小弟遇到这个问题。在服务器上运行的discuz论坛,用户名是honolulu和密码wanziliang,在数据库中加密后的密码是f38f085c1b938f2edbdd66de2f73e709 salt的值是9b4069现在我在自己的电脑上开发,需要用到现有的数据库。我把服务器上的数据导入到自己的电脑上,依然用honolulu和密码wanziliang, 依然使用salt的值是9b4069 但加密后却的值是5c0bdee70304fcc720f66adad7204e37, 和数据库不一致,是怎么回事?附上discuz加密的算法:md5(md5($password).$user['salt'])
1bc2be75151fdaed0b769682f2e31162
discuz的登录函数:
function check_login($username, $password, &$user) {
$user = $this->get_user_by_username($username);
if(empty($user['username'])) {
return -1;
} elseif($user['password'] != md5(md5($password).$user['salt'])) {
return -2;
}
return $user['uid'];
}discuz的注册函数:
function add_user($username, $password, $email, $uid = 0, $questionid = '', $answer = '', $regip = '') {
$regip = empty($regip) ? $this->base->onlineip : $regip;
$salt = substr(uniqid(rand()), -6);
$password = md5(md5($password).$salt);
$sqladd = $uid ? "uid='".intval($uid)."'," : '';
$sqladd .= $questionid > 0 ? " secques='".$this->quescrypt($questionid, $answer)."'," : " secques='',";
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."members SET $sqladd username='$username', password='$password', email='$email', regip='$regip', regdate='".$this->base->time."', salt='$salt'");
$uid = $this->db->insert_id();
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."memberfields SET uid='$uid'");
return $uid;
}
public function pwdAction(){ $members = new Pre_ucenter_members();//数据库相应的用户表,里面有password,username,salt等。 $usn = $this->getRequest()->getParam("username");//取页面的用户名
$pwd1 = $this->getRequest()->getParam("password");//取页面的密码 echo $pwd1; //顺便输出下,好检查 $user = $members->get_user_by_username($usn) ;//按用户名取salt的值 var_dump($user); echo $user['salt'];//顺便输出,检查
$pwd = md5(md5($password).$user['salt']);//discuz的加密算法,算后和数据库的密码比较,正确,则登录,否则,打回原形!
var_dump($pwd); //输出,经比较,加密后的密码是不对的!晕撒!
exit();
md5(md5($password.$user['salt']))