I was taking a look to the code of phpBB and i have to say that it is a great job.
I was interested to know about how phpbb encrypt the user's password and i came across with the function add_user and within it... this:
'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
here.. user_row is a variable that is inserted with the function
function user_add($user_row, $cp_data = false)
my question is... at what point phpbb encrypt the user's password using md5?