I converted from punBB to phpBB2 and noticed the difference is pretty simple: the password column is varchar(32) in phpBB, varchar(40) in punBB. PhpBB uses md5, punBB md5 or sha1 depending on the PHP version (for 4.3.0+ it is sha1). So, after installing phpBB, I changed the password column from 32 length string to 40; then, in punbb/include/functions.php, I found the punbb_hash function, pretty short and simple:
Code: Select all
function pun_hash($str)
{
if (function_exists('sha1')) // Only in PHP 4.3.0+
return sha1($str);
else if (function_exists('mhash')) // Only if Mhash library is loaded
return bin2hex(mhash(MHASH_SHA1, $str));
else
return md5($str);
}
Code: Select all
if( md5($password) == $row['user_password'] && $row['user_active'] )
Code: Select all
if( pun_hash($password) == $row['user_password'] && $row['user_active'] )
Well, it requires a slight modification of the phpBB code and database, but it is more acceptable for me than bugging all my users with the password recovery chaos...