Hi there;
After noticing how easy to guess were users' passwords, I wrote a little piece of code for update every users' passwords to something more complicated to guess.
It's higly customizable, especially the generation of the password part. Right now, it makes the password look like this:

{consonant}{vowel} * $amount_of_chars / 2 + {number} * $amount_of_numbers

Like this:

sareguli1562 (with amount_of_chars = 8 and amount_of_numbers = 4)

(You should also consider changing the minibb minimal password length requirement).

It should be upgraded to do $max_users at a time, then auto refresh itself. If needed I'll do it for you.

The code :

<?php

//CONFIGURATION PART

define("from_email","admin@yoursite.com");
define("amount_of_chars",8); //can be divided by 2
define("amount_of_numbers",4);
define("email_subject","Your password has been changed");
define("email_content","
<html><body><br>
Hi %USERNAME%,<br>
For security of the forums and your account, all the passwords have been changed to stronger ones.<br>
<br>
Please take note of your new password : <b>%NEW_PASS%</b><br>
<br>
Thanks.</body></html>
");

//END CONFIGURATION PART

if ( ! include_once("setup_options.php") ) die("Could not include setup_options.php");
@set_time_limit(0);//may not work on your server (if safe_mode is on)

function send_mail($to,$sujet,$message) {
$headers = "From: ".from_email."\n";
$headers .= "Return-Path: <".from_email.">\n";
$headers .= "Date: ".date("D, d M Y H:i:s") . " UT\n";
$headers .= "Reply-To:".from_email."\n";
$headers .= "X-Mailer: PHP/".phpversion()."\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
if (!@ mail($to, $sujet, $message, $headers)) {
return(false);
} else {
return true;
}
}
function new_password() {
$chars1 = "bcdfghjklmnpqrstvwxz";
$chars2 = "aeiouy";
$pass = "" ;
for ($i=1; $i <= amount_of_chars ; $i++) {
$pass .= substr($chars1, mt_rand(0, 22), 1);
$pass .= substr($chars2, mt_rand(0, 5), 1);
$i++;
}
for ($i=1; $i <= amount_of_numbers; $i++) {
$pass .= mt_rand(0, 9);
}
return $pass;
}

$sql=@mysql_connect($DBhost,$DBusr,$DBpwd);
if ( ! $sql ) die("Could not connect to mysql server");
$sqldb=@mysql_select_db($DBname);
if ( ! $sqldb ) die("Could not select db");

$total_users_count=mysql_query("SELECT COUNT(user_id) FROM ".$Tu);
$total_users_count=mysql_fetch_row($total_users_count);
$total_users_count=$total_users_count[0];
$done=1;
$current=2;

while($done < $total_users_count) {
$res=@ mysql_query("SELECT username, user_email FROM ".$Tu." WHERE user_id=".$current);
if ( !$res ) {
$current++;
break;
}
$res=mysql_fetch_row($res);
$pass=new_password();
$content=email_content;
$content=str_replace("%USERNAME%",$res[0],$content);
$content=str_replace("%NEW_PASS%",$pass,$content);
if ( !send_mail($res[1],email_subject,$content) ) die("Could not send email");
$update=mysql_query("UPDATE ".$Tu." SET user_password = '".md5($pass)."' WHERE user_id =".$current);
$current++;
$done++;

}
echo "Updated ".$total_users_count." users accounts. NOW DELETE THIS FILE";



Hope this can be usefull to someone :)

Forgot to mention :

$done=1;
$current=2;

Because we should not upgrade main admin's password.

That all sounds fine, but still not clear for us:

1) What do you mean by "easy to guess were users' passwords" and which way another encoding of user password helps, if it is easy guessed (not even encoded!)

2) What you code actually does and how it could be helpful for miniBB users.

1) I mean many users choose passwords like female name, car name, city name, date of birth and other short or easy to guess passwords. I mean by easy to guess passwords that can be found in dictionnary.
What I do is not another way of encoding password (O_O) it does ... :

2) That script change every user of minibb password, and email them the new password.
The email content can be modified in the top of the file.
That script generate special passwords, that "should be" easier to remember than 8*{random character or number}, because it alternates consonants and vowels.

Compare yourself an autogenerated password from 99% of the websites on the internet : fg5zko3p
And one generated with that script : faritu01

That script has two goals :
-Make all your user's passwords stronger (not guessable with dictionary attack and hardly guessable with bruteforce)
-Make new passwords easy to remember because you can "say" them.

Ah don't really know how to say it in english. Try to pronounce/say/tell fg5zko3p and then try with faritu01.
Those two passwords has the same security level, but one is easier to remmember?

Ok, we understand now idea with easier-to-say passwords (so function new_password() is probably the most interesting part of your code). However, we don't think it's a programmer's task to care about user's password. Internet has it's own rules and ethics, the same as any other sphere. When you come to restaurant, waiter should not teach you how to take knife and fork - his goal is just to serve your table.

Anyway, thanks for the code and explanation... hopefully it will be useful for someone.

Yes I know but not all users care abotu their passwords, and it's a problem if the hacked account has access to some private forums.

Yes I hope it can help someone, if you want you could rewrite my code/message and make it more english comprehensive :P