1

Sorry, if this is a newbie question.

We're building an analytics application, with different components. The visualization and web app is in Django, backend connecting drivers are written using PHP, and various analytics are written in python (precomputed, django is only responsible for rendering).

All these components access and update the same database (mysql). The tables were created by Django ORM, but are updated by Python scripts (mysqldb) and PHP as required.

Are there any unseen downsides to this approach of mixing django ORM access and direct database access? For the python component, we could use ('from django.core.management import setup_environ'), but its more efficient to have direct control over SQL statements. Is there a better design approach that we should be aware of?

The only downside is we can think of, is the added complexity to future changes to the database/models.py, but that's something we can live with.

Thanks!

user537437
  • 33
  • 5

1 Answers1

2

Answering this myself.

We have this working fine since several weeks. The only downside of course, is that if we make changes to models.py (using django ORM), we have to tweak PHP code by hand, which would be expected.

For authenticated users, the PHP code uses data from auth_user to authenticate incoming connections. The exact use of password + salt to generate hash is documented in other posts, see What is the format in which Django passwords are stored in the database?.

Edit: @Josh asked for the PHP snippet, here it is:

// ASSUMES YOU HAVE django username and password from web form POST request

// GET THE HASH + SALT FOR THIS USER
$query = "SELECT password FROM auth_user WHERE username = '$_POST[email]' LIMIT 1 ";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
list($algo,$salt,$pass) = explode('$',$row['password']);

// RE-HASH PASSWORD from POST request
$hash = sha1($salt . $_POST['password']);
$hash = "sha1$$salt$$hash";

// GET HASH FROM DATABASE TO COMPARE 
$query = "SELECT username FROM auth_user WHERE password = '$hash' LIMIT 1";
$result = mysql_query($query) or die(mysql_error());
Community
  • 1
  • 1
user537437
  • 33
  • 5
  • I would like to see the php snippet of logging into django users with php, I'm looking to do something similar. –  Jan 28 '11 at 21:02