PHP User password encryption algorithm analysis "Discuz encryption algorithm" _php skills

Source: Internet
Author: User
Tags md5 md5 encryption php code php programming php regular expression

This article describes the PHP user password encryption algorithm. Share to everyone for your reference, specific as follows:

Today, take discuz two development needs in the code to verify discuz username password, the result accidentally fell into the pit, because Discuz forum has two tables to store user data, a discuz in the database Ultrax inside Pre_common_ Member inside, the other is stored in the Ucenter database Ucenter uc_members table. It took a lot of effort to study the Pre_common_member data in the Ultrax Library, to study how its passwords were generated, and to search for a salt that was randomly generated on the web.

How does this randomly generated salt validate at logon? Then on the net said actually Discuz is useless that password, oneself experiment a bit, really so, even if the user password of pre_common_member inside change, still can log in normally, it seems this password is useless at all, harm me to revolve a big circle.

Well, to get to the point, discuz encryption algorithm is actually two times MD5 encryption, first with clear text for a one-time encryption, and then randomly generated a salt, and then the first ciphertext after the addition of salt as a clear again MD5 encryption. The salt is stored in the Uc_members table and can be obtained by user name.

Like this:

MD5 (MD5 (plaintext) +salt)

The following is the implementation code for. NET:

String getdiscuzpwstring (String sourcestr, string salt)
{return
   Getmd5hash (string. Concat (Getmd5hash (SOURCESTR), salt));
String Getmd5hash (String input)
{
  MD5 md5hasher = MD5. Create ();
  byte[] data = Md5hasher.computehash (Encoding.Default.GetBytes (input));
  StringBuilder Sbuilder = new StringBuilder ();
  for (int i = 0; i < data. Length; i++)
  {
    sbuilder.append (Data[i]. ToString ("X2"));
  }
  return sbuilder.tostring ();
}

Summary Password judgment way:

① to install UC

② Open the database to find the uc_members this table, look for the last field "salt", copy the value inside

③ Pseudo Code:

$s =MD5 (MD5 ("password"). " The value of the Salt field ");
Echo $s;

④ use if to judge

⑤, say it again! That's a random 6-digit number!

PS: About encryption and decryption interested friends can also refer to the site online tools:

Password Security online detection:
Http://tools.jb51.net/password/my_password_safe

High Strength Password Generator:
Http://tools.jb51.net/password/CreateStrongPassword

MD5 Online Encryption Tool:
Http://tools.jb51.net/password/CreateMD5Password

Thunderbolt, Express, Cyclone URL encryption/decryption tool:
Http://tools.jb51.net/password/urlrethunder

Online hashing/hashing algorithm encryption tool:
Http://tools.jb51.net/password/hash_encrypt

For more information on PHP related content readers can view the site topics: "PHP Encryption Method Summary", "PHP code and transcoding Operation Skills Summary", "PHP object-oriented Program Design Introductory Course", "PHP Mathematical Arithmetic Skills summary", "PHP Array" operation Skills Encyclopedia, " Summary of PHP string usage, PHP data structure and algorithm tutorial, PHP programming algorithm Summary, PHP Regular Expression usage summary, and PHP Common database operation Skills Summary

I hope this article will help you with the PHP program design.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.