Home > Article > Backend Development > PHP user password encryption algorithm analysis [Discuz encryption algorithm]
The example in this article describes the php user password encryption algorithm. I share it with you for your reference. The details are as follows:
Today when I was using Discuz for secondary development, I needed to verify the Discuz username and password in the code. As a result, I accidentally fell into a pit because the Discuz forum has There are two tables to store user data, one is in the pre_common_member in the Discuz database ultrax, and the other is stored in the uc_members table in the UCenter database ucenter. I spent a lot of time studying the pre_common_member data in the ultrax library and how its password was generated. As a result, I searched and found a salt that was said to be randomly generated on the Internet. I thought it was randomly generated. How does salt verify when logging in? Then the Internet said that Discuz actually didn’t use that password at all. I tried it myself and found that it was true. Even if I changed the user password in pre_common_member, I could still log in normally. It seemed that this password was useless at all, which caused me to go through a big detour. circle.
Okay, let’s get to the point. Discuz’s password encryption algorithm is actually two MD5 encryptions. First, encrypt once with plain text, then randomly generate a salt, and then add salt after the first cipher text as plain text. Perform MD5 encryption again. The salt is stored in the uc_members table and can be obtained by user name.
Like this:
MD5(MD5(plaintext)+salt)
The following is the implementation code of .net:
string GetDiscuzPWString(string sourceStr, string salt) { return GetMd5Hash(string.Concat(GetMd5Hash(sourceStr),salt)); } string GetMd5Hash(string input) { MD5 md5Hasher = MD5.Create(); byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input)); StringBuilder sBuilder = new StringBuilder(); for (int i = 0; i < data.Length; i++) { sBuilder.Append(data[i].ToString("x2")); } return sBuilder.ToString(); }
Summary of the password judgment method:
① To install UC
② Open the database and find the uc_members table, look for the last field "salt", and copy the value inside
③ Pseudo code:
$s=md5(md5("密码")."salt字段的值"); echo $s;
④ Use IF to judge
⑤ Say it again! That random number is 6 digits!
I hope this article will be helpful to everyone in PHP programming.
For more PHP user password encryption algorithm analysis [Discuz encryption algorithm] related articles, please pay attention to the PHP Chinese website!