Hi Anthony, Thank you for your reply. I will investigate these options and will let the group know how I get on.
Cheers, John On Dec 13, 5:22 pm, Anthony <abasta...@gmail.com> wrote: > On Tuesday, December 13, 2011 10:50:15 AM UTC-5, greenguerilla wrote: > > > Hi, > > > I have also been trying to migrate existing user accounts from phpbb > > to a web2py system. > > The below solution works well for registering new users, however in > > order to successfully validate these passwords during the login > > process > > I made some changes to the framework itself: > > > I have added into gluon/tools.py at line 1753 (latest stable version > > of web2py) at the end of the 'user is > > in db' clause of the login method of the Auth class. > > > if self.phpbb_checkpw(temp_user[passfield], request.vars[passfield]): > > user = temp_user > > > This phpbb_checkpw function returns True or False depending on whether > > or not the plaintext passwords (from form) matches the stored hash. > > This is an awkward way to do things and I am wondering if there are > > any hooks I can avail of in order to validate a user entered plaintext > > password against the stored hash and thus keep my custom code outside > > of the framework? > > As suggested earlier, can you just create a custom validator for the > password field that hashes it, so it will match the stored hash? > > Another option is using auth.settings.login_onvalidation, which is a > function that takes the login form (and can manipulate the form vars) right > after validation (but before the rest of the login logic). > > Anthony > > > > > > > >
