from django.conf import settings
from django.contrib.auth.models import User, check_password
-import md5
import MySQLdb
-
+import tools.phpass
"""
This auth backend allows django to authenticate against an external phpbb
specify the database name where phpbb lives.
"""
class PhpBBBackend:
+ def __init__(self):
+ self.hash = tools.phpass.PasswordHash()
+
def connect(self):
host = getattr(settings, 'PHPBB_DATABASE_HOST', settings.DATABASE_HOST)
port = getattr(settings, 'PHPBB_DATABASE_PORT', settings.DATABASE_PORT)
def check_login(self, username, password):
conn = self.connect()
+ prefix = getattr(settings, 'PHPBB_TABLE_PREFIX', '')
# Get some data
cursor = conn.cursor ()
- cursor.execute ("SELECT user_password,user_email FROM users WHERE username=%s", username)
+ cursor.execute ("SELECT user_password,user_email FROM %susers WHERE LOWER(username)=LOWER(%%s)" % prefix, username)
# No data? No login.
if (cursor.rowcount == 0):
- print("User %s not found", username)
+ conn.close()
return False
# Check password
row = cursor.fetchone()
conn.close()
- if (md5.new(password).hexdigest() == row[0]):
+ if (self.hash.check_password(password, row[0])):
return row[1]
else:
return False
Most of this code has been taken from Django's user auth tutorial.
"""
def authenticate(self, username=None, password=None):
- print password
email = self.check_login(username, password)
if email:
- print "Login checked out"
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
- print "User did nog exist"
# Create a new user. Note that we can set password
# to anything, because it won't be checked; the password
# from settings.py will.
user = User(username=username, password='get from settings.py')
user.email = email
+ user.set_unusable_password()
user.save()
- print user
return user
else:
return None
except User.DoesNotExist:
return None
+# vim: set sts=4 sw=4 expandtab: