This article describes the PHP user password encryption algorithm. Share to everyone for your reference, specific as follows:
Today, take discuz two development needs in the code to verify discuz username password, the result accidentally fell into the pit, because Discuz forum has two tables to store user data, a discuz in the database Ultrax inside Pre_common_ Member inside, the other is stored in the Ucenter database Ucenter uc_members table. It took a lot of effort to study the Pre_common_member data in the Ultrax Library, to study how its passwords were generated, and to search for a salt that was randomly generated on the web.
How does this randomly generated salt validate at logon? Then on the net said actually Discuz is useless that password, oneself experiment a bit, really so, even if the user password of pre_common_member inside change, still can log in normally, it seems this password is useless at all, harm me to revolve a big circle.
Well, to get to the point, discuz encryption algorithm is actually two times MD5 encryption, first with clear text for a one-time encryption, and then randomly generated a salt, and then the first ciphertext after the addition of salt as a clear again MD5 encryption. The salt is stored in the Uc_members table and can be obtained by user name.
Like this:
MD5 (MD5 (plaintext) +salt)
The following is the implementation code for. NET:
String getdiscuzpwstring (String sourcestr, string salt)
{return
Getmd5hash (string. Concat (Getmd5hash (SOURCESTR), salt));
String Getmd5hash (String input)
{
MD5 md5hasher = MD5. Create ();
byte[] data = Md5hasher.computehash (Encoding.Default.GetBytes (input));
StringBuilder Sbuilder = new StringBuilder ();
for (int i = 0; i < data. Length; i++)
{
sbuilder.append (Data[i]. ToString ("X2"));
}
return sbuilder.tostring ();
}
Summary Password judgment way:
① to install UC
② Open the database to find the uc_members this table, look for the last field "salt", copy the value inside
③ Pseudo Code:
$s =MD5 (MD5 ("password"). " The value of the Salt field ");
Echo $s;
④ use if to judge
⑤, say it again! That's a random 6-digit number!
PS: About encryption and decryption interested friends can also refer to the site online tools:
Password Security online detection:
Http://tools.jb51.net/password/my_password_safe
High Strength Password Generator:
Http://tools.jb51.net/password/CreateStrongPassword
MD5 Online Encryption Tool:
Http://tools.jb51.net/password/CreateMD5Password
Thunderbolt, Express, Cyclone URL encryption/decryption tool:
Http://tools.jb51.net/password/urlrethunder
Online hashing/hashing algorithm encryption tool:
Http://tools.jb51.net/password/hash_encrypt
For more information on PHP related content readers can view the site topics: "PHP Encryption Method Summary", "PHP code and transcoding Operation Skills Summary", "PHP object-oriented Program Design Introductory Course", "PHP Mathematical Arithmetic Skills summary", "PHP Array" operation Skills Encyclopedia, " Summary of PHP string usage, PHP data structure and algorithm tutorial, PHP programming algorithm Summary, PHP Regular Expression usage summary, and PHP Common database operation Skills Summary
I hope this article will help you with the PHP program design.