Topic: Password changing from another source..
Hello I have customized punbb with my site but when a user trys to change his password in my site not the forums the password always gets set to
da39a3ee5e6b4b0d3255bfef95601890afd80709
here is the code ive been working on
if (strlen($chpassword) > 40)
bark("Sorry, password is too long (max is 40 chars)");
if ($chpassword != $passagain)
bark("The passwords didn't match. Try again.");
define('PUN_ROOT', './punbb/'); ////Make sure you have directed to the right folder
require PUN_ROOT.'include/common.php'; ////For the Functions
define('PUN_QUIET_VISIT', 1); ////Updates the users last log in date in the forum
$ras = mysql_query("SELECT username, password, id, save_pass FROM punbb_users WHERE username = '$CURUSER[username]'");
$raw = mysql_fetch_array($ras);
$save_pass = $raw['save_pass'];
$user_id = $raw['id'];
$punbb = pun_hash($chpassword);
mysql_query("UPDATE punbb_users SET password = '$punbb' WHERE username = '$CURUSER[username]'") or sqlerr(__FILE__,__LINE__);
$expire = ($save_pass == '1') ? time() + 31536000 : 0;
pun_setcookie($user_id, $punbb, $expire);
$sec = mksecret();
$passhash = md5($sec . $chpassword . $sec);
$updateset[] = "secret = " . sqlesc($sec);
$updateset[] = "passhash = " . sqlesc($passhash);
logincookie($CURUSER["id"], $passhash);
mysql_query("UPDATE users SET " . implode(",", $updateset) . " WHERE id = " . $CURUSER["id"]) or sqlerr(__FILE__,__LINE__);this should be updating the punbb_users table too with the correct password but it doesnt know matter what i type for a password it always stays to...
da39a3ee5e6b4b0d3255bfef95601890afd80709
the weird thing is that it logs in the user fine to both tables, but if you log out of the forum you cant log back into the forum(wrong password)...
so im asking what is wrong with my code?
