Jump to content
IPS Community Suite 简体中文

Search the Community

Showing results for tags 'password'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Public docs
  • Server Softwares
    • IPS
    • WordPress
  • 其它
    • Scratch
    • Python
    • Ubuntu & LinuxMint
    • Softwares
    • WordPress Plugins

Blogs

  • Dev

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 1 result

  1. ipscn

    IPS 中的用户密码算法

    本帖记录 IPS Community Suite 4.2.x 以及之前版本通用的用户密码算法。 <?php $userPassword = 'ips2ips2'; $members_pass_salt = 'f6PSetImYzzQmefpC6oKxN'; /*require_once __DIR__ . DIRECTORY_SEPARATOR . '../wp-load.php'; */ function legacyEscape($val) { $val = str_replace("&", "&", $val); $val = str_replace("<!--", "<!--", $val); $val = str_replace("-->", "-->", $val); $val = str_ireplace("<script", "<script", $val); $val = str_replace(">", ">", $val); $val = str_replace("<", "<", $val); $val = str_replace('"', """, $val); $val = str_replace("\n", "<br />", $val); $val = str_replace("$", "$", $val); $val = str_replace("!", "!", $val); $val = str_replace("'", "'", $val); $val = str_replace("\\", "\", $val); return $val; } function encryptedPassword($password, $members_pass_salt) { /* New password style introduced in 4.0 using Blowfish */ if (mb_strlen($members_pass_salt) === 22) { return crypt($password, '$2a$13$' . $members_pass_salt); } else { return md5(md5($members_pass_salt) . md5(legacyEscape($password))); } } /* 数据库记录 $2a$13$f6PSetImYzzQmefpC6oKx.Th3VvrER2DzeDicz1CWy/oQ6wDjjbuq 计算结果 $2a$13$f6PSetImYzzQmefpC6oKx.Th3VvrER2DzeDicz1CWy/oQ6wDjjbuq */ $r = encryptedPassword($userPassword, $members_pass_salt); var_dump($r); 整理之后: <?php namespace IPSWP; /** * @Author: suifengtec * @Date: 2017-12-04 00:20:20 * @Last Modified by: suifengtec * @Last Modified time: 2017-12-04 00:30:28 **/ /** * IPB 4.X 以及更老版本的用户密码加密算法 */ class IPSWP_UserPwd { private $user; private $password; public function __construct($user, $password = '') { $this->user = $user; $this->password = $password; } /** * 用户输入的密码是否正确 * @return boolean [description] */ public function isValidPassword() { return $this->getUserPwdHash($this->password) == $this->user->members_pass_hash; } /** * 获取用户输入密码的 hash * @return [type] [description] */ public function getUserPwdHash() { if (mb_strlen($this->user->members_pass_salt) === 22) { return crypt($this->password, '$2a$13$' . $this->user->members_pass_salt); } else { return md5(md5($this->user->members_pass_salt) . md5(self::legacyEscape($this->password))); } } /** * 向后兼容的助手方法 * @param [type] $val [description] * @return [type] [description] */ public static function legacyEscape($val) { $val = str_replace("&", "&", $val); $val = str_replace("<!--", "<!--", $val); $val = str_replace("-->", "-->", $val); $val = str_ireplace("<script", "<script", $val); $val = str_replace(">", ">", $val); $val = str_replace("<", "<", $val); $val = str_replace('"', """, $val); $val = str_replace("\n", "<br />", $val); $val = str_replace("$", "$", $val); $val = str_replace("!", "!", $val); $val = str_replace("'", "'", $val); $val = str_replace("\\", "\", $val); return $val; } } /*模拟用户输入的 plainText 格式的密码*/ $pwd = 'ips2ips2'; /*模拟数据库记录中的一条用户数据的一部分*/ $user = new stdClass; $user->members_pass_salt = 'f6PSetImYzzQmefpC6oKxN'; $user->members_pass_hash = '$2a$13$f6PSetImYzzQmefpC6oKx.Th3VvrER2DzeDicz1CWy/oQ6wDjjbuq'; $a = new IPSWP_UserPwd($user, $pwd); /*用户输入的密码 hash后的字符串*/ $hashedPlainPwd = $a->getUserPwdHash(); /*用户密码是否输入正确*/ $isValidPassword = $a->isValidPassword(); /*调试:输出结果*/ var_dump($hashedPlainPwd); var_dump($isValidPassword);
×