Login

phpbb (2.x) authentication backend

Author:
bram
Posted:
July 25, 2008
Language:
Python
Version:
.96
Tags:
authentication backend phpbb
Score:
-1 (after 3 ratings)

This class not only checks an old-style phpbb 2.x password, when the user successfully logs in, it rehashes the (correct) password in the newstyle hash and saves it. Eradicating the old, quite unsafe stored md5 password.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
from django.contrib.auth.models import User
import hashlib

class PhpbbAuthenticationBackend:
    def authenticate(self, username=None, password=None):
        try:
            # phpbb 2.x encodes passwords as plain md5 hashes, no salt
            pass_md5 = hashlib.md5(password).hexdigest()
            user = User.objects.get(username=username, password=pass_md5)
            
            # get rid of the old-style password, get with the new style!
            user.set_password(password)
            user.save()

            return user
        except User.DoesNotExist:
            return None

More like this

  1. Email or username authentication with masquerading by petrilli 5 years, 10 months ago
  2. Old MySQL Password Hash by tback 5 years, 11 months ago
  3. MoinMoin auth backend by yourcelf 4 years, 6 months ago
  4. Password Reset Form Newforms by glisha 8 years ago
  5. No Password E-mail by jefferya 6 years, 2 months ago

Comments

mk (on July 25, 2008):

You'll be delighted to hear that the code in django.contrib.auth does exactly that already. See User.check_password in django/contrib/auth/models.py around line 180 (current SVN trunk, r8069)

#

bram (on July 25, 2008):

sigh here I was thinking I had done something useful :)

#

Please login first before commenting.