Thread

Ok. I’m going absolutely nuts here because it seems the code is ignoring everything I am doing to it.

I managed to find out where in the code the update password function executes when a user changes their password in their own profile. I slipped in a snippet of code to transfer the password over to my other database. After a bit of syntax-correction, I got it working.

However, when I logged in on my administrator account and tried to override the password change, only EE’s DB got the updated password.
So quite obviously the admin page is pulling its password update function from somewhere else. I load up all the files and do some mass searching and come up with 4!! (FOUR) password update functions. Some referred to the other, so I narrowed it down to the one further down near the end of mod.member_settings.php and the one near the beginning of cp.myaccount.php.

mod.member_settings.php one did not work at all. I actually have no idea what it does. I hardcoded it to place ‘123456’ in the password field when it was executed, but when I updated my password, it managed to find the SHA1 hash anyway.
cp.myaccount.php showed a little bit of promise since the page itself gave me some syntax errors as soon as I placed some random code in it. However, I placed a line of code after what I believe is when the function updates the DB… and again, nothing.

I’m trying to match the username on my second DB with the username already in the $_POST[‘username’] field on the page, and set to update the password field with $data[‘password’] since at that point in the code, it’s already hashed and stored in that variable. It *should* work, but I’m obviously missing something..
Can anyone lend a hand?

Thanks again.

[Moderator Edit: Moved to How To forum]

DarkScythe, can you post your ultimate goal? I had a lot of trouble following your post here.  Do you need to submit password changes to another system?  You might be better off looking at extensions rather than the hacking you’re doing.

Yes, hacks such as this are strongly discouraged and not supported.  And tying into another membership system is outside of what we can provide assistance for, so I’m moving this to the How To forum for you.  Incidentally, many people have had success using aMember Pro, which you may wish to look at.  We do not have extension hooks in this portion of the application because it’s a little “too close to the engine” so to speak.

I understand, it’s an odd request I guess. I’ve looked at aMember Pro before, but it wasn’t what I was looking for.. I don’t remember what the reason was exactly, but I was never on board with it.
I can guarantee that I won’t be doing anything malicious with the code, but there’s the issue of trust as well.

As far as my “ultimate goal” is concerned, I want to use phpBB forums with my EE-powered site, mainly because it offers some features I need that the EE forum module doesn’t have.
Problem there is since they are two separate applications, the user will be forced to register twice (once for the EE site, again for the forums), which will discourage a lot of them from doing so.
I figured if I could find a way to copy/synchronize the account information between the two systems, they would only have to register once and have an account automatically created at the other.

This part I completed successfully, I can register at either EE or phpBB and the account works perfectly in the other.
The next part is to keep password/email information updated in case it ever changes. This is the part I am having trouble with.
I’ve successfully inserted the code into phpBB to copy over the password and email into the EE database whenever it gets changed (member profile, admin change, forgot password, etc.)
I have also successfully gotten EE to copy the password into the phpBB database IF and ONLY IF the user themselves go to their CP to change it. Using the admin account to change a user’s password for them (logging into system) will not update the password in phpBB’s database. I thought I found the functions that it used, but either I did something wrong, or they’re not actually used by anything.

All that’s left really is to pinpoint this and email updates, and I’ll be done with everything.
I’ve spent the greater part of a year familiarizing myself with php and trying to get this done, I’d hate to have to scrap the project now..
But in any case, any advice is appreciated.

Well, I think aMember could be used just fine with this, as I know other users have done so for an identical purpose.  I’m curious as to which specific features are keeping you on phpBB?  That script is a security nightmare, and you run a serious risk of having your entire account compromised by running it.

The cp.myaccount.php function is for updating un/pw in the control panel, and mod.member_settings.php is for front end un/pw updating.

I just checked it really quick, it’s extremely expensive lol. More than the cost of EE.. Sheesh.

I chose phpBB originally because it was free, and it was really customizable. I understand other boards are also, but the majority of the boards I visited that had similar modifications were using phpBB.
My other choices were IPB and VB, both of which require a hefty license fee. I’m still a student after all, and paying for EE and web hosting is enough for me.

As for which features.. Errr.. I can’t find the feature list for the EE forum module anymore, so I can’t specifically single out any. I decided this a while ago, back when I purchased EE.
I wish I remembered all the details lol..

In any case, I just noticed v1.6 is out.. I’m still using 1.5.2. I don’t know if that would make a difference though. If you want, I can send you the file with every snippet I’m using, so you can know what’s going on.

Thanks for that clarification Derek. It appears I am looking at the right place then, but for some reason my code is being ignored.

Because of the security risks with the third party application, I’m reticent to give any more specific advice than I have.

If you signed up for the hosted trial, you’d be able to try out the Discussion Forum module in full for 30 days for only $10.  Your only real limitation would be that you could not customize the themes, but at least by running the forums, you’d know what to ask for, i.e. “can I make it do X instead of Y?”

I understand Derek, I appreciate that hint greatly.

I actually finally managed to make it work.. I don’t know how or why it suddenly started working though lol.
My first attempt, I had an error handling code that was causing problems so I removed it.
But then it seemed to skip right over the code.. So I mirrored EE’s own error handling code in its place and it started working.. weird.

I had the hosted 30-day trial before I bought EE, so I don’t think I can use it again lol.

Huge thanks though, now I have to locate email changes.
phpBB3 rc2 is out, so hopefully when they get to a final release, they’ll fix a lot of security vulnerabilities. For now, I’ve put the snippets tot he best of my ability, inside each program’s own security systems, where it will only execute if its own script were to normally execute.