1 # -*- coding: iso-8859-1 -*-
3 MoinMoin - auth plugin doing a check against MySQL db
5 @copyright: 2008 Matthijs Kooijman
6 @license: GNU GPL, see COPYING for details.
11 from MoinMoin import user
12 from MoinMoin.auth import BaseAuth, ContinueLogin
13 from MoinMoin import log
14 logging = log.getLogger(__name__)
16 class phpbb_login(BaseAuth):
17 logout_possible = True
18 login_inputs = ['username', 'password']
20 def __init__(self, name='phpbb', dbhost=None, dbuser=None, dbpass=None, dbname=None, dbport=None, phpbb_prefix='', hint=None):
22 Authenticate using credentials from a phpbb database
24 The name parameter should be unique among all authentication methods.
26 The hint parameter is a snippet of HTML that is displayed below the login form.
33 self.phpbb_prefix = phpbb_prefix
37 def check_login(self, request, username, password):
38 """ Checks the given username password combination. Returns the
39 corresponding emailaddress, or False if authentication failed.
41 conn = self.connect(request)
46 # Get some data. Note that we interpolate the prefix ourselves, since
47 # letting the mysql library do it only works with values (it adds ''
48 # automatically). Note also that this allows possible SQL injection
49 # through the phpbb_prefix variable, but that should be a trusted
51 cursor = conn.cursor ()
52 cursor.execute ("SELECT user_password,user_email FROM `%susers` WHERE username=%%s" % self.phpbb_prefix, username)
55 if (cursor.rowcount == 0):
60 row = cursor.fetchone()
63 if (md5.new(password).hexdigest() == row[0]):
68 def connect(self, request):
69 # This code was shamelessly stolen from
70 # django.db.backends.mysql.base.cursor
76 kwargs['user'] = self.dbuser
78 kwargs['db'] = self.dbname
80 kwargs['passwd'] = self.dbpass
81 if self.dbhost.startswith('/'):
82 kwargs['unix_socket'] = self.dbhost
84 kwargs['host'] = self.dbhost
86 kwargs['port'] = int(self.dbport)
91 conn = MySQLdb.connect (**kwargs)
96 logging.error("phpbb_login: authentication failed due to exception connecting to DB, traceback follows...")
97 logging.error(''.join(traceback.format_exception(*info)))
102 def login(self, request, user_obj, **kw):
104 username = kw.get('username')
105 password = kw.get('password')
107 logging.debug("phpbb_login: Trying to log in, username=%r " % (username))
109 # simply continue if something else already logged in
111 if user_obj and user_obj.valid:
112 return ContinueLogin(user_obj)
114 # Deny empty username or passwords
115 if not username or not password:
116 return ContinueLogin(user_obj)
118 email = self.check_login(request, username, password)
122 logging.debug("phpbb_login: authentication failed for %s" % (username))
123 return ContinueLogin(user_obj)
125 logging.debug("phpbb_login: authenticated %s (email %s)" % (username, email))
127 u = user.User(request, auth_username=username, auth_method=self.name, auth_attribs=('name', 'password', 'email'))
129 #u.remember_me = 0 # 0 enforces cookie_lifetime config param
130 u.create_or_update(True)
132 return ContinueLogin(u)
136 info = sys.exc_info()
137 logging.error("phpbb_login: authentication failed due to unexpected exception, traceback follows...")
138 logging.error(''.join(traceback.format_exception(*info)))
139 return ContinueLogin(user_obj)
141 def login_hint(self, request):
142 """ Return a snippet of HTML that is displayed with the login form. """
145 # vim: set sw=4 expandtab sts=4:vim