google中搜索无数中文网页,未找到任何有用的内容.无奈,English之.终于找到一点线索,说是密码的加密方式是includes/functions.php中的phpbb_hash(),研究此方式数日,无法与自己的项目良好的结合,后查阅
phpBB3 Sourcecode Documentation
看到注释里写着(functions.php中也有,只是没引起注意.罪过,罪过.):phpbb_hash (line 285)
version:
Version 0.1 / slightly modified for phpBB 3.0.x (using $H$ as hash type identifier)
Portable PHP password hashing framework.
Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in the public domain.
There's absolutely no warranty.
The homepage URL for this framework is:
http://www.openwall.com/phpass/
Please be sure to update the Version line if you edit this file in any way. It is suggested that you leave the main version number intact, but indicate your project name (after the slash) and add your own revision information.
Please do not change the "private" password hashing method implemented in here, thereby making your hashes incompatible. However, if you must, please change the hash type identifier (the "$P$") to something different.
Obviously, since this code is in the public domain, the above are not requirements (there can be none), but merely suggestions.
这里提到了
The homepage URL for this framework is:
http://www.openwall.com/phpass/
上去一看,子啊!我这么折腾干什么啊.
下载phpass 0.1回来,修改一下,把$P$改成$H$.
在程序里调用的时候,要先去数据库里查出用户名对应的user_password,这是个hash过的值.
再用phpass 0.1 中的CheckPassword($correct, $hash)验证,返回值是boolean类型.
下面是个小例子:
- require "PasswordHash.php";
- // 先从数据库里查询用户名对应的user_password,这个值已经是hash过的.
- // 假设存为 $pwdhash.
- $pwdhash = '你查来的user_password';
- $t_hasher = new PasswordHash(8, FALSE);
- // $_POST['password']是从表单传来的密码明文.
- $result = $t_hasher->CheckPassword($_POST['password'], $pwdhash);
- if ($result) {
- echo '密码正确';
- }else{
- echo '密码不正确';
- }
现在,可以使用phpbb3的users表了.
扫一扫
944
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
