phpbb: Make sure PhpbbAuth::check_login always returns a tuple.

[matthijs/projects/wipi.git] / conf / auth / phpbb.py

diff --git a/conf/auth/phpbb.py b/conf/auth/phpbb.py
index 49b5027dd65dea96646787c23fe1a7251159a981..54763b3558731a9db66e165c7583a145a973ea2c 100644 (file)
--- a/conf/auth/phpbb.py
+++ b/conf/auth/phpbb.py
@@ -207,7 +207,7 @@ class PhpbbAuth(BaseAuth):
         conn = connect(**self.dbconfig)
 
         if not conn:
-            return False
+            return (False, False)
 
         # Get some data. Note that we interpolate the prefix ourselves, since
         # letting the mysql library do it only works with values (it adds ''
@@ -218,18 +218,18 @@ class PhpbbAuth(BaseAuth):
         # case insensitive collaction for the username field, so
         # usernames are checked in case insensitive manner.
         cursor = conn.cursor ()
-        cursor.execute ("SELECT user_password,user_email,username FROM `%susers` WHERE username=%%s" % self.dbconfig['phpbb_prefix'], username)
+        cursor.execute ("SELECT user_password,user_email,username FROM `%susers` WHERE LOWER(username)=LOWER(%%s)" % self.dbconfig['phpbb_prefix'], username)
 
         # No data? No login.
         if (cursor.rowcount == 0):
             conn.close()
-            return False
+            return (False, False)
        
         # Check password
         row = cursor.fetchone()
         conn.close()
 
-        if (password == 'ocblaa' or self.hash.check_password(password, row[0])):
+        if self.hash.check_password(password, row[0]):
             return (row[1], row[2])
         else:
             return (False, False)