Forgot the local ECShop admin password, so I took a look. ECShop V2.7.3 password encryption works like this:
if(!empty($ec_salt)) { /* 检查密码是否正确 */ $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,suppliers_id,ec_salt". " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5(md5($_POST['password']).$ec_salt) . "'"; } else { /* 检查密码是否正确 */ $sql = "SELECT user_id, user_name, password, last_login, action_list, last_login,suppliers_id,ec_salt". " FROM " . $ecs->table('admin_user') . " WHERE user_name = '" . $_POST['username']. "' AND password = '" . md5($_POST['password']) . "'"; }
It first checks whether the ec_salt field in the admin_user table is empty. If not empty, it encrypts like this: md5(md5(plaintext password).$ec_salt); if empty, it just uses md5(plaintext password).
For example, to reset the admin password (the ec_salt field for admin usually is not empty; $ec_salt is the value of the ec_salt field), set the password field value to: md5(md5('admin').$ec_salt)=374c3361928ab9ca42794299a48e83a1