It would actually be more work for you, but you could allow them to continue with the old passwords by using both algorithms based on a date stored somewhere in your database (or just a binary value of which password system they're using). You should recommend that they upgrade for security, but it would allow them to not need to redo everything. What you did is probably fine, though.
I took your advice to heart and stopped shortening the hash by two characters and have instead switched several characters. This was complicated because I then had to create a password reset script using email confirmation for the people that have registered on my site. I've been at it the last few days and I have just finished writing it. At least I can't seem to find any more bugs. I do still need to update my site so that the salt can be changed with one file edit instead of about 6. I also need to add some notation to the password reset script.
There's no security issue at all*. It's just a matter of spam. Like several other measures you can take (eg, a CAPTCHA), requiring email verification will increase the difficulty for spammers.
On a different aspect of security, is it much of a security risk to let users register their username, email, and password and be instantly logged in (usernames and passwords must still be unique) or would it be better to sacrifice a little convenience for increased security by requiring the member to confirm their registration via email?
They were always the same output? In that case they don't add much security. But there shouldn't be any recognizable relationship between character-location in the string and the input string...
The reason I removed the first two letters from the encrypted passwords is because the first two letters were the salt letters. That seemed a bit of a security risk to me and I am a little puzzled as to why crypt() behaves that way. I certainly agree that removing the letters just made brute force a whole lot easier, which is why I put the two characters back and opted for moving some characters around instead.