4 to be precise. This should spare you the search:
Code:
www-data@debianfish:/var/www/forum$ find . -iname "*.php" | xargs grep "md5(md5"
./profile.php: vbsetcookie('password', md5(md5($vbulletin->GPC['newpassword'] . $vbulletin->userinfo['salt']) . COOKIE_SALT), true, true, true);
./includes/class_dm_user.php: if ($password == md5(md5($this->fetch_field('username')) . $salt))
./includes/functions_login.php: $vbulletin->userinfo['password'] != iif($password AND !$md5password, md5(md5($password) . $vbulletin->userinfo['salt']), '') AND
./includes/class_bootstrap.php: if ($vbulletin->userinfo['password'] == md5(md5($vbulletin->userinfo['username']) . $vbulletin->userinfo['salt']))
./includes/class_core.php: * @param string Password, must arrive in cookie format: md5(md5(md5(password) . salt) . 'abcd1234')