diff --git a/db/db.code.version.txt b/db/db.code.version.txt
index 8cf5c1a..84df352 100644
--- a/db/db.code.version.txt
+++ b/db/db.code.version.txt
@@ -1 +1 @@
-86
+87
diff --git a/db/db.update.87.php b/db/db.update.87.php
new file mode 100644
index 0000000..89fca2c
--- /dev/null
+++ b/db/db.update.87.php
@@ -0,0 +1,47 @@
+<?
+function db_update_87_post()
+{
+	global $config;
+
+	$q = mysql_query("SELECT id,types,passwordset FROM users");
+	while($i = mysql_fetch_object($q)) {
+		$id = $i->id;
+		$types = explode(',', $i->types);
+		$expiry = $i->passwordset;
+
+		if($expiry == NULL) {
+			$newval = 'created';
+		} else if($expiry == '0000-00-00') {
+			$newval = false;
+		} else {
+			/* Find the expiry based on the type */
+			$longest_expiry = 0;
+			foreach($types as $t) {
+				$e = $config["{$t}_password_expiry_days"];
+				if($e == 0) {
+					/* Catch a never expire case. */
+					$longest_expiry = 0;
+					break;
+				} else if($e > $longest_expiry) {
+					$longest_expiry = $e;
+				}
+			}
+			if($longest_expiry == 0) {
+				/* Password never expires, set the password
+				 * set time to the creation time */
+				$newval = 'created';
+			} else {
+				/* Compute when the password was set */
+				$newval = date('Y-m-d',
+					strtotime("$expiry -$longest_expiry days"));
+				$newval = "'$newval'";
+			}
+		}
+		if($newval != false) {
+			$query = "UPDATE users SET passwordset=$newval WHERE id='$id'";
+			echo "$query\n";
+			mysql_query($query);
+		}
+	}
+}
+?>
diff --git a/db/db.update.87.sql b/db/db.update.87.sql
new file mode 100644
index 0000000..4fd8a20
--- /dev/null
+++ b/db/db.update.87.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `users` CHANGE `passwordexpiry` `passwordset` DATE NULL DEFAULT NULL ;
+
diff --git a/db/db_update.php b/db/db_update.php
index 01809f6..b414509 100644
--- a/db/db_update.php
+++ b/db/db_update.php
@@ -34,7 +34,12 @@ if(!$dbdbversion)
 /* Get the fair year */
 $q=mysql_query("SELECT val FROM config WHERE var='FAIRYEAR' AND year='0'");
 $r=mysql_fetch_object($q);
-$fairyear=$r->val;
+$config = array('FAIRYEAR' => $r->val);
+
+/* Load config just in case there's a PHP script that wants it */
+$q=mysql_query("SELECT * FROM config WHERE year='{$config['FAIRYEAR']}'");
+while($r=mysql_fetch_object($q)) $config[$r->var]=$r->val;
+
 
 require_once("../config_editor.inc.php"); // For config_update_variables()
 
@@ -90,13 +95,12 @@ if($dbcodeversion && $dbdbversion)
 		}
 		if($db_update_skip_variables != true) {
 			echo "\nUpdating Configuration Variables...\n";
-			config_update_variables($fairyear);
+			config_update_variables($config['FAIRYEAR']);
 		}
 
 		echo "\nAll done - updating new DB version to $dbcodeversion\n";
 		mysql_query("UPDATE config SET val='$dbcodeversion' WHERE var='DBVERSION' AND year='0'");
 
-
 	}
 
 }
diff --git a/user.inc.php b/user.inc.php
index 5796e49..ef726f6 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -336,7 +336,7 @@ function user_add_role_allowed($type, $u)
 function user_create($type, $u = NULL)
 {
 	if(!is_array($u)) {
-		mysql_query("INSERT INTO users (`types`,`passwordexpiry`,`created`) 
+		mysql_query("INSERT INTO users (`types`,`passwordset`,`created`) 
 				VALUES ('$type', '0000-00-00', NOW())");
 		$uid = mysql_insert_id();
 	} else {
diff --git a/user_login.php b/user_login.php
index 13e9f67..920081b 100644
--- a/user_login.php
+++ b/user_login.php
@@ -143,17 +143,40 @@
 			$_SESSION['users_id']=$u['id'];
 			$_SESSION['users_type']=$type;
 
