PHP user password encryption algorithm analysis [Discuz encryption algorithm]

The example in this article describes the php user password encryption algorithm. I share it with you for your reference. The details are as follows:

Today when I was using Discuz for secondary development, I needed to verify the Discuz username and password in the code. As a result, I accidentally fell into a pit because the Discuz forum has There are two tables to store user data, one is in the pre_common_member in the Discuz database ultrax, and the other is stored in the uc_members table in the UCenter database ucenter. I spent a lot of time studying the pre_common_member data in the ultrax library and how its password was generated. As a result, I searched and found a salt that was said to be randomly generated on the Internet. I thought it was randomly generated. How does salt verify when logging in? Then the Internet said that Discuz actually didn’t use that password at all. I tried it myself and found that it was true. Even if I changed the user password in pre_common_member, I could still log in normally. It seemed that this password was useless at all, which caused me to go through a big detour. circle.

Okay, let’s get to the point. Discuz’s password encryption algorithm is actually two MD5 encryptions. First, encrypt once with plain text, then randomly generate a salt, and then add salt after the first cipher text as plain text. Perform MD5 encryption again. The salt is stored in the uc_members table and can be obtained by user name.

Like this:

MD5(MD5(plaintext)+salt)

The following is the implementation code of .net:

string GetDiscuzPWString(string sourceStr, string salt)
{
   return GetMd5Hash(string.Concat(GetMd5Hash(sourceStr),salt));
}
string GetMd5Hash(string input)
{
  MD5 md5Hasher = MD5.Create();
  byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
  StringBuilder sBuilder = new StringBuilder();
  for (int i = 0; i < data.Length; i++)
  {
    sBuilder.Append(data[i].ToString("x2"));
  }
  return sBuilder.ToString();
}

Summary of the password judgment method:

① To install UC

② Open the database and find the uc_members table, look for the last field "salt", and copy the value inside

③ Pseudo code:

$s=md5(md5("密码")."salt字段的值");
echo $s;

④ Use IF to judge

⑤ Say it again! That random number is 6 digits!

I hope this article will be helpful to everyone in PHP programming.

For more PHP user password encryption algorithm analysis [Discuz encryption algorithm] related articles, please pay attention to the PHP Chinese website!