If you want to use ucenter smoothly, then this article must
Hong Sing's series of products, including Discuz, Uchome, Supesite are integrated with the same user system--ucenter, the user login password is also saved in Ucenter, for other systems to integrate or export data to the Ucenter system, often encounter the problem of password generation, Here is a discussion of the Ucenter user password algorithm rules and generation methods.
Password usually use MD5 to the user password hash after the method saved in the database, if the hacker got this hash value, then can use a dictionary brute force hack, if the dictionary database is large enough, and the dictionary is more consistent with people's settings habits, it is easy to crack common passwords, So Ucenter uses a salt to prevent this brute force hack, salt is a random string, it is connected with the password, and then one-way function to its operation, and then the salt value of each one-way function operation results into the database. If the number of possible salt values is large enough, it actually eliminates the dictionary attacks on commonly used passwords, because it is not possible for a hacker to store so many salt and hash values in the user password combination in the database.
Ucenter's founder password is saved in the file, open the UC/data/config.inc.php file, inside the UC_FOUNDERPW saved is the password, and Uc_foundersalt saved is the salt value, The creation rule for the founder password is: UC_FOUNDERPW=MD5 (MD5 (PASSWORD) Uc_foundersalt), which is to MD5 the password first, then add the salt, and then MD5 again, The resulting hash value is saved in the config.inc.php file, so modifying the value inside the UC_FOUNDERPW can modify the Ucenter's founder password.
Ucenter user information is stored in the Uc_members table, in which each user has a different random salt field, the Password field in the table is the calculated password, the password calculation rule is $PASSWORD=MD5 (MD5 ($ password). $salt), that is, after MD5 the user's password, add a salt, and then MD5, saved in the password field.
Therefore, if a different system of data conversion, according to this principle, the other system's user name and password calculation, import ucenter uc_members table, to achieve user migration. For example, if the original system uses an algorithm such as MD5 (password) to save the password, then the program randomly generated salt, and then calculate the cumulative MD5, so it is easy to calculate the user in the Ucenter user password hash value, so as to achieve seamless user migration.
However, if the original system is using MD5 (Password+salt) to save the password, it will not be able to achieve a smooth password migration ucenter, even if the migration, can only be used to artificially ucenter its password add a salt to use, therefore, We usually design the system user password, should try to use MD5 (MD5 (password) +salt) way to save the password, so as to facilitate the implementation and Ucenter interface, and ensure security, usually for English user name, Self-built systems use username to make salt a simple method.
Ucenter cipher algorithm rules and Generation methods