1- Your are admin in your forum
2- You are a user in my forum
3- you have the same password
I can hack your forum, easy with small tools (i can build one in delphi).
so i try to add an idea (dont hate me if i not understand you, read my sign)
adding to config.php
$login_key = 'any string';//every forum must define it and be secrete;
and modify some files (i am not test it just for an idea)
//line 54 in login.php
//after
$form_password_hash = pun_hash($form_password);
//add
$cookie_form_password_hash = pun_hash($login_key.$form_password_hash) //hash the saved hashed password
//in line 75
setcookie($cookie_name, serialize(array($db_username, $form_password_hash)), $expire, $cookie_path, $cookie_domain, $cookie_secure);
//change
$form_password_hash
to
$cookie_form_password_hash
//in function.php
//line 42
$result = $db->query('SELECT * FROM '.$db->prefix.'users WHERE username=\''.addslashes($cookie['username']).'\' AND password=\''.addslashes($cookie['password_hash']).'\'') or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$cur_user = $db->fetch_assoc($result);
//remove the condition
AND password=\''.addslashes($cookie['password_hash']).'\''
//and add after
// for compare saved double hashed password look at $login_key here
if ((pun_hash($login_key.$cur_user['password'] != $cookie['password_hash']))
die error('Unable to fetch user information', __FILE__, __LINE__, null);
