| Author |
 Topic Search  Topic Options
|
Aliceerickson 
Newbie
Joined: 08 February 2011
Status: Offline
Points: 8
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: mass password update
Posted: 25 February 2011 at 6:37pm |
|
I need to do a complete password reset on an installation that's running encrypted passwords. Has anybody done this? What I'm wanting to do is to reset all the passwords to the same thing and then notify the members that they need to update their passwords.
|
 |
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 25 February 2011 at 6:58pm |
If you change the password to the same password for all users then anyone could login as another users, view their profile, and get personal details on them.
If your users need a new password best to direct them to the forgotten password page.
|
|
|
|
Aliceerickson
Newbie
Joined: 08 February 2011
Status: Offline
Points: 8
|
Post Options
Thanks(0)
Quote Reply
Posted: 25 February 2011 at 7:34pm |
Not to be arguing the point here, and I certainly thank you for your speedy reply, but this case isn't a normal forum. I didn't go into a lot of details, but this is a closed forum for a small organization. The only people who will have access to it are the members of that organzation. I did an import of the members, but I missed the point that, lacking a password field in the import table, the forum system would create and encrypt a password. I'd rather not run the import again, if I can avoid it. The mass password update I'd like to do would only serve as a temporary password until the members can log in and change it. The people that I've added through the import lack both username AND password. I massaged the data to give each a unique unsername, but it's not always perfectly obvious what that username would be for a given person. I know I could have them sign up for themselves and dodge the whole issue, but I'd rather not open the forum to signups at all since it's going to be for members of the organization only.
And, on the subject of the forgotten password page, how do you get that to come up anyhow? I've very carefully entered that page name into my browser bar, and every time I get redirected to the forum home page. I can't even see what this looks like, so I can't see if I think it's going to work for this case at all - or if I can make it work for this case at all.
|
|
123Simples
Senior Member
Joined: 08 July 2007
Location: United Kingdom
Status: Offline
Points: 1192
|
Post Options
Thanks(0)
Quote Reply
Posted: 25 February 2011 at 7:51pm |
|
Would it not be far easier to (assuming you are the administrator of the forum) to edit each user, allocate a new password for each member, and then send them the details individually, or have I missed the whole point?
|
|
|
|
Aliceerickson
Newbie
Joined: 08 February 2011
Status: Offline
Points: 8
|
Post Options
Thanks(0)
Quote Reply
Posted: 25 February 2011 at 8:03pm |
No, I don't think it would be easier, actually. I can do that, and I probably will end up doing that, but it would certainly take longer than an updater script that would take a generic password, get a new salt, create the encrypted password and update each account password and salt (I pulled code out of the registration update page). I took a stab at that already on my localhost, and it looks like it should work, but I must be missing something since login doesn't work. I spent a half hour on that, which would have been faster had I gotten it to wor. That didn't happen, so I think now I just have to muscle on and reset them all manually.
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 February 2011 at 11:34am |
As you mention this is an usual circumstance so there is no automated way to do this.
The simplest way to do this is:-
1. Create a user giving them the password you want all user to have
2. Open the database in a database tool and locate the table tblAuthor
3. Open the tblAuthor table and fined the new member you created
4. Find the Password and Salt field for this new user. What you will need to do is to update all the Password and Salt fields for all your other members to match that of this new member
By creating this new user and than replicating the Password and Salt field to all the other members they would all end up with the same password.
|
|
|
|
Aliceerickson
Newbie
Joined: 08 February 2011
Status: Offline
Points: 8
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 February 2011 at 9:39pm |
The perfect 5 minute fix! Thank you so much. I don't know why I didn't think of doing that, but there I went. Chasing off and over-complicating things. I'm really enjoying working with your forum system, and I really appreciate your help in this. 
|
|
