I currently use phpBB to authenticate users to pages outside of their bulletin board system. I have found that I really do not need the phpbb forums any longer and would like to totally gut phpbb and replace it with a new authentication system (maybe write my own).

我目前使用phpBB来验证用户在公告板系统之外的页面。我发现我真的不再需要phpbb论坛了,并希望完全消除phpbb并用新的身份验证系统替换它(也许我自己编写)。

After doing some research, I have found that phpbb no longer md5 hashes their passwords and now does some type of custom hashing algorithm. My question is two fold:

经过一些研究,我发现phpbb不再是md5哈希密码,现在做了某种类型的自定义哈希算法。我的问题有两个:

  1. What is the best way to extract passwords (10,000+ users) from the phpbb databases for import in to a new system that can read the existing passwords. If this is not possible what is the best way to go about having users authenticate?

    从phpbb数据库中提取密码(10,000多个用户)以导入到可以读取现有密码的新系统的最佳方法是什么?如果这不可能,那么用户进行身份验证的最佳方法是什么?

  2. Is there a good php authentication system that I should be using or should I just write my own? My only two requirements are Facebook connect and being able to use my existing username and password list. I have read this tutorial which appears pretty intuitive http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL

    我应该使用一个好的php身份验证系统,还是应该自己编写?我唯一的两个要求是Facebook连接,并能够使用我现有的用户名和密码列表。我已经阅读了这个看起来非常直观的教程http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL

Thanks in advance!

提前致谢!

1 个解决方案

#1

0

One. PHPBB stores an encryption "salt" that is used to hash the passwords, find the salt and you can use it in your new app, or use it to loop through your passwords and create new passwords using a different encryption when you write your own system if you like.

一。 PHPBB存储加密“salt”,用于散列密码,查找salt并在新应用程序中使用它,或者使用它来循环密码并在编写自己的系统时使用不同的加密创建新密码如果你喜欢。

You can see how the salt is created and checked in the phpbbHash.php file.

您可以在phpbbHash.php文件中查看如何创建和检查salt。

Two. If you don't fancy using a PHP framework to take care of all this for you, then yes maybe write your own - The tutorial you listed is quite good.. loads on Google.. this one is quite a good ACL focused tutorial.

二。如果您不喜欢使用PHP框架来处理所有这些问题,那么可以自己编写 - 您列出的教程相当不错..加载到谷歌上......这是一个非常好的ACL专注教程。

更多相关文章

  1. PHP实现简单的学生信息管理系统(web版)
  2. 写给系统管理员的 25 个 PHP 安全实践
  3. 整理一些Thinkphp开发的实用的一些系统源码
  4. PHP168整站系统山寨版闪亮登场
  5. 基于PHP会话的登录系统出现问题
  6. MySQL+PHP配置 Windows系统IIS版(转)
  7. PHP万能密码登陆
  8. 从mysql中选择加密密码
  9. 具有线程/回复的私人消息系统

随机推荐

  1. c语言字符常量的合法表示形式是什么
  2. c语言规定,函数返回值的类型是由什么决定
  3. unsigned int几个字节
  4. c语言如何读取txt文件内容?
  5. c语言常量的正确表示方法有哪些
  6. c语言static关键字的作用是什么
  7. .net framework有什么用
  8. c语言求平方函数是什么
  9. c语言简单心形代码
  10. c语言文件打开方式有哪些