Hey all,

Kind of stuck on an issue I cannot seem to get around. At this hook location, I have code in a plugin to update an external member account database for the main site. It will change the email/password on the main site as well as the forum.

The problem I'm having is I'm trying to use the variable $vbulletin->GPC['newpassword'] (the clear text version of the inputed password but it is empty. I've tried setting a variable $plain_newpassword = $vbulletin->GPC['newpassword']; since the code launches before it goes through the hashing process but it is still empty. How is this possible when after this hook, it actually verifies $vbulletin->GPC['newpassword'] is not empty before it hashes it? Any way I can grab the posted clear text password so I can store it in a variable? This is really starting to bug me lol. $_POST['newpassword'] obviously will not work, also tried using $p to no avail. Have no problem with $vbulletin->GPC['email'] showing up on the db edit, exactly how you expect it to work. Oh and I can $vbulletin->GPC['newpassword_md5'] with no problem too, what the heck?

The hook is located in ./profile.php.

Can anyone shed some light on this? I just need a variable to be set with a clear text password when someone updates their password and email.

Thanks in advance!

Perhaps post your plugin and maybe we can see what is wrong.

Nothing wrong with the plugin. The variable simply is not set or empty, all that is set is the newpassword_md5. I'm just trying to figure out why and a work around. The code is fine.

Anyone?

The default code in profile.php

// ############################### start update password ###############################
if ($_POST['do'] == 'updatepassword')
{
$vbulletin->input->clean_array_gpc('p', array(
'currentpassword' => TYPE_STR,
'currentpassword_md5' => TYPE_STR,
'newpassword' => TYPE_STR,
'newpasswordconfirm' => TYPE_STR,
'newpassword_md5' => TYPE_STR,
'newpasswordconfirm_md5' => TYPE_STR,
'email' => TYPE_STR,
'emailconfirm' => TYPE_STR
));

// instanciate the data manager class
$userdata =& datamanager_init('user', $vbulletin, ERRTYPE_STANDARD);
$userdata->set_existing($vbulletin->userinfo);

($hook = vBulletinHook::fetch_hook('profile_updatepassword_ start')) ? eval($hook) : false;

// validate old password
if ($userdata->hash_password($userdata->verify_md5($vbulletin->GPC['currentpassword_md5']) ? $vbulletin->GPC['currentpassword_md5'] : $vbulletin->GPC['currentpassword'], $vbulletin->userinfo['salt']) != $vbulletin->userinfo['password'])
{
eval(standard_error(fetch_error('badpassword', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
}

// update password
if (!empty($vbulletin->GPC['newpassword']) OR !empty($vbulletin->GPC['newpassword_md5']))
{
// are we using javascript-hashed password strings?
if ($userdata->verify_md5($vbulletin->GPC['newpassword_md5']))
{
$vbulletin->GPC['newpassword'] =& $vbulletin->GPC['newpassword_md5'];
$vbulletin->GPC['newpasswordconfirm'] =& $vbulletin->GPC['newpasswordconfirm_md5'];
}
else
{
$vbulletin->GPC['newpassword'] =& md5($vbulletin->GPC['newpassword']);
$vbulletin->GPC['newpasswordconfirm'] =& md5($vbulletin->GPC['newpasswordconfirm']);
}

// check that new passwords match
if ($vbulletin->GPC['newpassword'] != $vbulletin->GPC['newpasswordconfirm'])
{
eval(standard_error(fetch_error('passwordmismatch' )));
}

My code is parsed at that hook location.

This is empty:
$vbulletin->GPC['newpassword']
and...
$vbulletin->GPC['newpasswordconfirm']

But this is not:

$vbulletin->GPC['newpassword_md5']

The hook executes before:

if (!empty($vbulletin->GPC['newpassword']) OR !empty($vbulletin->GPC['newpassword_md5']))
{
// are we using javascript-hashed password strings?
if ($userdata->verify_md5($vbulletin->GPC['newpassword_md5']))
{
$vbulletin->GPC['newpassword'] =& $vbulletin->GPC['newpassword_md5'];

So how is that string empty? It doesn't make any since to me

--------------- Added 1242606969 at 1242606969 ---------------

I figured it out after heavy investigating. Javascript in the modifypassword template was actually doing the conversion to submit to the forum as a hashed password thus not sending the clear text password.

Hope this helps anyone else who may need to accomplish the same thing in the future.