Dz的数据库表 pre_common_member
Uc的数据库表 pre_ucenter_members
Dz对用户的操作文件:./source/class/class_member.php
Uc对用户的操作文件:./uc_server/model/user.php
用户的注册
function add_user($username, $password, $email, $uid = 0, $questionid = '', $answer = '', $regip = '') {
$regip = empty($regip) ? $this->base->onlineip : $regip;
$salt = substr(uniqid(rand()), -6);
$password = md5(md5($password).$salt);
$sqladd = $uid ? "uid='".intval($uid)."'," : '';
$sqladd .= $questionid > 0 ? " secques='".$this->quescrypt($questionid, $answer)."'," : " secques='',";
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."members SET $sqladd username='$username', password='$password', email='$email', regip='$regip', regdate='".$this->base->time."', salt='$salt'");
$uid = $this->db->insert_id();
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."memberfields SET uid='$uid'");
return $uid;
}
$salt 一个比较重要的变量 但是他只存在于uc的用户表中 dz的用户表中没有它的存在
$salt=substr(uniqid(rand()),-6) 截取产生的随机数(后6位)
$password=md5(md5(password).$slat) 对密码进行2次md5的加密
然后插入数据库($salt的值也一起插入)
用户验证:
function get_user_by_username($username) {
$arr = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."members WHERE username='$username'");
return $arr;
}
先获取只存在于uc用户表中得$salt的值 用来加密密码 进行验证
function check_login($username, $password, &$user) {
$user = $this->get_user_by_username($username);
if(empty($user['username'])) {
return -1;
} elseif($user['password'] != md5(md5($password).$user['salt'])) {
return -2;
}
return $user['uid'];
}
根据$salt的值对密码进行对比 进行验证
dz的密码加密
function random($length) {
$hash = '';
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz';
$max = strlen($chars) - 1;
PHP_VERSION < '4.2.0' && mt_srand((double)microtime() * 1000000);
for($i = 0; $i < $length; $i++) {
$hash .= $chars[mt_rand(0, $max)];
}
return $hash;
}
$password='111111111';
$salt = substr(uniqid(rand()),-6);
$password_uc=md5(md5($password).$salt); //uc的密码
$password_dz=md5(random(10));//dz的密码