X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=auth.py;h=23b48bba25b8e984d92cf413e68cdc68bd11fa17;hb=refs%2Fheads%2Fproduction;hp=64f4daf4b76f647308ecfd5671514528702f12c0;hpb=889fc62a39fd7ea0f1ff70178be4fabf634e9097;p=matthijs%2Fprojects%2Fxerxes.git

diff --git a/auth.py b/auth.py
index 64f4daf..23b48bb 100644
--- a/auth.py
+++ b/auth.py
@@ -1,8 +1,7 @@
 from django.conf import settings
 from django.contrib.auth.models import User, check_password
-import md5
 import MySQLdb
-
+import tools.phpass
 
 """
 This auth backend allows django to authenticate against an external phpbb
@@ -22,6 +21,9 @@ own database settings are used. This means, that, usually, you only have to
 specify the database name where phpbb lives.
 """
 class PhpBBBackend:
+    def __init__(self):
+        self.hash = tools.phpass.PasswordHash()
+
     def connect(self):
         host     = getattr(settings, 'PHPBB_DATABASE_HOST',     settings.DATABASE_HOST)
         port     = getattr(settings, 'PHPBB_DATABASE_PORT',     settings.DATABASE_PORT)
@@ -56,10 +58,11 @@ class PhpBBBackend:
 
     def check_login(self, username, password):
         conn = self.connect()
+        prefix = getattr(settings, 'PHPBB_TABLE_PREFIX',   '')
 
         # Get some data
         cursor = conn.cursor ()
-        cursor.execute ("SELECT user_password,user_email FROM users WHERE username=%s", username)
+        cursor.execute ("SELECT user_password,user_email FROM %susers WHERE LOWER(username)=LOWER(%%s)" % prefix, username)
 
         # No data? No login.
         if (cursor.rowcount == 0):
@@ -70,7 +73,7 @@ class PhpBBBackend:
         row = cursor.fetchone()
         conn.close()
 
-        if (md5.new(password).hexdigest() == row[0]):
+        if (self.hash.check_password(password, row[0])):
             return row[1]
         else:
             return False
@@ -104,3 +107,4 @@ class PhpBBBackend:
         except User.DoesNotExist:
             return None
     
+# vim: set sts=4 sw=4 expandtab: