24.02.2014, 01:06
I would advise AGAINST using your own account system because as insecure as MD5 may be, your own system will be worse! That at least was devised by experts. If you can, get one that uses bcrypt and salts.
Anyway, in answer to your original question - you have to compare the hashes, not compare the passwords. If you want to know if an entered password is correct, hash it with MD5 (be careful with case), and compare that result with the hash stored in your database. There is no way (or shouldn't be) to get the original password from the stored hash. PHPBB may also run several rounds of MD5 hashing - check how many times they re-hash the result and do the same in your code.
Anyway, in answer to your original question - you have to compare the hashes, not compare the passwords. If you want to know if an entered password is correct, hash it with MD5 (be careful with case), and compare that result with the hash stored in your database. There is no way (or shouldn't be) to get the original password from the stored hash. PHPBB may also run several rounds of MD5 hashing - check how many times they re-hash the result and do the same in your code.