分析ecshop密码的加密方式

2009-08-13 11:20 来源:www.chinab4c.com 作者:ecshop专家

    在ecshop注册过程中,加密方式是对变的,而不是简单的md5加密.可以看到,当整合了uc之后,他会去一个时间戳,和密码进行运算.

    先看includes/modules/integrates/integrate.php中add_user()方法.里面有一段加密的代码

    if ($md5password)
        {
            $post_password = $this->compile_password(array('md5password'=>$md5password));
        }
        else
        {
            $post_password = $this->compile_password(array('password'=>$password));
        }

       这里可能是md5加密,也可能是混合加密.

     看ecshop compile_password()函数.

     function compile_password ($cfg)
    {
       if (isset($cfg['password']))
       {
            $cfg['md5password'] = md5($cfg['password']);
       }
       if (empty($cfg['type']))
       {
            $cfg['type'] = PWD_MD5;
       }

       switch ($cfg['type'])
       {
           case PWD_MD5 :
               return $cfg['md5password'];

           case PWD_PRE_SALT :
               if (empty($cfg['salt']))
               {
                    $cfg['salt'] = '';
               }

               return md5($cfg['salt'] . $cfg['md5password']);

           case PWD_SUF_SALT :
               if (empty($cfg['salt']))
               {
                    $cfg['salt'] = '';
               }

               return md5($cfg['md5password'] . $cfg['salt']);

           default:
               return '';
       }
    }

     这里表明了,有可能会md5加密,也可能根据参数的不同,进行password加上密码戳字符串,进行加密.

    如果整合了UC,那么加密其实更复杂,他是采用UC服务器端代码.中一个函数

 function add_user($username, $password, $email, $uid = 0, $questionid = '', $answer = '') {
  $salt = substr(uniqid(rand()), -6);
  $password = md5(md5($password).$salt);
  $sqladd = $uid ? "uid='".intval($uid)."'," : '';
  $sqladd .= $questionid > 0 ? " secques='".$this->quescrypt($questionid, $answer)."'," : " secques='',";
  $this->db->query("INSERT INTO ".UC_DBTABLEPRE."members SET $sqladd username='$username', password='$password', email='$email', regip='".$this->base->onlineip."', regdate='".$this->base->time."', salt='$salt'");
  $uid = $this->db->insert_id();
  $this->db->query("INSERT INTO ".UC_DBTABLEPRE."memberfields SET uid='$uid'");
  return $uid;
 }  

    他也有一个密码戳,但是他的密码戳是随即生成的。$salt = substr(uniqid(rand()), -6);

  相关文章:

    ecshop2.7.0会员注册项设置的

    ecshop后台注册关闭开启设

    ecshop注册增加必填项

    来源:中国B4C电子商务