Home > Article > Backend Development > PHP user password encryption algorithm example analysis
This article mainly introduces the PHP user password encryption algorithm, analyzes the principle of the Discuz encryption algorithm in more detail, and compares the implementation method of the .net algorithm with examples, and summarizes the process and implementation method of PHP user encryption. Friends in need can refer to
Today when I was using Discuz for secondary development, I needed to verify the Discuz username and password in the code. As a result, I accidentally fell into a pit because the Discuz forum had two tables. To store user data, one is in pre_common_member in Discuz's database ultrax, and the other is stored in the uc_members table in UCenter's database ucenter. I spent a lot of time studying the pre_common_member data in the ultrax library and how its password was generated. As a result, I searched and found a salt that was said to be randomly generated on the Internet
I thought this How to verify the randomly generated salt when logging in? Then the Internet said that Discuz actually didn’t use that password at all. I tried it myself and found that it was true. Even if I changed the user password in pre_common_member, I could still log in normally. It seemed that this password was useless at all, which caused me to go through a big detour. circle.
Okay, let’s get to the point. Discuz’s password encryption algorithm is actually two MD5 encryptions. First, encrypt once with plain text, then randomly generate a salt, and then add salt after the first cipher text as plain text. Perform MD5 encryption again. The salt is stored in the uc_members table and can be obtained by user name.
Like this:
MD5(MD5(plaintext) salt)
The following is the implementation code of .net:
string GetDiscuzPWString(string sourceStr, string salt) { return GetMd5Hash(string.Concat(GetMd5Hash(sourceStr),salt)); } string GetMd5Hash(string input) { MD5 md5Hasher = MD5.Create(); byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input)); StringBuilder sBuilder = new StringBuilder(); for (int i = 0; i < data.Length; i++) { sBuilder.Append(data[i].ToString("x2")); } return sBuilder.ToString(); }
Summarize the password judgment method:
① To install UC
② Open the database and find the uc_members table, looking for the last one Field "salt", copy the value inside
③ Pseudo code:
$s=md5(md5("密码")."salt字段的值"); echo $s;
④ Use IF to judge
⑤ Let’s talk once! That random number is 6 digits!
Summary: The above is the entire content of this article, I hope it will be helpful to everyone's study.
Related recommendations:
Detailed graphic explanation of PHP memory caching function memcached
phpEncapsulated smarty class case
phpEncapsulated smartyBC class
The above is the detailed content of PHP user password encryption algorithm example analysis. For more information, please follow other related articles on the PHP Chinese website!