This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Server configuration Principle of md5crypt encryption method of extmail (PHP implementation)
View: 13344|Reply: 1

[Mail] Principle of md5crypt encryption method of extmail (PHP implementation)

[Copy link]
Posted on 5/21/2015 8:05:33 AM | | |
The company recently used extmail+postfix as a mailing solution. In the existing OA system, employees must log in with their legal accounts when logging in to OA, but in this way, at least two independent accounts and passwords are required, which has a certain impact on work efficiency.

Therefore, we decided to modify the existing OA system login mechanism to use the same account and password information as extmail, which has the advantage that employees can use it to log in to the OA system as long as they remember the email password, which can significantly improve work efficiency.

After understanding, extmail uses mysql to save email account information, and the password of the mailbox table saves the encrypted password information, but extmail supports multiple encryption methods, for details, you can check the settings of the SYS_CRYPT_TYPE item in the file /var/www/extsuite/extman/webman.cf.

My system uses md5crypt encryption, and the password format is: $1$k0Q4EA49$XXXXXXXXXXXXXXXXXX.
If the original password is no longer recorded in the mailbox table, how can I verify that the user entered the password correctly?

After repeatedly checking the usage of crypt functions in the PHP manual, I found that crypt supports a variety of different hash encryption methods, please read the specific usage of crypt functions in the PHP manual in detail.

md5crypt has a salt, which is characterized by the fact that this salt is recorded in the encrypted ciphertext, that is, the $ symbol and the characters it contains, and the salt in the above encryption result is $1$k0Q4EA49$, so the PHP implementation of the encryption algorithm for the original password is 123456 and the salt is $1$k0Q4EA49$ as follows:

<?php
echo crypt('123456',  '$1$k0Q4EA49$' );

Output $1$k0Q4EA49$WcjktPPYOSyhI77n8BPPr.

Once we know this principle, we can integrate extmail's mailbox account information verification into any of our systems.

In addition, the encryption method of linux's /etc/shadow and grub's md5-crypt is exactly the same as the above principle, if you want to forcibly change the password of an account to 123456 without using other tools, you can set the second field of the corresponding account in the /etc/shadow file to $1$k0Q4EA49$WcjktPPYOSyhI77n8BPPr.




Previous:sql to Linq tool
Next:EXTMAIL admin password recovery

Related Posts
Posted on 9/10/2019 10:44:07 PM |
Brother Fei, brother
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com