Fixing phorum's authentication handler to add support for md5'ed pass…

…words

auth/phorum_mysql_users.py

@@ -1,9 +1,10 @@
 #!/usr/bin/env python
 # Copyright (c) 2002 Joao Prado Maia. See the LICENSE file for more information.
-# $Id: phorum_mysql_users.py,v 1.3 2003-04-26 00:24:55 jpm Exp $
+# $Id: phorum_mysql_users.py,v 1.4 2003-09-19 03:11:51 jpm Exp $
 import MySQLdb
 import settings
-import crypt
+import crypt
+import md5
 
 class Papercut_Auth:
     """
@@ -30,8 +31,13 @@ def is_valid_user(self, username, password):
         if num_rows == 0 or num_rows is None:
             settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username))
             return 0
-        db_password = self.cursor.fetchone()[0]
-        if db_password != crypt.crypt(password, password[:settings.PHP_CRYPT_SALT_LENGTH]):
+        db_password = self.cursor.fetchone()[0]
+        # somehow detect the version of phorum being used and guess the encryption type
+        if len(db_password) == 32:
+            result = (db_password != md5.new(password).hexdigest())
+        else:
+            result = (db_password != crypt.crypt(password, password[:settings.PHP_CRYPT_SALT_LENGTH]))
+        if not result:
             settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username))
             return 0
         else:

auth/phorum_pgsql_users.py

@@ -1,9 +1,10 @@
 #!/usr/bin/env python
 # Copyright (c) 2002 Joao Prado Maia. See the LICENSE file for more information.
-# $Id: phorum_pgsql_users.py,v 1.1 2003-04-26 00:22:12 jpm Exp $
+# $Id: phorum_pgsql_users.py,v 1.2 2003-09-19 03:11:51 jpm Exp $
 from pyPgSQL import PgSQL
 import settings
-import crypt
+import crypt
+import md5
 
 class Papercut_Auth:
     """
@@ -26,15 +27,17 @@ def is_valid_user(self, username, password):
                 WHERE
                     username='%s'
                 """ % (username)
-        print "sql ->", stmt
         num_rows = self.cursor.execute(stmt)
-        print "num_rows ->", num_rows
         if num_rows == 0 or num_rows is None:
             settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username))
             return 0
-        print "result ->", self.cursor.fetchone()
         db_password = self.cursor.fetchone()[0]
-        if db_password != crypt.crypt(password, password[:settings.PHP_CRYPT_SALT_LENGTH]):
+        # somehow detect the version of phorum being used and guess the encryption type
+        if len(db_password) == 32:
+            result = (db_password != md5.new(password).hexdigest())
+        else:
+            result = (db_password != crypt.crypt(password, password[:settings.PHP_CRYPT_SALT_LENGTH]))
+        if not result:
             settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username))
             return 0
         else:

auth/phpbb_mysql_users.py

@@ -1,10 +1,9 @@
 #!/usr/bin/env python
 # Copyright (c) 2002 Joao Prado Maia. See the LICENSE file for more information.
-# $Id: phpbb_mysql_users.py,v 1.3 2003-04-26 00:24:55 jpm Exp $
+# $Id: phpbb_mysql_users.py,v 1.4 2003-09-19 03:11:51 jpm Exp $
 import MySQLdb
 import settings
 import md5
-import binascii
 
 class Papercut_Auth:
     """
@@ -33,7 +32,7 @@ def is_valid_user(self, username, password):
             settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username))
             return 0
         db_password = self.cursor.fetchone()[0]
-        if db_password != binascii.hexlify(md5.new(password).digest()):
+        if db_password != md5.new(password).hexdigest():
             settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username))
             return 0
         else: