I'm trying to write a script that updates user's password based on the user's username, but I get it to work.
I need this script as part of another larger script integration, so it's not that people will be able to change everyone's password. I have multiple other security checks before I get to this script. The purpose of this portion is just to update the password without asking for the current user password.

Here is the script that I'm using

require_once( '/forum/core/vb/vb.php' );
vB::init();
define( "CSRF_PROTECTION", false );
require_once( '/forum/includes/vb5/autoloader.php' );
vB5_Autoloader::register( '/forum' );
vB5_Frontend_Application::init( 'config.php' );
$vb_userinfo = vB::getDbAssertor()->getRow( "user", array( "username" => $usernam ) );

$api = Api_InterfaceAbstract::instance();
$response = $api->callApi( 'user', 'save', array(
'userid' => $vb_userinfo[ 'userid' ],
'password' => $password,
'user' => array(),
'options' => array(),
'adminoptions' => array(),
'userfield' => array(),
) );


When I check
var_dump($response);
Here is what I get back:

array(2) { ["errors"]=> array(1) { [0]=> array(1) { [0]=> string(13) "no_permission" } } ["userid"]=> string(1) "0" }

I know there is a vB_DataManager_User that probably can be used, but I don't know how to use it or if it will be able to update the password.
I really appreciate if someone could help me figure this out.

Thanks

Anyone with any thoughts?

Just bumping this question again for some help.

Where do you get the "$usernam" (without "e" at the end) variable from? You also don't check if $vb_userinfo contains valid user information. That needs to be adjusted first.

Once you have that fixed, the save API call throws the no_permission error if the current logged in user does not equal the selected user (to be updated) and is not an administrator.