if your php supports SHA1 then punbb will automatically convert them to SHA1 as your users log in, which is what i think is happening
After I upgraded to 1.2.15 I had a related problem with logging in.
In the previous version (which I didn't download from punbb.org, unfortunately) I used md5 encryption only. Thus, after upgrading (which in my case also updated the pun_hash function) I couldn't log on. The login script did say I logged on correctly, but it was setting a cookie with a wrong password hash, so after being redirected to index.php I was still a 'Guest'.
I fixed this by changing the pun_hash function to use the md5 function, but I've already spotted other places where sha1 function is used in preference. So, coming back to the quote I would like to convert all the passwords in my database to the sha1 encryption, but my script doesn't do that. Could you tell me where I should look for it? As in which files I should replace with the original punbb 1.2.15 files?
Thanks!