Serious password emailing bug.

After running my forum for a couple of months, I decided to set up emailing, so that users could get their passwords emailed to them if they forgot.  To test that it was working, I logged out as administrator, and requested my admin password be sent to me.  This caused an error on line 181 of the password emailing include.  I didn't take a note of the exact error, because I wasn't all that concerned at the time.  It was only when I tried to log back in as administrator that I discovered the problem: it had corrupted my password!

I knew it wasn't because I had forgotten it, because I had a backup of the database running on a different server from only a few days ago, and I could log on to that with the password I knew it to be.  Using the same password on the corrupted forum, resulted in failure.  Thankfully I fixed the problem, by downloading the database and copying a known password (and salt) from a different member whose password I had reset 30 seconds before I had logged out and become locked out.

Having something like that happen is really bad.

Not a bug, since it works fine for me.

It didn't corrupt the database, only did what it was supposed to. Since the passwords cannot be unencrypted, they cannot be sent out, instead they are changed and the new password is sent out. The problem occured because the email function did not work - the password was changed but it couldn't tell you what it was, so you weren't aware of the change. 

This means that the email notification is incorrectly set up. You must have had an email address in your profile, because the function checks the address you entered against the one in the profile. If you want to post the exact details of this error (try recreating it on the backup server - make sure you have friendly errors turned off if you use IE), we'll help you fix it.

Blair