Topic: Password changing from another source..

Hello I have customized punbb with my site but when a user trys to change his password in my site not the forums the password always gets set to


here is the code ive been working on

 if (strlen($chpassword) > 40)
                bark("Sorry, password is too long (max is 40 chars)");
        if ($chpassword != $passagain)
                bark("The passwords didn't match. Try again.");

define('PUN_ROOT', './punbb/');         ////Make sure you have directed to the right folder
require PUN_ROOT.'include/common.php';  ////For the Functions
define('PUN_QUIET_VISIT', 1);    ////Updates the users last log in date in the forum

        $ras = mysql_query("SELECT username, password, id, save_pass FROM punbb_users WHERE username = '$CURUSER[username]'");
        $raw = mysql_fetch_array($ras);

        $save_pass = $raw['save_pass'];
        $user_id = $raw['id'];
        $punbb = pun_hash($chpassword);
           mysql_query("UPDATE punbb_users SET password = '$punbb' WHERE username = '$CURUSER[username]'") or sqlerr(__FILE__,__LINE__);

        $expire = ($save_pass == '1') ? time() + 31536000 : 0;
        pun_setcookie($user_id, $punbb, $expire);

        $sec = mksecret();
        $passhash = md5($sec . $chpassword . $sec);

        $updateset[] = "secret = " . sqlesc($sec);
        $updateset[] = "passhash = " . sqlesc($passhash);
        logincookie($CURUSER["id"], $passhash);

        mysql_query("UPDATE users SET " . implode(",", $updateset) . " WHERE id = " . $CURUSER["id"]) or sqlerr(__FILE__,__LINE__);

this should be updating the punbb_users table too with the correct password but it doesnt know matter what i type for a password it always stays to...


the weird thing is that it logs in the user fine to both tables, but if you log out of the forum you cant log back into the forum(wrong password)...

so im asking what is wrong with my code?

Re: Password changing from another source..

Ah ha! i fixed my problem by making

$punbb = pun_hash($chpassword);


$punbb = pun_hash($_POST['chpassword']);

i don't know why it diddnt like the $chpassword tongue