From 7c0a007a9220cff51fc3106452631a6ed7b21644 Mon Sep 17 00:00:00 2001
From: Matthijs Kooijman <matthijs@stdin.nl>
Date: Mon, 28 Jun 2010 13:36:47 +0200
Subject: [PATCH] phpbb_login: Make the table prefix configurable.

---
 conf/auth/phpbb_login.py | 11 ++++++++---
 conf/farmconfig.py       |  1 +
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/conf/auth/phpbb_login.py b/conf/auth/phpbb_login.py
index 0e93517..dbf343e 100644
--- a/conf/auth/phpbb_login.py
+++ b/conf/auth/phpbb_login.py
@@ -17,7 +17,7 @@ class phpbb_login(BaseAuth):
     logout_possible = True
     login_inputs    = ['username', 'password']
     
-    def __init__(self, name='phpbb', dbhost=None, dbuser=None, dbpass=None, dbname=None, dbport=None, hint=None):
+    def __init__(self, name='phpbb', dbhost=None, dbuser=None, dbpass=None, dbname=None, dbport=None, phpbb_prefix='', hint=None):
         """
             Authenticate using credentials from a phpbb database
 
@@ -30,6 +30,7 @@ class phpbb_login(BaseAuth):
         self.dbpass  = dbpass
         self.dbname  = dbname
         self.dbport  = dbport
+        self.phpbb_prefix = phpbb_prefix
         self.name    = name
         self.hint    = hint
     
@@ -42,9 +43,13 @@ class phpbb_login(BaseAuth):
         if not conn:
             return False
 
-        # Get some data
+        # Get some data. Note that we interpolate the prefix ourselves, since
+        # letting the mysql library do it only works with values (it adds ''
+        # automatically). Note also that this allows possible SQL injection
+        # through the phpbb_prefix variable, but that should be a trusted
+        # value anyway.
         cursor = conn.cursor ()
-        cursor.execute ("SELECT user_password,user_email FROM lex_users WHERE username=%s", username)
+        cursor.execute ("SELECT user_password,user_email FROM `%susers` WHERE username=%%s" % self.phpbb_prefix, username)
 
         # No data? No login.
         if (cursor.rowcount == 0):
diff --git a/conf/farmconfig.py b/conf/farmconfig.py
index 2dd9e2b..57511d0 100644
--- a/conf/farmconfig.py
+++ b/conf/farmconfig.py
@@ -173,6 +173,7 @@ class FarmConfig(DefaultConfig):
         dbuser  = phpbb_dbuser,
         dbpass  = phpbb_dbpass,
         dbname  = phpbb_dbname,
+        phpbb_prefix = 'lex_',
         hint    = "Hier kunnen bestuursleden van Evolution Events inloggen om wijzigingen te maken."
     )
     auth = [phpbb]
-- 
2.30.2