The hashing occurs on the server side. PHPBB does NOT store a plaintext password. The web browser sends the password as plaintext and PHPBB uses the Portable PHP password hashing algorithm which is described in this question.
If you are concerned about sniffing the plaintext password that the browser transmits, you will need to host your forum on an SSL protected domain. Then the browser will transmit data securely to your server and the same process to log in will occur.