Login

phpbb (2.x) authentication backend

Author:
bram
Posted:
July 25, 2008
Language:
Python
Version:
.96
Score:
-1 (after 3 ratings)

This class not only checks an old-style phpbb 2.x password, when the user successfully logs in, it rehashes the (correct) password in the newstyle hash and saves it. Eradicating the old, quite unsafe stored md5 password.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
from django.contrib.auth.models import User
import hashlib

class PhpbbAuthenticationBackend:
    def authenticate(self, username=None, password=None):
        try:
            # phpbb 2.x encodes passwords as plain md5 hashes, no salt
            pass_md5 = hashlib.md5(password).hexdigest()
            user = User.objects.get(username=username, password=pass_md5)
            
            # get rid of the old-style password, get with the new style!
            user.set_password(password)
            user.save()

            return user
        except User.DoesNotExist:
            return None

More like this

  1. Template tag - list punctuation for a list of items by shapiromatron 10 months, 1 week ago
  2. JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 10 months, 2 weeks ago
  3. Serializer factory with Django Rest Framework by julio 1 year, 5 months ago
  4. Image compression before saving the new model / work with JPG, PNG by Schleidens 1 year, 6 months ago
  5. Help text hyperlinks by sa2812 1 year, 6 months ago

Comments

mk (on July 25, 2008):

You'll be delighted to hear that the code in django.contrib.auth does exactly that already. See User.check_password in django/contrib/auth/models.py around line 180 (current SVN trunk, r8069)

#

bram (on July 25, 2008):

sigh here I was thinking I had done something useful :)

#

Please login first before commenting.