Jump to content
IPS Community Suite 简体中文
Sign in to follow this  
ipscn

IPS 中的用户密码算法

Recommended Posts

本帖记录 IPS Community Suite 4.2.x 以及之前版本通用的用户密码算法。

 

<?php
 $userPassword = 'ips2ips2';
$members_pass_salt = 'f6PSetImYzzQmefpC6oKxN';
/*require_once __DIR__ . DIRECTORY_SEPARATOR . '../wp-load.php';
 */

function legacyEscape($val) {
	$val = str_replace("&", "&", $val);
	$val = str_replace("<!--", "<!--", $val);
	$val = str_replace("-->", "-->", $val);
	$val = str_ireplace("<script", "<script", $val);
	$val = str_replace(">", ">", $val);
	$val = str_replace("<", "<", $val);
	$val = str_replace('"', """, $val);
	$val = str_replace("\n", "<br />", $val);
	$val = str_replace("$", "$", $val);
	$val = str_replace("!", "!", $val);
	$val = str_replace("'", "'", $val);
	$val = str_replace("\\", "\", $val);

	return $val;
}
function encryptedPassword($password, $members_pass_salt) {
	/* New password style introduced in 4.0 using Blowfish */
	if (mb_strlen($members_pass_salt) === 22) {
		return crypt($password, '$2a$13$' . $members_pass_salt);
	}
	else {

		return md5(md5($members_pass_salt) . md5(legacyEscape($password)));
	}
}

/*
数据库记录

$2a$13$f6PSetImYzzQmefpC6oKx.Th3VvrER2DzeDicz1CWy/oQ6wDjjbuq

计算结果
$2a$13$f6PSetImYzzQmefpC6oKx.Th3VvrER2DzeDicz1CWy/oQ6wDjjbuq
 */
$r = encryptedPassword($userPassword, $members_pass_salt);
var_dump($r);

 

整理之后:

<?php

namespace IPSWP;
/**
 * @Author: suifengtec
 * @Date:   2017-12-04 00:20:20
 * @Last Modified by:   suifengtec
 * @Last Modified time: 2017-12-04 00:30:28
 **/
/**
 * IPB 4.X 以及更老版本的用户密码加密算法
 */
class IPSWP_UserPwd {

	private $user;
	private $password;
	public function __construct($user, $password = '') {
		$this->user = $user;
		$this->password = $password;
	}
	/**
	 * 用户输入的密码是否正确
	 * @return boolean [description]
	 */
	public function isValidPassword() {

		return $this->getUserPwdHash($this->password) == $this->user->members_pass_hash;
	}

	/**
	 * 获取用户输入密码的 hash
	 * @return [type] [description]
	 */
	public function getUserPwdHash() {

		if (mb_strlen($this->user->members_pass_salt) === 22) {
			return crypt($this->password, '$2a$13$' . $this->user->members_pass_salt);
		} else {

			return md5(md5($this->user->members_pass_salt) . md5(self::legacyEscape($this->password)));
		}
	}

	/**
	 * 向后兼容的助手方法
	 * @param  [type] $val [description]
	 * @return [type]      [description]
	 */
	public static function legacyEscape($val) {
		$val = str_replace("&", "&", $val);
		$val = str_replace("<!--", "<!--", $val);
		$val = str_replace("-->", "-->", $val);
		$val = str_ireplace("<script", "<script", $val);
		$val = str_replace(">", ">", $val);
		$val = str_replace("<", "<", $val);
		$val = str_replace('"', """, $val);
		$val = str_replace("\n", "<br />", $val);
		$val = str_replace("$", "$", $val);
		$val = str_replace("!", "!", $val);
		$val = str_replace("'", "'", $val);
		$val = str_replace("\\", "\", $val);

		return $val;
	}
}

/*模拟用户输入的 plainText 格式的密码*/
$pwd = 'ips2ips2';

/*模拟数据库记录中的一条用户数据的一部分*/
$user = new stdClass;
$user->members_pass_salt = 'f6PSetImYzzQmefpC6oKxN';
$user->members_pass_hash = '$2a$13$f6PSetImYzzQmefpC6oKx.Th3VvrER2DzeDicz1CWy/oQ6wDjjbuq';

$a = new IPSWP_UserPwd($user, $pwd);

/*用户输入的密码 hash后的字符串*/
$hashedPlainPwd = $a->getUserPwdHash();
/*用户密码是否输入正确*/
$isValidPassword = $a->isValidPassword();
/*调试:输出结果*/
var_dump($hashedPlainPwd);
var_dump($isValidPassword);

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×