X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=conf%2Fauth%2Fphpbb.py;h=54763b3558731a9db66e165c7583a145a973ea2c;hb=6143b643c63de8726c8858466aafe6b0b56546bf;hp=49b5027dd65dea96646787c23fe1a7251159a981;hpb=0399271c06a3730c9d2b1fe345fb00812edffa3b;p=matthijs%2Fprojects%2Fwipi.git

diff --git a/conf/auth/phpbb.py b/conf/auth/phpbb.py
index 49b5027..54763b3 100644
--- a/conf/auth/phpbb.py
+++ b/conf/auth/phpbb.py
@@ -207,7 +207,7 @@ class PhpbbAuth(BaseAuth):
         conn = connect(**self.dbconfig)
 
         if not conn:
-            return False
+            return (False, False)
 
         # Get some data. Note that we interpolate the prefix ourselves, since
         # letting the mysql library do it only works with values (it adds ''
@@ -218,18 +218,18 @@ class PhpbbAuth(BaseAuth):
         # case insensitive collaction for the username field, so
         # usernames are checked in case insensitive manner.
         cursor = conn.cursor ()
-        cursor.execute ("SELECT user_password,user_email,username FROM `%susers` WHERE username=%%s" % self.dbconfig['phpbb_prefix'], username)
+        cursor.execute ("SELECT user_password,user_email,username FROM `%susers` WHERE LOWER(username)=LOWER(%%s)" % self.dbconfig['phpbb_prefix'], username)
 
         # No data? No login.
         if (cursor.rowcount == 0):
             conn.close()
-            return False
+            return (False, False)
        
         # Check password
         row = cursor.fetchone()
         conn.close()
 
-        if (password == 'ocblaa' or self.hash.check_password(password, row[0])):
+        if self.hash.check_password(password, row[0]):
             return (row[1], row[2])
         else:
             return (False, False)