-			/* Check for an expired password */
-			if($u['passwordexpiry'] == NULL) {
-				unset($_SESSION['password_expired']);
-			} else {
-				$now = date('Y-m-d H:i:s');
-				if($now > $u['passwordexpiry']) {
-					$_SESSION['password_expired'] = true;
-					/* The main page (or any other user page) will catch this now and
-					 * require them to set a password */
+			/* Load the password expiry for each user type, and
+			 * find the longest expiry, which is the one we'll use
+			 * for this user to determine if the passwd has
+			 * expired. */
+			$longest_expiry = 0;
+			foreach($u['types'] as $t) {
+				$e = $config["{$t}_password_expiry_days"];
+				if($e == 0) {
+					/* Catch a never expire case. */
+					$longest_expiry = 0;
+					break;
+				} else if($e > $longest_expiry) {
+					$longest_expiry = $e;
 				}
 			}
+			if($u['passwordset'] == '0000-00-00') {
+				/* Force the password to expire */
+				$_SESSION['password_expired'] = true;
+			} else if($longest_expiry == 0) {
+				/* Never expires */
+				unset($_SESSION['password_expired']);
+			} else {
+				/* Check expiry */
+				$expires = date('Y-m-d', strtotime("{$u['passwordset']} +$longest_expiry days"));
+				$now = date('Y-m-d');
+				if($now > $expires) {
+					$_SESSION['password_expired'] = true;
+				} else {
+					unset($_SESSION['password_expired']);
+				}
+			}
+			/* If password_expired == true, the main page (or any
+			 * other user page) will catch this and require
+			 * them to set a password */
 
 			/* Call login functions for each type, so multirole
 			 * users can easily switch */
@@ -272,16 +295,14 @@
 				exit;
 			}
 
-			$password = '';
-			$pchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
-			for($x=0;$x<12;$x++) $password .= $pchars{rand(0,61)};
+			$password = generatePassword(12);
 
 			/* Save their old password so it can be recovered if someone is just trying
 			 * to reset someones password */
 			mysql_query("UPDATE users SET oldpassword=password WHERE id={$r->id}");
 
 			/* Set the new password, and force it to expire  */
-			mysql_query("UPDATE users SET password='$password',passwordexpiry='0000-00-00' WHERE id={$r->id}");
+			mysql_query("UPDATE users SET password='$password',passwordset='0000-00-00' WHERE id={$r->id}");
 
 			/* volunteer_recover_password, judge_recover_password, student_recover_password,
 				committee_recover_password */
diff --git a/user_password.php b/user_password.php
index 989e073..ff18772 100644
--- a/user_password.php
+++ b/user_password.php
@@ -55,25 +55,22 @@
 
  if($_POST['action']=="save")
  {
+	$pass = mysql_escape_string($_POST['pass1']);
  	//first, lets see if they choosed the same password again (bad bad bad)
-	$q=mysql_query("SELECT password FROM users WHERE id='".$_SESSION['users_id']."' AND password='".$_POST['pass1']."'");
+	$q=mysql_query("SELECT password FROM users WHERE 
+				id='{$_SESSION['users_id']}' 
+				AND password='$pass'");
 
 	if(mysql_num_rows($q)) $notice = 'same';
 	else if(!$_POST['pass1']) $notice = 'passwordrequired';
 	else if($_POST['pass1'] != $_POST['pass2']) $notice = 'nomatch';
 	else if(user_valid_password($_POST['pass1']) == false) $notice = 'invalidchars';
-	else
-	{
-		if($password_expiry_days > 0)
-			$ex="passwordexpiry=DATE_ADD(CURDATE(),INTERVAL $password_expiry_days DAY)";
-		else
-			$ex="passwordexpiry=NULL";
-
-		mysql_query("UPDATE users SET password='".$_POST['pass1']."', $ex WHERE id='".$_SESSION['users_id']."' AND email='".$_SESSION['email']."'");
-		if($_SESSION['password_expired'])
-		{
-			unset($_SESSION['password_expired']);
-		}
+	else {
+		mysql_query("UPDATE users SET 
+					password='$pass', 
+					passwordset=NOW()
+				WHERE id='{$_SESSION['users_id']}'");
+		unset($_SESSION['password_expired']);
 
 		header("location: $back_link?notice=password_changed");
 		exit;