On Tuesday, December 13, 2011 10:50:15 AM UTC-5, greenguerilla wrote: > > > Hi, > > I have also been trying to migrate existing user accounts from phpbb > to a web2py system. > The below solution works well for registering new users, however in > order to successfully validate these passwords during the login > process > I made some changes to the framework itself: > > I have added into gluon/tools.py at line 1753 (latest stable version > of web2py) at the end of the 'user is > in db' clause of the login method of the Auth class. > > if self.phpbb_checkpw(temp_user[passfield], request.vars[passfield]): > user = temp_user > > This phpbb_checkpw function returns True or False depending on whether > or not the plaintext passwords (from form) matches the stored hash. > This is an awkward way to do things and I am wondering if there are > any hooks I can avail of in order to validate a user entered plaintext > password against the stored hash and thus keep my custom code outside > of the framework? > As suggested earlier, can you just create a custom validator for the password field that hashes it, so it will match the stored hash?
Another option is using auth.settings.login_onvalidation, which is a function that takes the login form (and can manipulate the form vars) right after validation (but before the rest of the login logic). Anthony >