PHPBB3的用户密码


google中搜索无数中文网页,未找到任何有用的内容.无奈,English之.终于找到一点线索,说是密码的加密方式是includes/functions.php中的phpbb_hash(),研究此方式数日,无法与自己的项目良好的结合,后查阅

phpBB3 Sourcecode Documentation

看到注释里写着(functions.php中也有,只是没引起注意.罪过,罪过.):

phpbb_hash (line 285)
version:

Version 0.1 / slightly modified for phpBB 3.0.x (using $H$ as hash type identifier)

Portable PHP password hashing framework.

Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in the public domain.

There's absolutely no warranty.

The homepage URL for this framework is:

http://www.openwall.com/phpass/

Please be sure to update the Version line if you edit this file in any way. It is suggested that you leave the main version number intact, but indicate your project name (after the slash) and add your own revision information.

Please do not change the "private" password hashing method implemented in here, thereby making your hashes incompatible. However, if you must, please change the hash type identifier (the "$P$") to something different.

Obviously, since this code is in the public domain, the above are not requirements (there can be none), but merely suggestions.


这里提到了

The homepage URL for this framework is:

http://www.openwall.com/phpass/


上去一看,子啊!我这么折腾干什么啊.


下载phpass 0.1回来,修改一下,把$P$改成$H$.

在程序里调用的时候,要先去数据库里查出用户名对应的user_password,这是个hash过的值.

再用phpass 0.1 中的CheckPassword($correct, $hash)验证,返回值是boolean类型.


下面是个小例子:



  1. require "PasswordHash.php";

  2. // 先从数据库里查询用户名对应的user_password,这个值已经是hash过的.
  3. // 假设存为 $pwdhash.
  4. $pwdhash = '你查来的user_password';

  5. $t_hasher = new PasswordHash(8, FALSE);

  6. // $_POST['password']是从表单传来的密码明文.
  7. $result = $t_hasher->CheckPassword($_POST['password'], $pwdhash);

  8. if ($result) {
  9.     echo '密码正确';
  10. }else{
  11.     echo '密码不正确';
  12. }
phpass 0.1 的HashPassword($password) 方法可以返回hash后的值.


现在,可以使用phpbb3的users表了.



评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

HOOLOO

技术分享,回馈社会,建设祖国。

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值