How to safely encrypt 1700 unecrypted passwords?

Forum Moderators: coopster

Message Too Old, No Replies

How to safely encrypt 1700 unecrypted passwords?

ajs83

5:11 am on Aug 9, 2005 (gmt 0)

I use a standard site script and the creator chose not to encrypt the passwords. At the time I did not know much about it so I left things as is and did not worry about it.

Now I know substantially more and want to switch it over to a custom script I wrote, but was wondering since I cant test each of the 1700 accounts, what's the best way to convert the passwords from plain text to md5 encryption?

chrisjoha

6:28 am on Aug 9, 2005 (gmt 0)

You could simply use the md5() function. I'm not sure what you're really asking. Do you have all the passwords in a file? Stored in a db? You can do something like this:


$q = "select * from users"; 
$r = mysql_query($q); while ($row = mysql_fetch_assoc($r)) { 
   $q = "update users set password = '" . md5($row['password']) . "' where userid ='$userid'"; 
}

If you store the passwords in a file it depends alot on how you store them (ie one on each line, comma separated aso)

ajs83

6:42 am on Aug 9, 2005 (gmt 0)

The passwords are a database entry, but it is stored as text.

grandpa

6:52 am on Aug 9, 2005 (gmt 0)

Create a copy of the existing database and run your testing there. The last thing you want is 1700 users who can't access their account.

Then, the code that chrisjoha showed you should work.

mcibor

11:17 am on Aug 9, 2005 (gmt 0)

Tis will work without modifications

$q = "select id, password from users";
$r = mysql_query($q);
while ($row = mysql_fetch_assoc($r)) {
$q = "update users set password = '" . md5($row['password']) . "' where userid ='" . $row['id'] . "'";
$r2 = mysql_query($q);
}

Best regards
Michal Cibor

PS.THere still will be some time when users won't be able to login: between db change and script change.(You need to modify your validation script to if(md5($_POST["password"]) == $db_password)...