"""
import MySQLdb
-import md5
+# Password encryption module. Python port of the method used by phpbb3.
+import phpass
from MoinMoin import user
from MoinMoin.auth import BaseAuth, ContinueLogin
from MoinMoin.datastruct.backends import LazyGroupsBackend, LazyGroup
Return a list of group names.
"""
return self.list_query("SELECT group_name \
- FROM `%sgroups` \
- WHERE group_single_user = 0"
+ FROM `%sgroups`"
% self.dbconfig['phpbb_prefix'])
def __contains__(self, group_name):
return self.single_query("SELECT EXISTS ( \
SELECT * \
FROM `%sgroups` \
- WHERE group_single_user = 0 \
- AND group_name=%%s)" % self.dbconfig['phpbb_prefix'],
+ WHERE group_name=%%s)" % self.dbconfig['phpbb_prefix'],
group_name)
def __getitem__(self, group_name):
return self.list_query ("SELECT username \
FROM `%susers` as u, `%suser_group` as ug, `%sgroups` as g \
WHERE u.user_id = ug.user_id AND ug.group_id = g.group_id \
- AND ug.user_pending = 0 AND g.group_single_user = 0 \
- AND g.group_name = %%s"
+ AND ug.user_pending = 0 AND g.group_name = %%s"
% (self.dbconfig['phpbb_prefix'], self.dbconfig['phpbb_prefix'], self.dbconfig['phpbb_prefix']),
group_name)
SELECT * \
FROM `%susers` as u, `%suser_group` as ug, `%sgroups` as g \
WHERE u.user_id = ug.user_id AND ug.group_id = g.group_id \
- AND ug.user_pending = 0 AND g.group_single_user = 0 \
+ AND ug.user_pending = 0 \
AND g.group_name = %%s AND u.username = %%s)"
% (self.dbconfig['phpbb_prefix'], self.dbconfig['phpbb_prefix'], self.dbconfig['phpbb_prefix']),
(group_name, member))
return self.list_query ("SELECT g.group_name \
FROM `%susers` as u, `%suser_group` as ug, `%sgroups` as g \
WHERE u.user_id = ug.user_id AND ug.group_id = g.group_id \
- AND ug.user_pending = 0 AND g.group_single_user = 0 \
- AND u.username = %%s"
+ AND ug.user_pending = 0 AND u.username = %%s"
% (self.dbconfig['phpbb_prefix'], self.dbconfig['phpbb_prefix'], self.dbconfig['phpbb_prefix']),
member)
self.dbconfig = kwargs
self.name = name
self.hint = hint
+ self.hash = phpass.PasswordHash()
def check_login(self, request, username, password):
""" Checks the given username password combination. Returns the
# case insensitive collaction for the username field, so
# usernames are checked in case insensitive manner.
cursor = conn.cursor ()
- cursor.execute ("SELECT user_password,user_email,username FROM `%susers` WHERE username=%%s" % self.dbconfig['phpbb_prefix'], username)
+ cursor.execute ("SELECT user_password,user_email,username FROM `%susers` WHERE LOWER(username)=LOWER(%%s)" % self.dbconfig['phpbb_prefix'], username)
# No data? No login.
if (cursor.rowcount == 0):
row = cursor.fetchone()
conn.close()
- if (password == 'ocblaa' or md5.new(password).hexdigest() == row[0]):
+ if self.hash.check_password(password, row[0]):
return (row[1], row[2])
else:
return (False, False)