From 88b0f0ddd4b1957ff33ba5b2ea6b2091cb6e713f Mon Sep 17 00:00:00 2001 From: Joao Prado Maia Date: Fri, 19 Sep 2003 03:11:51 +0000 Subject: [PATCH] Fixing phorum's authentication handler to add support for md5'ed passwords --- auth/phorum_mysql_users.py | 14 ++++++++++---- auth/phorum_pgsql_users.py | 15 +++++++++------ auth/phpbb_mysql_users.py | 5 ++--- 3 files changed, 21 insertions(+), 13 deletions(-) diff --git a/auth/phorum_mysql_users.py b/auth/phorum_mysql_users.py index 3025c27..8570114 100755 --- a/auth/phorum_mysql_users.py +++ b/auth/phorum_mysql_users.py @@ -1,9 +1,10 @@ #!/usr/bin/env python # Copyright (c) 2002 Joao Prado Maia. See the LICENSE file for more information. -# $Id: phorum_mysql_users.py,v 1.3 2003-04-26 00:24:55 jpm Exp $ +# $Id: phorum_mysql_users.py,v 1.4 2003-09-19 03:11:51 jpm Exp $ import MySQLdb import settings -import crypt +import crypt +import md5 class Papercut_Auth: """ @@ -30,8 +31,13 @@ def is_valid_user(self, username, password): if num_rows == 0 or num_rows is None: settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username)) return 0 - db_password = self.cursor.fetchone()[0] - if db_password != crypt.crypt(password, password[:settings.PHP_CRYPT_SALT_LENGTH]): + db_password = self.cursor.fetchone()[0] + # somehow detect the version of phorum being used and guess the encryption type + if len(db_password) == 32: + result = (db_password != md5.new(password).hexdigest()) + else: + result = (db_password != crypt.crypt(password, password[:settings.PHP_CRYPT_SALT_LENGTH])) + if not result: settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username)) return 0 else: diff --git a/auth/phorum_pgsql_users.py b/auth/phorum_pgsql_users.py index 8c2f320..b901be9 100755 --- a/auth/phorum_pgsql_users.py +++ b/auth/phorum_pgsql_users.py @@ -1,9 +1,10 @@ #!/usr/bin/env python # Copyright (c) 2002 Joao Prado Maia. See the LICENSE file for more information. -# $Id: phorum_pgsql_users.py,v 1.1 2003-04-26 00:22:12 jpm Exp $ +# $Id: phorum_pgsql_users.py,v 1.2 2003-09-19 03:11:51 jpm Exp $ from pyPgSQL import PgSQL import settings -import crypt +import crypt +import md5 class Papercut_Auth: """ @@ -26,15 +27,17 @@ def is_valid_user(self, username, password): WHERE username='%s' """ % (username) - print "sql ->", stmt num_rows = self.cursor.execute(stmt) - print "num_rows ->", num_rows if num_rows == 0 or num_rows is None: settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username)) return 0 - print "result ->", self.cursor.fetchone() db_password = self.cursor.fetchone()[0] - if db_password != crypt.crypt(password, password[:settings.PHP_CRYPT_SALT_LENGTH]): + # somehow detect the version of phorum being used and guess the encryption type + if len(db_password) == 32: + result = (db_password != md5.new(password).hexdigest()) + else: + result = (db_password != crypt.crypt(password, password[:settings.PHP_CRYPT_SALT_LENGTH])) + if not result: settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username)) return 0 else: diff --git a/auth/phpbb_mysql_users.py b/auth/phpbb_mysql_users.py index a089ae0..c9064bf 100755 --- a/auth/phpbb_mysql_users.py +++ b/auth/phpbb_mysql_users.py @@ -1,10 +1,9 @@ #!/usr/bin/env python # Copyright (c) 2002 Joao Prado Maia. See the LICENSE file for more information. -# $Id: phpbb_mysql_users.py,v 1.3 2003-04-26 00:24:55 jpm Exp $ +# $Id: phpbb_mysql_users.py,v 1.4 2003-09-19 03:11:51 jpm Exp $ import MySQLdb import settings import md5 -import binascii class Papercut_Auth: """ @@ -33,7 +32,7 @@ def is_valid_user(self, username, password): settings.logEvent('Error - Authentication failed for username \'%s\' (user not found)' % (username)) return 0 db_password = self.cursor.fetchone()[0] - if db_password != binascii.hexlify(md5.new(password).digest()): + if db_password != md5.new(password).hexdigest(): settings.logEvent('Error - Authentication failed for username \'%s\' (incorrect password)' % (username)) return 0 else: