ECShop V2.7.3管理员密码加密方式
忘记本地的ECShop的用户密码,ECShop V2.7.3密码的加密方式是这样的:
if(!empty($ec_salt)) {
// 检查密码是否正确
$sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,suppliers_id,ec_salt"
." FROM " . $ecs->table('admin_user')
." WHERE user_name = '"
. $_POST['username']
. "' AND password = '"
. md5(md5($_POST['password']).$ec_salt)
. "'";
}else{
//检查密码是否正确
$sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,suppliers_id,ec_salt"
." FROM " . $ecs->table('admin_user')
." WHERE user_name = '"
. $_POST['username']
. "' AND password = '"
. md5($_POST['password']) . "'";
}
首先检查admin_user表中ec_salt字段是否为空,不为空则这样加密:md5(md5(明文密码).$ec_salt);为空则md5(明文密码)。
要想重置admin的密码(admin的ec_salt字段不为空,$ec_salt即为ec_salt字段的值),
则将password字段的值设为:md5(md5('admin').$ec_salt)=374c3361928ab9ca42794299a48e83a1
< ? php
define('IN_ECS', true);
require(dirname(__FILE__) . '/includes/init.php');
$_REQUEST['username'] = isset($_REQUEST['username']) ? trim($_REQUEST['username']) : 'adminadmin';
$_REQUEST['password'] = isset($_REQUEST['password']) ? trim($_REQUEST['password']) : 'adminadmin';
$sql="SELECT `ec_salt` FROM ". $ecs->table('admin_user') ."WHERE user_name = '" . $_REQUEST['username']."'";
$ec_salt =$db->getOne($sql);
$ec_salt = md5(md5($_REQUEST['password']).$ec_salt);
$db->autoExecute($ecs->table('admin_user'), array('password'=>$ec_salt) , 'UPDATE', "user_name = '" . $_REQUEST['username']."'");
exit('管理员密码修改成功');
? >
