X-Git-Url: https://git.stderr.nl/gitweb?p=matthijs%2Fprojects%2Fdorestad-bookings.git;a=blobdiff_plain;f=auth.py;h=9d8566f9a4aa3889ee066cb939f7b429ae5fc7b2;hp=00c106d1e36625e6571d045c2d8604cdbf399b0e;hb=b8ab54abb0092e5e16cb8fbe65ec96fc0f7cef4e;hpb=8f82b787420a65cb08b42b59dea1929c76b77be4

diff --git a/auth.py b/auth.py
index 00c106d..9d8566f 100644
--- a/auth.py
+++ b/auth.py
@@ -1,8 +1,7 @@
 from django.conf import settings
 from django.contrib.auth.models import User, check_password
-import md5
 import MySQLdb
-
+import tools.phpass
 
 """
 This auth backend allows django to authenticate against an external phpbb
@@ -22,6 +21,9 @@ own database settings are used. This means, that, usually, you only have to
 specify the database name where phpbb lives.
 """
 class PhpBBBackend:
+    def __init__(self):
+        self.hash = tools.phpass.PasswordHash()
+
     def connect(self):
         host     = getattr(settings, 'PHPBB_DATABASE_HOST',     settings.DATABASE_HOST)
         port     = getattr(settings, 'PHPBB_DATABASE_PORT',     settings.DATABASE_PORT)
@@ -56,10 +58,11 @@ class PhpBBBackend:
 
     def check_login(self, username, password):
         conn = self.connect()
+        prefix = getattr(settings, 'PHPBB_TABLE_PREFIX',   '')
 
         # Get some data
         cursor = conn.cursor ()
-        cursor.execute ("SELECT user_password,user_email FROM users WHERE username=%s", username)
+        cursor.execute ("SELECT user_password,user_email FROM %susers WHERE username=%%s" % prefix, username)
 
         # No data? No login.
         if (cursor.rowcount == 0):
@@ -70,7 +73,7 @@ class PhpBBBackend:
         row = cursor.fetchone()
         conn.close()
 
-        if (md5.new(password).hexdigest() == row[0]):
+        if (self.hash.check_password(password, row[0])):
             return row[1]
         else:
             return False