Right now ACP and UCP always rely on phpbb_check_hash() when checking the password. However, if someone wants to use his own methods (speak: his own authentication plugin) he also should have influence on the actual password change (either from the user or from the admin). In particular: getting in touch with passwords in general.

So phpbb_check_hash() should move from /includes/functions.php to /includes/auth/auth_db.php and get a more general name. Of course, calls to the current functions need to change, which affects these 3 files:

• /includes/functions.php
• /includes/acp/acp_users.php
• /includes/ucp/ucp_profile.php

...and the STK aswell: /index.php.

Original request: http://www.phpbb.com/community/posting.php?mode=reply&f=71&t=2155473