[Dr.CustUmz]

The ideas sound, just need help making it happen.

So ive created an external page and on this page as of now all i have is a confirm password box that i took from the modifypassword? template.

this is the content of ext.php

Code:

<?php

// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);

// #################### DEFINE IMPORTANT CONSTANTS #######################
define('NO_REGISTER_GLOBALS', 1);
define('THIS_SCRIPT', 'ext'); // change this depending on your filename

// ################### PRE-CACHE TEMPLATES AND DATA ######################
// get special phrase groups
$phrasegroups = array(

);

// get special data templates from the datastore
$specialtemplates = array(
    
);

// pre-cache templates used by all actions
$globaltemplates = array(
    'ext',
);

// pre-cache templates used by specific actions
$actiontemplates = array(

);

// ######################### REQUIRE BACK-END ############################
require_once('./global.php');
require_once(DIR . '/includes/functions_user.php');
// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################

$navbits = array();
$navbits[$parent] = 'Ext Page';

$navbits = construct_navbits($navbits);
eval('$navbar = "' . fetch_template('navbar') . '";');
eval('print_output("' . fetch_template('ext') . '");');


if ($_POST['do'] == 'confirmpassword')
{
	$vbulletin->input->clean_array_gpc('p', array(
		'currentpassword'        => TYPE_STR,
		'currentpassword_md5'    => TYPE_STR,
	));
	
	if ($userdata->hash_password($userdata->verify_md5($vbulletin->GPC['currentpassword_md5']) ? $vbulletin->GPC['currentpassword_md5'] : $vbulletin->GPC['currentpassword'], $vbulletin->userinfo['salt']) != $vbulletin->userinfo['password'])
		{
			eval(standard_error(fetch_error('badpassword', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
		}
	
}
else if ($_GET['do'] == 'confirmpassword')
{
	// add consistency with previous behavior
	exec_header_redirect('index.php');
}
?>

right now im just playing around with it, trying to make it actually confirm the password, i stole some code from profile.php and have removed some of it.

so whats it suppose to do?
well when the user confirms there password, i want it to redirect the user to one page. if the user gets the password wrong redirect them to another (possibly log them out also....for security reasons?... MAYBE)

oh and the content of my ext template:

Code:

$stylevar[htmldoctype]
<html dir="$stylevar[textdirection]" lang="$stylevar[languagecode]">
<head>
<title>$vboptions[bbtitle]</title>
$headinclude
</head>
<body>
$header

$navbar

<script type="text/javascript" src="clientscript/vbulletin_md5.js?v=$vboptions[simpleversion]"></script>
<script type="text/javascript">
function hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5)
{
	var junk_output;
	md5hash(currentpassword, currentpassword_md5, junk_output, $show[nopasswordempty]);
	// do various checks
	if (newpassword.value != '')
	{
		md5hash(newpassword, newpassword_md5, junk_output, $show[nopasswordempty]);
	}
	if (newpasswordconfirm.value != '')
	{
		md5hash(newpasswordconfirm, newpasswordconfirm_md5, junk_output, $show[nopasswordempty]);
	}
}
</script>

<form action="ext.php?do=confirmpassword" method="post" onsubmit="hash_passwords(currentpassword, currentpassword_md5, newpassword, newpassword_md5, newpasswordconfirm, newpasswordconfirm_md5)">
<input type="hidden" name="s" value="$session[sessionhash]" />
<input type="hidden" name="securitytoken" value="$bbuserinfo[securitytoken]" />
<input type="hidden" name="do" value="updatepassword" />
<input type="hidden" name="currentpassword_md5" />
<input type="hidden" name="newpassword_md5" />
<input type="hidden" name="newpasswordconfirm_md5" />

			<input type="password" class="bginput" name="currentpassword" size="50" maxlength="50" />
		<div style="margin-top:$stylevar[cellpadding]px">
			<input type="submit" class="button" value="$vbphrase[save_changes]" accesskey="s" />
			<input type="reset" class="button" value="$vbphrase[reset_fields]" accesskey="r" />
		</div>
</form>

$footer
</body>
</html>

as of right now im not getting any responce with this other than when you submit the input it adds the DO to the url "?do=confirmpassword" been messing about for a while now and cant seem to get it to do much more than that