Discuz!

admin · Posted on 4/1/2015 9:55:30 AM

Discover that Discuz forum encryption is multi-encryption.

(Encryption method of dz6.1: md5 (md5 (forum password), shell))

Share it now:

User Table: cdb_uc_members

field: uidusernamepasswordsalt

//==============

Database link omitted....

//=============

$user=$GET["user"];

$pass=$GET["pass"];

$result=mysql_query("select*fromcdb_memberswhereusername=’$user’");

@$salt=mysql_result($result,0,"salt");

$pas=md5($pass);

$pas=$pas.$salt;

$pas=md5($pas);
$result=mysql_query("select*fromcdb_memberswhereusername=’$user’andpassword=’$pas");

@$username=mysql_result($result,0,"username");
if($username!=’’){

echo"ok";

}else{

echo"no";

}

?>

To quote a cow:

Use the salt method to obtain a random string, then connect the plaintext password MD5, and then connect it with the random string, and then MD5 again. This greatly improves the safety factor.
Encryption password: md5(md5($newpw).$salt) $salt the string $hash returned as random
This greatly improves the security of user passwords

[Encryption and Decryption] Discuz!

Related Posts

Sections viewed