Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Import Member Passwords from another system

My apologies in advance for having posted this previously elsewhere in response to a password recovery question. I post it here because it may be helpful as an example of a way to bring along unencrypted passwords when converting a database from another cms to PHP-Fusion.

I had a cms running off an Access database with about 300 registered members. Obviously, importing their user names and info was easy enough. I used Bullzip's access-to-mysql program to do most of it. (It is free but donations are encouraged.) The issue remained, however, that the user passwords had to be converted somehow to the PHP-Fusion encryption. I put this script together to handle it.

Using MyPHPadmin, I made a new field in fusion_users that is varchar and named user_password_OLD. I imported the old, unencrypted passwords to that field.

I used the number 4 as "salt" for user password and 5 as "salt" for admin password simply because that was easy. Use what you like. BACK UP your database before use. After use, delete this script. The script is also attached in a zip file. Be sure to go over it line by line before use.


CodeDownload  

<?php
/*convert_passwords.php
BACK UP your database before use.
create a new field in fusion_users that is varchar and named user_password_OLD
If importing users from another database, you can put their old password into that field
or you can put random word into it.
Credits: http://www.php-fusion.co.uk/forum/viewthread.php?thread_id=23171#post_137526 and
http://www.php-fusion.co.uk/forum/viewthread.php?thread_id=28271&pid=156200#post_156177
http://RawPHP.com - Lil Peck (ImproperUsername)
I used the number 4 as "salt" for user password and 5 as "salt" for admin password simply because that was easy. Use what you like.
*/

$con = mysql_connect("dbhost","dbuser","dbpass");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("dbname", $con);

//select which query line below suits your situation
//$result = mysql_query("SELECT * FROM `fusion_users`"); //affects everyone
$result = mysql_query("SELECT * FROM `fusion_users` where user_id >1"); //affects everyone but superadmin
while($row = mysql_fetch_array($result))
  {
    echo "pw: ".$row['user_name'] . "<br>";

  echo "pw: ".$row['user_password'] . "  salt: " . $row['user_salt'];
   echo "Old Pass: ".$row['user_password_OLD'];
    echo "<br />";
    echo 'New Password: '.hash_hmac('sha256', $row['user_password_OLD'], '4');//new user pass
   
$myresult = mysql_query("UPDATE fusion_users SET user_password='".hash_hmac('sha256', $row['user_password_OLD'], '4')."' WHERE `user_name`='".$row['user_name']."' AND user_id>'1' and NOT isnull(user_password_OLD)") or die(mysql_error()); 
$myxresult = mysql_query("UPDATE fusion_users SET user_salt='4' WHERE `user_name`='".$row['user_name']."' AND user_id>'1' and NOT isnull(user_password_OLD)") or die(mysql_error()); 

$myadminresult = mysql_query("UPDATE fusion_users SET user_admin_password='".hash_hmac('sha256', $row['user_password_OLD'], '5')."' WHERE `user_name`='".$row['user_name']."' AND user_id='1' and NOT isnull(user_password_OLD)") or die(mysql_error()); 
$myxadminresult = mysql_query("UPDATE fusion_users SET user_admin_salt='5' WHERE `user_name`='".$row['user_name']."' AND user_id='1' and NOT isnull(user_password_OLD)") or die(mysql_error()); 

  //echo hash_hmac('sha256', 'Password', 'Salt');
  echo "<BR><br>";
  }

mysql_close($con);
?>

ImproperUsername attached the following file:
reset_passwords.zip [1008Bytes / 436 Downloads]
Thread Information
Replies
1 post
Views
1,796 times
Last Post
Last updated on 8 years ago
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: ImproperUsername