PHPBB3的用户密码

来源：互联网发布：软件著作权简历编辑：程序博客网时间：2024/04/29 15:45

google中搜索无数中文网页,未找到任何有用的内容.无奈,English之.终于找到一点线索,说是密码的加密方式是includes/functions.php中的phpbb_hash(),研究此方式数日,无法与自己的项目良好的结合,后查阅

phpBB3 Sourcecode Documentation

看到注释里写着(functions.php中也有,只是没引起注意.罪过,罪过.):

phpbb_hash (line 285)
version:

Version 0.1 / slightly modified for phpBB 3.0.x (using $H$ as hash type identifier)

Portable PHP password hashing framework.

Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in the public domain.

There's absolutely no warranty.

The homepage URL for this framework is:

http://www.openwall.com/phpass/

Pleasebe sure to update the Version line if you edit this file in any way. Itis suggested that you leave the main version number intact, butindicate your project name (after the slash) and add your own revisioninformation.

Please do not change the "private" password hashingmethod implemented in here, thereby making your hashes incompatible.However, if you must, please change the hash type identifier (the"$P$") to something different.

Obviously, since this code is in the public domain, the above are not requirements (there can be none), but merely suggestions.

这里提到了

The homepage URL for this framework is:

http://www.openwall.com/phpass/

上去一看,子啊!我这么折腾干什么啊.

下载phpass 0.1回来,修改一下,把$P$改成$H$.

在程序里调用的时候,要先去数据库里查出用户名对应的user_password,这是个hash过的值.

再用phpass 0.1 中的CheckPassword($correct, $hash)验证,返回值是boolean类型.

下面是个小例子:

require "PasswordHash.php";

// 先从数据库里查询用户名对应的user_password,这个值已经是hash过的.
// 假设存为 $pwdhash.
$pwdhash = '你查来的user_password';

$t_hasher = new PasswordHash(8, FALSE);

// $_POST['password']是从表单传来的密码明文.
$result = $t_hasher->CheckPassword($_POST['password'], $pwdhash);

if ($result) {
    echo '密码正确';
}else{
    echo '密码不正确';
}

phpass 0.1 的HashPassword($password) 方法可以返回hash后的值.

现在,可以使用phpbb3的users表了.