Hook profile_updatepassword_start

[smokey]

Hey all,

Kind of stuck on an issue I cannot seem to get around. At this hook location, I have code in a plugin to update an external member account database for the main site. It will change the email/password on the main site as well as the forum.

The problem I'm having is I'm trying to use the variable $vbulletin->GPC['newpassword'] (the clear text version of the inputed password but it is empty. I've tried setting a variable $plain_newpassword = $vbulletin->GPC['newpassword']; since the code launches before it goes through the hashing process but it is still empty. How is this possible when after this hook, it actually verifies $vbulletin->GPC['newpassword'] is not empty before it hashes it? Any way I can grab the posted clear text password so I can store it in a variable? This is really starting to bug me lol. $_POST['newpassword'] obviously will not work, also tried using $p to no avail. Have no problem with $vbulletin->GPC['email'] showing up on the db edit, exactly how you expect it to work. Oh and I can $vbulletin->GPC['newpassword_md5'] with no problem too, what the heck?

The hook is located in ./profile.php.

Can anyone shed some light on this? I just need a variable to be set with a clear text password when someone updates their password and email.

Thanks in advance!

[Lynne]

Perhaps post your plugin and maybe we can see what is wrong.

[smokey]

Nothing wrong with the plugin. The variable simply is not set or empty, all that is set is the newpassword_md5. I'm just trying to figure out why and a work around. The code is fine.

Anyone?

The default code in profile.php

PHP Code:

// ############################### start update password ###############################
if ($_POST['do'] == 'updatepassword')
{
    $vbulletin->input->clean_array_gpc('p', array(
        'currentpassword'        => TYPE_STR,
        'currentpassword_md5'    => TYPE_STR,
        'newpassword'            => TYPE_STR,
        'newpasswordconfirm'     => TYPE_STR,
        'newpassword_md5'        => TYPE_STR,
        'newpasswordconfirm_md5' => TYPE_STR,
        'email'                  => TYPE_STR,
        'emailconfirm'           => TYPE_STR
    ));

    // instanciate the data manager class
    $userdata =& datamanager_init('user', $vbulletin, ERRTYPE_STANDARD);
    $userdata->set_existing($vbulletin->userinfo);

    ($hook = vBulletinHook::fetch_hook('profile_updatepassword_start')) ? eval($hook) : false;

    // validate old password
    if ($userdata->hash_password($userdata->verify_md5($vbulletin->GPC['currentpassword_md5']) ? $vbulletin->GPC['currentpassword_md5'] : $vbulletin->GPC['currentpassword'], $vbulletin->userinfo['salt']) != $vbulletin->userinfo['password'])
    {
        eval(standard_error(fetch_error('badpassword', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
    }

    // update password
    if (!empty($vbulletin->GPC['newpassword']) OR !empty($vbulletin->GPC['newpassword_md5']))
    {
        // are we using javascript-hashed password strings?
        if ($userdata->verify_md5($vbulletin->GPC['newpassword_md5']))
        {
            $vbulletin->GPC['newpassword'] =& $vbulletin->GPC['newpassword_md5'];
            $vbulletin->GPC['newpasswordconfirm'] =& $vbulletin->GPC['newpasswordconfirm_md5'];
        }
        else
        {
            $vbulletin->GPC['newpassword'] =& md5($vbulletin->GPC['newpassword']);
            $vbulletin->GPC['newpasswordconfirm'] =& md5($vbulletin->GPC['newpasswordconfirm']);
        }

        // check that new passwords match
        if ($vbulletin->GPC['newpassword'] != $vbulletin->GPC['newpasswordconfirm'])
        {
            eval(standard_error(fetch_error('passwordmismatch')));
        } 


My code is parsed at that hook location.

This is empty:

PHP Code:

$vbulletin->GPC['newpassword'] 


and...

PHP Code:

$vbulletin->GPC['newpasswordconfirm'] 


But this is not:

PHP Code:

$vbulletin->GPC['newpassword_md5'] 


The hook executes before:

PHP Code:

    if (!empty($vbulletin->GPC['newpassword']) OR !empty($vbulletin->GPC['newpassword_md5']))
    {
        // are we using javascript-hashed password strings?
        if ($userdata->verify_md5($vbulletin->GPC['newpassword_md5']))
        {
            $vbulletin->GPC['newpassword'] =& $vbulletin->GPC['newpassword_md5']; 


So how is that string empty? It doesn't make any since to me

--------------- Added [DATE]1242606969[/DATE] at [TIME]1242606969[/TIME] ---------------

I figured it out after heavy investigating. Javascript in the modifypassword template was actually doing the conversion to submit to the forum as a hashed password thus not sending the clear text password.

Hope this helps anyone else who may need to accomplish the same thing in the future.