Hi,

I have also been trying to migrate existing user accounts from phpbb
to a web2py system.
The below solution works well for registering new users, however in
order to successfully validate these passwords during the login
process
I made some changes to the framework itself:

I have added into gluon/tools.py at line 1753 (latest stable version
of web2py) at the end of the 'user is
in db' clause of the login method of the Auth class.

if self.phpbb_checkpw(temp_user[passfield], request.vars[passfield]):
    user = temp_user

This phpbb_checkpw function returns True or False depending on whether
or not the plaintext passwords (from form) matches the stored hash.
This is an awkward way to do things and I am wondering if there are
any hooks I can avail of in order to validate a user entered plaintext
password against the stored hash and thus keep my custom code outside
of the framework?

Thanks!

John




On Dec 12, 3:24 pm, Massimo Di Pierro <massimo.dipie...@gmail.com>
wrote:
> yes.
>
> On Dec 12, 5:56 am, thodoris <pasxi...@gmail.com> wrote:
>
>
>
>
>
> > I am trying to migrate users fromphpBBwhose passwords have been encrypted
> > with php_pass. There is a python module that mimics the functionality of
> > php_pass and i am wondering what is the best way to override the default
> > encryption of web2py.
>
> > Is it sufficient to override CRYPT() using something like:
>
> > db.auth_user.password.requires = MyCrypt()
>
> > Thanks

Reply via email to