But of course, the hash stored is not the md5 of the password, so why should it match?
Look at the script lib-auth.php for Zenphoto's algorithms.