在ecshop注册过程中,加密方式是对变的,而不是简单的md5加密.可以看到,当整合了uc之后,他会去一个时间戳,和密码进行运算.
先看includes/modules/integrates/integrate.php中add_user()方法.里面有一段加密的代码
if ($md5password)
{
$post_password = $this->compile_password(array('md5password'=>$md5password));
}
else
{
$post_password = $this->compile_password(array('password'=>$password));
}
这里可能是md5加密,也可能是混合加密.
function compile_password ($cfg)
{
if (isset($cfg['password']))
{
$cfg['md5password'] = md5($cfg['password']);
}
if (empty($cfg['type']))
{
$cfg['type'] = PWD_MD5;
}
switch ($cfg['type'])
{
case PWD_MD5 :
return $cfg['md5password'];
case PWD_PRE_SALT :
if (empty($cfg['salt']))
{
$cfg['salt'] = '';
}
return md5($cfg['salt'] . $cfg['md5password']);
case PWD_SUF_SALT :
if (empty($cfg['salt']))
{
$cfg['salt'] = '';
}
return md5($cfg['md5password'] . $cfg['salt']);
default:
return '';
}
}
这里表明了,有可能会md5加密,也可能根据参数的不同,进行password加上密码戳字符串,进行加密.
如果整合了UC,那么加密其实更复杂,他是采用UC服务器端代码.中一个函数
function add_user($username, $password, $email, $uid = 0, $questionid = '', $answer = '') {
$salt = substr(uniqid(rand()), -6);
$password = md5(md5($password).$salt);
$sqladd = $uid ? "uid='".intval($uid)."'," : '';
$sqladd .= $questionid > 0 ? " secques='".$this->quescrypt($questionid, $answer)."'," : " secques='',";
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."members SET $sqladd username='$username', password='$password', email='$email', regip='".$this->base->onlineip."', regdate='".$this->base->time."', salt='$salt'");
$uid = $this->db->insert_id();
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."memberfields SET uid='$uid'");
return $uid;
}
他也有一个密码戳,但是他的密码戳是随即生成的。$salt = substr(uniqid(rand()), -6);
转载自:http://www.chinab4c.com/html/shangchengchengxu/ecshopchangjianwenti/2009/0813/134.html