减小字体
增大字体- ·上一篇文章:如何在调用线程的时候传递参数
- ·下一篇文章:为Serv-U提供在线修改密码功能(1)
为Serv-U提供在线修改密码功能(2)
用户密码的加密方法可以在Ser-U官方网站的知识库查到
http://rhinosoft.com/KBArticle.asp?RefNo=1177&prod=su
Manually Entering Encrypted Passwords into the ServUDaemon.ini File
To generate an encrypted password, first two random characters (the 'salt' - in the range a..z, A..Z) are added to the beginning of the clear-text password. This is then hashed using MD5 and the resulting hash is hex-encoded. The result of this is written as plain-text starting with the 2 salt characters followed by the hex-encoded hash.
For a user account in the .ini file, this will look like:
Password=cb644FB1F31184F8D3D169B54B3D46AB1A
The salt is the string "cb", the MD5 hash is "644FB1F31184F8D3D169B54B3D46AB1A".
When verifying a user's password, Serv-U will do the same. It parses the salt from the user's stored password (ie. "cb" in this case), prepends it the password the user sent to it by the client, MD5 hashes it, and compares the result with the stored hash. If the values are equal, then the entered password is correct.
加密的方法也就是随机生成两个字母,然后将字母和密码进行拼接,再求它们的MD5值,最后将随机字母放在MD5值的前面便是加密后的密码。
接下来就可以根据以上的分析编写程序来实现在线修改了。
1 /**//// <summary>
2 /// 获取指定字符串的MD5值
3 /// </summary>
4 /// <param name="strContent"></param>
5 /// <returns></returns>
6 public String MD5( String strContent )
7 {
8 System.Security.Cryptography.MD5 md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
9 byte[] bytes = System.Text.Encoding.UTF8.GetBytes( strContent );
10 bytes = md5.ComputeHash( bytes );
11 md5.Clear();
12 string ret = "";
13 for(int i=0 ; i<bytes.Length ; i++)
14 {
15 ret += Convert.ToString(bytes[i],16).PadLeft(2,'0');
16 }
17 return ret.PadLeft(32,'0').ToUpper();
18 }
19
20
21 /**//// <summary>
22 /// 生成随便字符串,字符串长度为2
23 /// </summary>
24 /// <returns></returns>
25 public string GetRandomString()
26 {
27 string strReturn = "";
28 Random ran = new Random();
29 strReturn += Convert.ToChar( ran.Next( 26 ) + 'a' ).ToString();
30 strReturn += Convert.ToChar( ran.Next( 26 ) + 'a' ).ToString();
31 return strReturn;
32 }
33
34 //由指定的随机字母和登录密码生成加密后的密码
35 public string CreateCryPassword( string strFrontChars, string strPassword )
36 {
37 return strFrontChars + MD5( strFrontChars + strPassword ).ToUpper().Trim();
38 }
39
40 /**//// <summary>
41 /// “修改密码”的点击事件,在此事件中对密码进行修改
42 /// </summary>
43 /// <param name="sender"></param>
44 /// <param name="e"></param>
45 private void btnModifyPwd_Click(object sender, System.EventArgs e)
46 {
47 string strUserID = txtLoginID.Text;
48 if( strUserID == String.Empty )
49 {
50 controlMessage.InnerHtml = "用户名不能为空";
51 return;
52 }
53
54 //判断两次密码输入是否相同
55 if( txtNewPassword.Text != txtConfirmPassword.Text )
56 {
57 controlMessage.InnerHtml = "两次输入的密码不一致,请重新输入";
58 return;
59 }
60
61 IniFile ini = new IniFile( _strServUDaemonPath );
62 string strSectionValue = "USER=" + strUserID.Trim() + "|1";
63
64 //通过读取指定用户的HomeDir来确定是否存在该用户
65 if( ini.ReadString( strSectionValue, "HomeDir", "" ) == "" )
66 {
67 controlMessage.InnerHtml = "指定的用户不存在";
68 return;
69 }
70
71 //开始判断密码是否正确
72 string strPassword = ini.ReadString( strSectionValue, "Password", "" );
73
74 string strPasswordFrontTwoChars;
75 bool bPasswordRight = false;
76 if( strPassword.Length > 2 )
77 {
78 //读取密码中包含的随机字母
79 strPasswordFrontTwoChars = strPassword.Substring( 0, 2 );
80 if( CreateCryPassword( strPasswordFrontTwoChars, txtOldPassword.Text ) == strPassword )
81 {//密码符合
82 bPasswordRight = true;
83 }
84 else
85 {//密码不符
86 bPasswordRight = false;
87 }
88 }
89 else if( strPassword == txtOldPassword.Text ) //原密码为空
90 {
91 bPasswordRight = true;
92 }
93 else
94 {
95 bPasswordRight = false;
96 }
97
98 if( bPasswordRight )
99 {
100 //密码正确,写入新的密码,并设置自动加载新的设置,以便下一次更改时仍有效
101 ini.WriteString( strSectionValue, "
http://rhinosoft.com/KBArticle.asp?RefNo=1177&prod=su
Manually Entering Encrypted Passwords into the ServUDaemon.ini File
To generate an encrypted password, first two random characters (the 'salt' - in the range a..z, A..Z) are added to the beginning of the clear-text password. This is then hashed using MD5 and the resulting hash is hex-encoded. The result of this is written as plain-text starting with the 2 salt characters followed by the hex-encoded hash.
For a user account in the .ini file, this will look like:
Password=cb644FB1F31184F8D3D169B54B3D46AB1A
The salt is the string "cb", the MD5 hash is "644FB1F31184F8D3D169B54B3D46AB1A".
When verifying a user's password, Serv-U will do the same. It parses the salt from the user's stored password (ie. "cb" in this case), prepends it the password the user sent to it by the client, MD5 hashes it, and compares the result with the stored hash. If the values are equal, then the entered password is correct.
加密的方法也就是随机生成两个字母,然后将字母和密码进行拼接,再求它们的MD5值,最后将随机字母放在MD5值的前面便是加密后的密码。
接下来就可以根据以上的分析编写程序来实现在线修改了。
1 /**//// <summary>
2 /// 获取指定字符串的MD5值
3 /// </summary>
4 /// <param name="strContent"></param>
5 /// <returns></returns>
6 public String MD5( String strContent )
7 {
8 System.Security.Cryptography.MD5 md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
9 byte[] bytes = System.Text.Encoding.UTF8.GetBytes( strContent );
10 bytes = md5.ComputeHash( bytes );
11 md5.Clear();
12 string ret = "";
13 for(int i=0 ; i<bytes.Length ; i++)
14 {
15 ret += Convert.ToString(bytes[i],16).PadLeft(2,'0');
16 }
17 return ret.PadLeft(32,'0').ToUpper();
18 }
19
20
21 /**//// <summary>
22 /// 生成随便字符串,字符串长度为2
23 /// </summary>
24 /// <returns></returns>
25 public string GetRandomString()
26 {
27 string strReturn = "";
28 Random ran = new Random();
29 strReturn += Convert.ToChar( ran.Next( 26 ) + 'a' ).ToString();
30 strReturn += Convert.ToChar( ran.Next( 26 ) + 'a' ).ToString();
31 return strReturn;
32 }
33
34 //由指定的随机字母和登录密码生成加密后的密码
35 public string CreateCryPassword( string strFrontChars, string strPassword )
36 {
37 return strFrontChars + MD5( strFrontChars + strPassword ).ToUpper().Trim();
38 }
39
40 /**//// <summary>
41 /// “修改密码”的点击事件,在此事件中对密码进行修改
42 /// </summary>
43 /// <param name="sender"></param>
44 /// <param name="e"></param>
45 private void btnModifyPwd_Click(object sender, System.EventArgs e)
46 {
47 string strUserID = txtLoginID.Text;
48 if( strUserID == String.Empty )
49 {
50 controlMessage.InnerHtml = "用户名不能为空";
51 return;
52 }
53
54 //判断两次密码输入是否相同
55 if( txtNewPassword.Text != txtConfirmPassword.Text )
56 {
57 controlMessage.InnerHtml = "两次输入的密码不一致,请重新输入";
58 return;
59 }
60
61 IniFile ini = new IniFile( _strServUDaemonPath );
62 string strSectionValue = "USER=" + strUserID.Trim() + "|1";
63
64 //通过读取指定用户的HomeDir来确定是否存在该用户
65 if( ini.ReadString( strSectionValue, "HomeDir", "" ) == "" )
66 {
67 controlMessage.InnerHtml = "指定的用户不存在";
68 return;
69 }
70
71 //开始判断密码是否正确
72 string strPassword = ini.ReadString( strSectionValue, "Password", "" );
73
74 string strPasswordFrontTwoChars;
75 bool bPasswordRight = false;
76 if( strPassword.Length > 2 )
77 {
78 //读取密码中包含的随机字母
79 strPasswordFrontTwoChars = strPassword.Substring( 0, 2 );
80 if( CreateCryPassword( strPasswordFrontTwoChars, txtOldPassword.Text ) == strPassword )
81 {//密码符合
82 bPasswordRight = true;
83 }
84 else
85 {//密码不符
86 bPasswordRight = false;
87 }
88 }
89 else if( strPassword == txtOldPassword.Text ) //原密码为空
90 {
91 bPasswordRight = true;
92 }
93 else
94 {
95 bPasswordRight = false;
96 }
97
98 if( bPasswordRight )
99 {
100 //密码正确,写入新的密码,并设置自动加载新的设置,以便下一次更改时仍有效
101 ini.WriteString( strSectionValue, "