logout_possible = True
login_inputs = ['username', 'password']
- def __init__(self, name='phpbb', dbhost=None, dbuser=None, dbpass=None, dbname=None, dbport=None, hint=None):
+ def __init__(self, name='phpbb', dbhost=None, dbuser=None, dbpass=None, dbname=None, dbport=None, phpbb_prefix='', hint=None):
"""
Authenticate using credentials from a phpbb database
self.dbpass = dbpass
self.dbname = dbname
self.dbport = dbport
+ self.phpbb_prefix = phpbb_prefix
self.name = name
self.hint = hint
if not conn:
return False
- # Get some data
+ # Get some data. Note that we interpolate the prefix ourselves, since
+ # letting the mysql library do it only works with values (it adds ''
+ # automatically). Note also that this allows possible SQL injection
+ # through the phpbb_prefix variable, but that should be a trusted
+ # value anyway.
cursor = conn.cursor ()
- cursor.execute ("SELECT user_password,user_email FROM lex_users WHERE username=%s", username)
+ cursor.execute ("SELECT user_password,user_email FROM `%susers` WHERE username=%%s" % self.phpbb_prefix, username)
# No data? No login.
if (cursor.rowcount == 0):
projects / matthijs / projects / wipi.git / commitdiff