'] = "Password = password('".$new_user['Password']."')";
 				if ( $uid > 0 )
 				{
 					$sql = "update Users set ".implode( ", ", $changes )." where Id = '$uid'";
@@ -1550,13 +1552,13 @@ if ( isset($action) )
 				$result = mysql_query( $sql );
 				if ( !$result )
 					die( mysql_error() );
-				$view = 'none';
 				$refresh_parent = true;
 				if ( $db_user['Username'] == $user['Username'] )
 				{
 					userLogin( $db_user['Username'], $db_user['Password'] );
 				}
 			}
+			$view = 'none';
 		}
 		elseif ( $action == "state" )
 		{
diff --git a/web/zm_funcs.php b/web/zm_funcs.php
index fc12647c8..01ff41881 100644
--- a/web/zm_funcs.php
+++ b/web/zm_funcs.php
@@ -37,13 +37,24 @@ function userLogin( $username, $password="" )
 		global $_SESSION, $_SERVER;
 	}
 
-	if ( ZM_AUTH_TYPE == "builtin" )
+	if ( version_compare( phpversion(), "4.3.0", "<") )
 	{
-		$sql = "select * from Users where Username = '".mysql_escape_string($username)."' and Password = password('".mysql_escape_string($password)."') and Enabled = 1";
+		$mysql_username = mysql_escape_string($username);
+		$mysql_password = mysql_escape_string($password);
 	}
 	else
 	{
-		$sql = "select * from Users where Username = '".mysql_escape_string($username)."' and Enabled = 1";
+		$mysql_username = mysql_real_escape_string($username);
+		$mysql_password = mysql_real_escape_string($password);
+	}
+
+	if ( ZM_AUTH_TYPE == "builtin" )
+	{
+		$sql = "select * from Users where Username = '$mysql_username' and Password = password('$mysql_password') and Enabled = 1";
+	}
+	else
+	{
+		$sql = "select * from Users where Username = '$mysql_username' and Enabled = 1";
 	}
 	$result = mysql_query( $sql );
 	if ( !$result )
diff --git a/web/zm_html_view_user.php b/web/zm_html_view_user.php
index ff395f4f6..d1d356896 100644
--- a/web/zm_html_view_user.php
+++ b/web/zm_html_view_user.php
@@ -65,11 +65,7 @@ function validateForm(form)
 	{
 		errors[errors.length] = "You must supply a username";
 	}
-	if ( !form.elements['new_user[Password]'].value )
-	{
-		errors[errors.length] = "You must supply a password";
-	}
-	else
+	if ( form.elements['new_user[Password]'].value )
 	{
 		if ( !form.conf_password.value )
 		{
@@ -80,6 +76,17 @@ function validateForm(form)
 			errors[errors.length] = "The new and confirm passwords are different";
 		}
 	}
+<?php
+if ( !$new_user['Password'] )
+{
+?>
+	else
+	{
+		errors[errors.length] = "You must supply a password";
+	}
+<?php
+}
+?>
 	if ( errors.length )
 	{
 		alert( errors.join( "\n" ) );
@@ -104,8 +111,8 @@ function closeWindow()
 <input type="hidden" name="action" value="user">
 <input type="hidden" name="uid" value="<?= $uid ?>">
 <tr><td align="right" class="text"><?= $zmSlangUsername ?></td><td align="left" class="text"><input type="text" name="new_user[Username]" value="<?= $new_user['Username'] ?>" size="16" class="form"></td></tr>
-<tr><td align="right" class="text"><?= $zmSlangNewPassword ?></td><td align="left" class="text"><input type="password" name="new_user[Password]" value="<?= $new_user['Password'] ?>" size="16" class="form"></td></tr>
-<tr><td align="right" class="text"><?= $zmSlangConfirmPassword ?></td><td align="left" class="text"><input type="password" name="conf_password" value="<?= $new_user['Password'] ?>" size="16" class="form"></td></tr>
+<tr><td align="right" class="text"><?= $zmSlangNewPassword ?></td><td align="left" class="text"><input type="password" name="new_user[Password]" value="" size="16" class="form"></td></tr>
+<tr><td align="right" class="text"><?= $zmSlangConfirmPassword ?></td><td align="left" class="text"><input type="password" name="conf_password" value="" size="16" class="form"></td></tr>
 <tr><td align="right" class="text"><?= $zmSlangLanguage ?></td><td align="left" class="text"><?= buildSelect( "new_user[Language]", $langs ) ?></td></tr>
 <tr><td align="right" class="text"><?= $zmSlangEnabled ?></td><td align="left" class="text"><?= buildSelect( "new_user[Enabled]", $yesno ) ?></td></tr>
 <tr><td align="right" class="text"><?= $zmSlangStream ?></td><td align="left" class="text"><?= buildSelect( "new_user[Stream]", $nv ) ?></td></tr>
