Update authentication to use PhpBB version 3.

[matthijs/projects/xerxes.git] / auth.py

diff --git a/auth.py b/auth.py
index 88f9f63fbfd190427144ebc8c6fad7ae5b27f7c6..9d8566f9a4aa3889ee066cb939f7b429ae5fc7b2 100644 (file)
--- a/auth.py
+++ b/auth.py
@@ -1,8 +1,7 @@
 from django.conf import settings
 from django.contrib.auth.models import User, check_password
-import md5
 import MySQLdb
-
+import tools.phpass
 
 """
 This auth backend allows django to authenticate against an external phpbb
@@ -22,6 +21,9 @@ own database settings are used. This means, that, usually, you only have to
 specify the database name where phpbb lives.
 """
 class PhpBBBackend:
+    def __init__(self):
+        self.hash = tools.phpass.PasswordHash()
+
     def connect(self):
         host     = getattr(settings, 'PHPBB_DATABASE_HOST',     settings.DATABASE_HOST)
         port     = getattr(settings, 'PHPBB_DATABASE_PORT',     settings.DATABASE_PORT)
@@ -56,21 +58,22 @@ class PhpBBBackend:
 
     def check_login(self, username, password):
         conn = self.connect()
+        prefix = getattr(settings, 'PHPBB_TABLE_PREFIX',   '')
 
         # Get some data
         cursor = conn.cursor ()
-        cursor.execute ("SELECT user_password,user_email FROM users WHERE username=%s", username)
+        cursor.execute ("SELECT user_password,user_email FROM %susers WHERE username=%%s" % prefix, username)
 
         # No data? No login.
         if (cursor.rowcount == 0):
-            print("User %s not found", username)
+            conn.close()
             return False
        
         # Check password
         row = cursor.fetchone()
         conn.close()
 
-        if (md5.new(password).hexdigest() == row[0]):
+        if (self.hash.check_password(password, row[0])):
             return row[1]
         else:
             return False
@@ -82,21 +85,18 @@ class PhpBBBackend:
     Most of this code has been taken from Django's user auth tutorial.
     """
     def authenticate(self, username=None, password=None):
-        print password
         email = self.check_login(username, password)
         if email:
-            print "Login checked out"
             try:
                 user = User.objects.get(username=username)
             except User.DoesNotExist:
-                print "User did nog exist"
                 # Create a new user. Note that we can set password
                 # to anything, because it won't be checked; the password
                 # from settings.py will.
                 user = User(username=username, password='get from settings.py')
                 user.email = email
+                user.set_unusable_password()
                 user.save()
-            print user
             return user
         else:
             return None
@@ -107,3 +107,4 @@ class PhpBBBackend:
         except User.DoesNotExist:
             return None
     
+# vim: set sts=4 sw=4 expandtab: