Discuz 手動 修改管理員密碼

 

Discuz 用戶的密碼，加密密碼存儲在pre_ucenter_members  , 驗證密碼公式：  uc 用戶表中的password == md5(md5(用戶明文密碼). uc用戶表中密鑰salt)

因此更新用戶密碼能夠這樣：

$uid = 1;
$password = 'xxxxxx;
$salt = $mysql->resultOne("SELECT salt FROM {$tablepre}ucenter_members WHERE uid=$uid");
$password = md5(md5($password). $salt);
$result = $mysql->query("UPDATE {$tablepre}ucenter_members SET password='$password' where uid='$uid'");
var_dump($result);

 

Uc_server 創始人加密密碼和密鑰是存儲在配置文件uc_server/data/config.inc.php中的。

define('UC_FOUNDERPW', '245386430f4ab01e8478cbf7b9xxxxxc');
define('UC_FOUNDERSALT', 'ssx773');

看看這句就很明瞭了

UC_FOUNDERPW == md5(md5($oldpw).UC_FOUNDERSALT)

 

uc_server/control/admin/admin.php   function onls 更多

if(UC_FOUNDERPW == md5(md5($oldpw).UC_FOUNDERSALT)) {
                $configfile = UC_ROOT.'./data/config.inc.php';
                if(!is_writable($configfile)) {
                    $status = -4;
                } else {
                    if($newpw != $newpw2) {
                        $status = -6;
                    } else {
                        $config = file_get_contents($configfile);
                        $salt = substr(uniqid(rand()), 0, 6);
                        $md5newpw = md5(md5($newpw).$salt);
                        $config = preg_replace("/define\('UC_FOUNDERSALT',\s*'.*?'\);/i", "define('UC_FOUNDERSALT', '$salt');", $config);
                        $config = preg_replace("/define\('UC_FOUNDERPW',\s*'.*?'\);/i", "define('UC_FOUNDERPW', '$md5newpw');", $config);
                        $fp = @fopen($configfile, 'w');
                        @fwrite($fp, $config);
                        @fclose($fp);
                        $status = 2;
                        $this->writelog('admin_pw_edit');
                    }
                }
            }