这个主站判断代码：
foreach($_GET as $key => $value) {
        $get[$key] = filter($value); //get variables are filtered.
}

if ($_POST['doLogin']=='Login')
{

foreach($_POST as $key => $value) {
        $data[$key] = filter($value); // post variables are filtered
}

$user_email = $data['usr_email'];
$pass = $data['pwd'];

if (strpos($user_email,'@') === false) {
    $user_cond = "user_name='$user_email'";
} else {
      $user_cond = "user_email='$user_email'";
   
}

       
$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE
           $user_cond
                        AND `banned` = '0'
                        ") or die (mysql_error());
$num = mysql_num_rows($result);

  // Match row found with more than 1 results  - the user is authenticated.
    if ( $num > 0 ) {
       
        list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);
       
        if(!$approved) {
        //$msg = urlencode("Account not activated. Please check your email for activation code");
        $err[] = "Account not activated. Please check your email for activation code";
       
        //header("Location: login.php?msg=$msg");
         //exit();
         }
         
                //check against salt
        if ($pwd === PwdHash($pass,substr($pwd,0,9))) {
为了清晰其间，我把输入部分也贴出来了，关键看最后一行代码，然后我在贴出关键函数PwdHash代码.
function PwdHash($pwd, $salt = null)
{
    if ($salt === null)     {
        $salt = substr(md5(uniqid(rand(), true)), 0, 9);
    }
    else     {
        $salt = substr($salt, 0, 9);
    }
    return $salt . sha1($pwd . $salt);
}

这是从数据库中取出来的值：be66daf0a2cf81179741bb67289861edcfca0abc3c040e4d1

请问怎么来逆这个函数。

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！