Home  >  Article  >  Backend Development  >  PHP user password encryption algorithm analysis [Discuz encryption algorithm]

PHP user password encryption algorithm analysis [Discuz encryption algorithm]

高洛峰
高洛峰Original
2017-02-06 16:12:282067browse

The example in this article describes the php user password encryption algorithm. I share it with you for your reference. The details are as follows:

Today when I was using Discuz for secondary development, I needed to verify the Discuz username and password in the code. As a result, I accidentally fell into a pit because the Discuz forum has There are two tables to store user data, one is in the pre_common_member in the Discuz database ultrax, and the other is stored in the uc_members table in the UCenter database ucenter. I spent a lot of time studying the pre_common_member data in the ultrax library and how its password was generated. As a result, I searched and found a salt that was said to be randomly generated on the Internet. I thought it was randomly generated. How does salt verify when logging in? Then the Internet said that Discuz actually didn’t use that password at all. I tried it myself and found that it was true. Even if I changed the user password in pre_common_member, I could still log in normally. It seemed that this password was useless at all, which caused me to go through a big detour. circle.

Okay, let’s get to the point. Discuz’s password encryption algorithm is actually two MD5 encryptions. First, encrypt once with plain text, then randomly generate a salt, and then add salt after the first cipher text as plain text. Perform MD5 encryption again. The salt is stored in the uc_members table and can be obtained by user name.

Like this:

MD5(MD5(plaintext)+salt)

The following is the implementation code of .net:

string GetDiscuzPWString(string sourceStr, string salt)
{
   return GetMd5Hash(string.Concat(GetMd5Hash(sourceStr),salt));
}
string GetMd5Hash(string input)
{
  MD5 md5Hasher = MD5.Create();
  byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
  StringBuilder sBuilder = new StringBuilder();
  for (int i = 0; i < data.Length; i++)
  {
    sBuilder.Append(data[i].ToString("x2"));
  }
  return sBuilder.ToString();
}

Summary of the password judgment method:

① To install UC

② Open the database and find the uc_members table, look for the last field "salt", and copy the value inside

③ Pseudo code:

$s=md5(md5("密码")."salt字段的值");
echo $s;

④ Use IF to judge

⑤ Say it again! That random number is 6 digits!

I hope this article will be helpful to everyone in PHP programming.

For more PHP user password encryption algorithm analysis [Discuz encryption algorithm] related articles, please pay attention to the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn