Discuz user password encryption algorithm

I thought how to verify the randomly generated salt during login? Then I said on the Internet that Discuz didn't use that password at all. I tried it myself. If so, even if the user password in pre_common_member is changed, the user can log on normally. It seems that this password is useless at all, it makes me go around a big circle.

Now, let's get started. The Discuz password encryption algorithm is actually two MD5 encryption. First, the plaintext is used for one encryption, and then a random salt is generated, add salt after the first ciphertext as the plaintext and then perform MD5 encryption again. Salt is saved in the uc_members table and can be obtained by user name.

Like this:

MD5 (MD5 (plaintext) + salt)

The following is the implementation code of. net:

The code is as follows:

Copy code

String GetDiscuzPWString (string sourceStr, string salt) { Return GetMd5Hash (string. Concat (GetMd5Hash (sourceStr), salt )); } String GetMd5Hash (string input) { MD5 md5Hasher = MD5.Create (); Byte [] data = md5Hasher. ComputeHash (Encoding. Default. GetBytes (input )); StringBuilder sBuilder = new StringBuilder (); For (int I = 0; I & lt; data. Length; I ++)     { SBuilder. Append (data [I]. ToString ("x2 "));     } Return sBuilder. ToString (); }

Summary password judgment method
1: to install UC
2: Open the database, find the uc_members table, find the last field "salt", and copy the value.
3:
$ S = md5 (md5 ("password"). "salt field value ");
Echo $ s;
4: Use IF to determine
5: once again! The random number is 6 digits!