views:

32

answers:

3

I inherited a site with a with a large user base. My client is updating their records and I need to import some predetermined passwords for about 900 users into a mysql table. The row that I am importing to seems to encrypt the passwords if I enter them through the php front end. I can get all of the passwords to import into the table using phpMyAdmin but they are not working when I test them as they are in the unencrypted format. Is there a way to encrypt the passwords before I import them into my table?

+1  A: 

It's not 100% clear from your question, but I'm going to assume that your passwords are stored in a column which MySQL encrypts.

In order to "encrypt the passwords" before importing them, you must figure out what encryption algorithm is in use. This will involve looking at the database schema and the code for inserting into it, finding where the encryption is performed, and identifying the algorithm.

Once you have done this, use the same algorithm in advance to encrypt the passwords.

Borealid
A: 

You should write a script to import the passwords using the same encryption method that the app expects.

You should read the source code for the PHP front end to find out the method to use to encrypt (or more likely, hash) the passwords. It's a waste of time to try to guess their method without studying their code.

Depending on the method of hashing, you might be able to convert the plaintext passwords you have already imported into the hashed versions, just using an SQL update. For instance, if it's SHA1, then you could do this:

UPDATE accounts SET password = SHA(password)

This will overwrite the password with its hash. Keep in mind hashes are not reversible, so make a db backup before you try this!

I also recommend reading You're Probably Storing Passwords Incorrectly by fearless leader.

Bill Karwin
Bill, thanks for the direction the hash the site is using is md5. I ran the SQL update on password column and it worked just fine. Thanks for your help.
Glad to help. Please remember to give upvotes and choose 'accepted answer' to people who help you. It's a small thing, but it's how the game is played here on Stack Overflow. :-)
Bill Karwin
A: 

Solved:

UPDATE users SET user_password = md5(user_password)

Thanks All for the input.