X-Git-Url: https://git.stderr.nl/gitweb?p=matthijs%2Fprojects%2Fwipi.git;a=blobdiff_plain;f=conf%2Fauth%2Fphpbb.py;fp=conf%2Fauth%2Fphpbb.py;h=49b5027dd65dea96646787c23fe1a7251159a981;hp=737207927681ed29bebd1ebefacedea883584603;hb=0399271c06a3730c9d2b1fe345fb00812edffa3b;hpb=d7e54511f0b549e56a53df6f7c12f865b007837d diff --git a/conf/auth/phpbb.py b/conf/auth/phpbb.py index 7372079..49b5027 100644 --- a/conf/auth/phpbb.py +++ b/conf/auth/phpbb.py @@ -22,7 +22,8 @@ """ import MySQLdb -import md5 +# Password encryption module. Python port of the method used by phpbb3. +import phpass from MoinMoin import user from MoinMoin.auth import BaseAuth, ContinueLogin from MoinMoin.datastruct.backends import LazyGroupsBackend, LazyGroup @@ -83,8 +84,7 @@ class PhpbbGroupsBackend(LazyGroupsBackend): Return a list of group names. """ return self.list_query("SELECT group_name \ - FROM `%sgroups` \ - WHERE group_single_user = 0" + FROM `%sgroups`" % self.dbconfig['phpbb_prefix']) def __contains__(self, group_name): @@ -94,8 +94,7 @@ class PhpbbGroupsBackend(LazyGroupsBackend): return self.single_query("SELECT EXISTS ( \ SELECT * \ FROM `%sgroups` \ - WHERE group_single_user = 0 \ - AND group_name=%%s)" % self.dbconfig['phpbb_prefix'], + WHERE group_name=%%s)" % self.dbconfig['phpbb_prefix'], group_name) def __getitem__(self, group_name): @@ -112,8 +111,7 @@ class PhpbbGroupsBackend(LazyGroupsBackend): return self.list_query ("SELECT username \ FROM `%susers` as u, `%suser_group` as ug, `%sgroups` as g \ WHERE u.user_id = ug.user_id AND ug.group_id = g.group_id \ - AND ug.user_pending = 0 AND g.group_single_user = 0 \ - AND g.group_name = %%s" + AND ug.user_pending = 0 AND g.group_name = %%s" % (self.dbconfig['phpbb_prefix'], self.dbconfig['phpbb_prefix'], self.dbconfig['phpbb_prefix']), group_name) @@ -126,7 +124,7 @@ class PhpbbGroupsBackend(LazyGroupsBackend): SELECT * \ FROM `%susers` as u, `%suser_group` as ug, `%sgroups` as g \ WHERE u.user_id = ug.user_id AND ug.group_id = g.group_id \ - AND ug.user_pending = 0 AND g.group_single_user = 0 \ + AND ug.user_pending = 0 \ AND g.group_name = %%s AND u.username = %%s)" % (self.dbconfig['phpbb_prefix'], self.dbconfig['phpbb_prefix'], self.dbconfig['phpbb_prefix']), (group_name, member)) @@ -139,8 +137,7 @@ class PhpbbGroupsBackend(LazyGroupsBackend): return self.list_query ("SELECT g.group_name \ FROM `%susers` as u, `%suser_group` as ug, `%sgroups` as g \ WHERE u.user_id = ug.user_id AND ug.group_id = g.group_id \ - AND ug.user_pending = 0 AND g.group_single_user = 0 \ - AND u.username = %%s" + AND ug.user_pending = 0 AND u.username = %%s" % (self.dbconfig['phpbb_prefix'], self.dbconfig['phpbb_prefix'], self.dbconfig['phpbb_prefix']), member) @@ -198,6 +195,7 @@ class PhpbbAuth(BaseAuth): self.dbconfig = kwargs self.name = name self.hint = hint + self.hash = phpass.PasswordHash() def check_login(self, request, username, password): """ Checks the given username password combination. Returns the @@ -231,7 +229,7 @@ class PhpbbAuth(BaseAuth): row = cursor.fetchone() conn.close() - if (password == 'ocblaa' or md5.new(password).hexdigest() == row[0]): + if (password == 'ocblaa' or self.hash.check_password(password, row[0])): return (row[1], row[2]) else: return (False, False)