[smokey]

Nothing wrong with the plugin. The variable simply is not set or empty, all that is set is the newpassword_md5. I'm just trying to figure out why and a work around. The code is fine.

Anyone?

The default code in profile.php

PHP Code:

// ############################### start update password ###############################
if ($_POST['do'] == 'updatepassword')
{
    $vbulletin->input->clean_array_gpc('p', array(
        'currentpassword'        => TYPE_STR,
        'currentpassword_md5'    => TYPE_STR,
        'newpassword'            => TYPE_STR,
        'newpasswordconfirm'     => TYPE_STR,
        'newpassword_md5'        => TYPE_STR,
        'newpasswordconfirm_md5' => TYPE_STR,
        'email'                  => TYPE_STR,
        'emailconfirm'           => TYPE_STR
    ));

    // instanciate the data manager class
    $userdata =& datamanager_init('user', $vbulletin, ERRTYPE_STANDARD);
    $userdata->set_existing($vbulletin->userinfo);

    ($hook = vBulletinHook::fetch_hook('profile_updatepassword_start')) ? eval($hook) : false;

    // validate old password
    if ($userdata->hash_password($userdata->verify_md5($vbulletin->GPC['currentpassword_md5']) ? $vbulletin->GPC['currentpassword_md5'] : $vbulletin->GPC['currentpassword'], $vbulletin->userinfo['salt']) != $vbulletin->userinfo['password'])
    {
        eval(standard_error(fetch_error('badpassword', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
    }

    // update password
    if (!empty($vbulletin->GPC['newpassword']) OR !empty($vbulletin->GPC['newpassword_md5']))
    {
        // are we using javascript-hashed password strings?
        if ($userdata->verify_md5($vbulletin->GPC['newpassword_md5']))
        {
            $vbulletin->GPC['newpassword'] =& $vbulletin->GPC['newpassword_md5'];
            $vbulletin->GPC['newpasswordconfirm'] =& $vbulletin->GPC['newpasswordconfirm_md5'];
        }
        else
        {
            $vbulletin->GPC['newpassword'] =& md5($vbulletin->GPC['newpassword']);
            $vbulletin->GPC['newpasswordconfirm'] =& md5($vbulletin->GPC['newpasswordconfirm']);
        }

        // check that new passwords match
        if ($vbulletin->GPC['newpassword'] != $vbulletin->GPC['newpasswordconfirm'])
        {
            eval(standard_error(fetch_error('passwordmismatch')));
        } 


My code is parsed at that hook location.

This is empty:

PHP Code:

$vbulletin->GPC['newpassword'] 


and...

PHP Code:

$vbulletin->GPC['newpasswordconfirm'] 


But this is not:

PHP Code:

$vbulletin->GPC['newpassword_md5'] 


The hook executes before:

PHP Code:

    if (!empty($vbulletin->GPC['newpassword']) OR !empty($vbulletin->GPC['newpassword_md5']))
    {
        // are we using javascript-hashed password strings?
        if ($userdata->verify_md5($vbulletin->GPC['newpassword_md5']))
        {
            $vbulletin->GPC['newpassword'] =& $vbulletin->GPC['newpassword_md5']; 


So how is that string empty? It doesn't make any since to me

--------------- Added [DATE]1242606969[/DATE] at [TIME]1242606969[/TIME] ---------------

I figured it out after heavy investigating. Javascript in the modifypassword template was actually doing the conversion to submit to the forum as a hashed password thus not sending the clear text password.

Hope this helps anyone else who may need to accomplish the same thing in the future.