Php user password encryption algorithm analysis [Discuz encryption algorithm], discuz Encryption Algorithm

Php user password encryption algorithm analysis [Discuz encryption algorithm], discuz Encryption Algorithm

This example describes the php user password encryption algorithm. We will share this with you for your reference. The details are as follows:

During secondary development with Discuz today, the user name and password of Discuz need to be verified in the Code. The result is accidentally thrown into the trap because the Discuz forum has two tables to store user data, one is stored in pre_common_member of the Discuz database ultrax, and the other is stored in the uc_members table of the UCenter database ucenter. I spent a lot of time studying the data of the pre_common_member in the ultrax library and how the password was generated. I found that the online database was a randomly generated salt.

I thought how to verify the randomly generated salt during login? Then I said on the Internet that Discuz didn't use that password at all. I tried it myself. If so, even if the user password in pre_common_member is changed, the user can log on normally. It seems that this password is useless at all, it makes me go around a big circle.

Now, let's get started. The Discuz password encryption algorithm is actually two MD5 encryption. First, the plaintext is used for one encryption, and then a random salt is generated, add salt after the first ciphertext as the plaintext and then perform MD5 encryption again. Salt is saved in the uc_members table and can be obtained by user name.

Like this:

MD5 (MD5 (plaintext) + salt)

The following is the implementation code of. net:

string GetDiscuzPWString(string sourceStr, string salt){   return GetMd5Hash(string.Concat(GetMd5Hash(sourceStr),salt));}string GetMd5Hash(string input){  MD5 md5Hasher = MD5.Create();  byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));  StringBuilder sBuilder = new StringBuilder();  for (int i = 0; i < data.Length; i++)  {    sBuilder.Append(data[i].ToString("x2"));  }  return sBuilder.ToString();}

Summary password judgment method:

① Install UC

② Open the database and find the table uc_members. Find the last field "salt" and copy the value.

③ Pseudocode:

$ S = md5 (md5 ("password"). "salt Field Value"); echo $ s;

④ Use IF to judge

⑤ Again! The random number is 6 digits!

PS: if you are interested in encryption and decryption, refer to the online tools on this site:

Online Password Security Detection:
Http://tools.jb51.net/password/my_password_safe

High-strength Password generator:
Http://tools.jb51.net/password/CreateStrongPassword

MD5 online encryption tool:
Http://tools.jb51.net/password/CreateMD5Password

Thunder, express, and Tornado URL encryption/Decryption tools:
Http://tools.jb51.net/password/urlrethunder

Online hash/hash algorithm encryption tool:
Http://tools.jb51.net/password/hash_encrypt