magento后台登录过程

 堆栈如下：
Mage_Admin_Model_User->authenticate() called at [E:\src\phpsource\magento\public_html\app\code\core\Mage\Admin\Model\User.php:381]
#1  Mage_Admin_Model_User->login() called at [E:\src\phpsource\magento\public_html\app\code\core\Mage\Admin\Model\Session.php:91]
#2  Mage_Admin_Model_Session->login() called at [E:\src\phpsource\magento\public_html\app\code\core\Mage\Admin\Model\Observer.php:69]
#3  Mage_Admin_Model_Observer->actionPreDispatchAdmin() called at [E:\src\phpsource\magento\public_html\app\code\core\Mage\Core\Model\App.php:1338]
#4  Mage_Core_Model_App->_callObserverMethod() called at [E:\src\phpsource\magento\public_html\app\code\core\Mage\Core\Model\App.php:1317]
#5  Mage_Core_Model_App->dispatchEvent() called at [E:\src\phpsource\magento\public_html\app\Mage.php:448]
#6  Mage::dispatchEvent() called at [E:\src\phpsource\magento\public_html\app\code\core\Mage\Core\Controller\Varien\Action.php:527]
#7  Mage_Core_Controller_Varien_Action->preDispatch() called at [E:\src\phpsource\magento\public_html\app\code\core\Mage\Adminhtml\Controller\Action.php:160]
#8  Mage_Adminhtml_Controller_Action->preDispatch() called at [E:\src\phpsource\magento\public_html\app\code\core\Mage\Core\Controller\Varien\Action.php:407]
#9  Mage_Core_Controller_Varien_Action->dispatch(index) called at [E:\src\phpsource\magento\public_html\app\code\core\Mage\Core\Controller\Varien\Router\Standard.php:250]
#10 Mage_Core_Controller_Varien_Router_Standard->match() called at [E:\src\phpsource\magento\public_html\app\code\core\Mage\Core\Controller\Varien\Front.php:172]
#11 Mage_Core_Controller_Varien_Front->dispatch() called at [E:\src\phpsource\magento\public_html\app\code\core\Mage\Core\Model\App.php:354]
#12 Mage_Core_Model_App->run() called at [E:\src\phpsource\magento\public_html\app\Mage.php:684]
#13 Mage::run(, store) called at [E:\src\phpsource\magento\public_html\index.php:85]

检查密码的函数为Mage_Admin_Model_User->authenticate,关键代码如下：
if ($sensitive && $this->getId() && Mage::helper('core')->validateHash($password, $this->getPassword())) {
Mage::helper('core')返回的是类Mage_Core_Helper_Data，看下其validateHash函数：
 public function validateHash($password, $hash)
    {
        return $this->getEncryptor()->validateHash($password, $hash);
    }

再看下getEncryptor函数
 $encryptionModel = (string)Mage::getConfig()->getNode(self::XML_PATH_ENCRYPTION_MODEL);
            if ($encryptionModel) {
                $this->_encryptor = new $encryptionModel;
            } else {
                $this->_encryptor = Mage::getModel('core/encryption');
            }
而getEncryptor是根据配置global/helpers/core/encryption_model来取的，没有定义，则取的是Mage_Core_Model_Encryption类，这里magento所有可能自己实现的地方都通过配置来实现了，方便是方便了，看代码起来，有点麻烦；

看下默认的实现Mage_Core_Model_Encryption::validateHash函数：
public function validateHash($password, $hash)
    {
        $hashArr = explode(':', $hash);
        switch (count($hashArr)) {
            case 1:
                return $this->hash($password) === $hash;
            case 2:
                return $this->hash($hashArr[1] . $password) === $hashArr[0];
        }
        Mage::throwException('Invalid hash.');
    }
其中$this->hash就是md5；

明白了吗，密码分两部分，用:分隔，:后的文本连接明文密码作md5等于:前的文本就ok了；

如果我们要将密码设置为123456，则需将数据库中admin_user表的password表设置为
d690cf27ffd5bd839900f48864055f5a:oB5rua9Pvwvcb9Jxm4C0dSydf7VFLJnW