PHP user password encryption algorithm example analysis

墨辰丷
Release: 2023-03-28 20:52:02
Original
1506 people have browsed it

This article mainly introduces the PHP user password encryption algorithm, analyzes the principle of the Discuz encryption algorithm in more detail, and compares the implementation method of the .net algorithm with examples, and summarizes the process and implementation method of PHP user encryption. Friends in need can refer to

Today when I was using Discuz for secondary development, I needed to verify the Discuz username and password in the code. As a result, I accidentally fell into a pit because the Discuz forum had two tables. To store user data, one is in pre_common_member in Discuz's database ultrax, and the other is stored in the uc_members table in UCenter's database ucenter. I spent a lot of time studying the pre_common_member data in the ultrax library and how its password was generated. As a result, I searched and found a salt that was said to be randomly generated on the Internet

I thought this How to verify the randomly generated salt when logging in? Then the Internet said that Discuz actually didn’t use that password at all. I tried it myself and found that it was true. Even if I changed the user password in pre_common_member, I could still log in normally. It seemed that this password was useless at all, which caused me to go through a big detour. circle.

Okay, let’s get to the point. Discuz’s password encryption algorithm is actually two MD5 encryptions. First, encrypt once with plain text, then randomly generate a salt, and then add salt after the first cipher text as plain text. Perform MD5 encryption again. The salt is stored in the uc_members table and can be obtained by user name.

Like this:

MD5(MD5(plaintext) salt)

The following is the implementation code of .net:

string GetDiscuzPWString(string sourceStr, string salt)
{
   return GetMd5Hash(string.Concat(GetMd5Hash(sourceStr),salt));
}
string GetMd5Hash(string input)
{
  MD5 md5Hasher = MD5.Create();
  byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
  StringBuilder sBuilder = new StringBuilder();
  for (int i = 0; i < data.Length; i++)
  {
    sBuilder.Append(data[i].ToString("x2"));
  }
  return sBuilder.ToString();
}
Copy after login

Summarize the password judgment method:

① To install UC

② Open the database and find the uc_members table, looking for the last one Field "salt", copy the value inside

③ Pseudo code:

$s=md5(md5("密码")."salt字段的值");
echo $s;
Copy after login

④ Use IF to judge

⑤ Let’s talk once! That random number is 6 digits!

Summary: The above is the entire content of this article, I hope it will be helpful to everyone's study.

Related recommendations:

Detailed graphic explanation of PHP memory caching function memcached

phpEncapsulated smarty class case

phpEncapsulated smartyBC class

The above is the detailed content of PHP user password encryption algorithm example analysis. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!