Manually reset a password in users table

DAF ID3000

DAF ID3000

New member
Hi Eugenio.

Is there a way to 'manually' hash and paste a password directly in the users table ?
I tried with embedded MD5() mysql function and I looked on http://www.openwall.com/phpass/ for an online tool to hash password but I didn't find anything.
It could be helpful for back office operations to get a quick way to reset a password...
Is there something I've missed ?

thanks in advance
 
E

Erik

New member
The advise is never use mysql query to generate passwords, mostly the password could end up in system logfiles.
Also do not use external websites for generating encrypted passwords that you are going to use for your systems, often they collect it for building rainbow tables, but simple passwords will be already in the rainbow tables included. So go ahead. But use a clean private browser tab.

For temporary Passwords you could use this one, i just tested it with a common word and set the rounds to 8:

Bcrypt-Generator.com - Online Bcrypt Hash Generator and Checker

Bcrypt-Generator.com is a online tool to check Bcrypt hashes. You can also use it to generate new Bcrypt hashes for your other applications that require a Bcrypt encrypted string or password
bcrypt-generator.com bcrypt-generator.com

And use the generated HASH to store it in your database for the users row that needs to be restored follow the table 'dadabik_user' and put the generated HASH in the column 'password_user' and set the column 'force_password_change_user' to 'yes'

This way the user can login with the pass provided and will be forced to change the password at login.
 
eugenio

eugenio

Administrator
Staff member
Let me add something to Erik's answer: you can create a new user A in DaDaBIK, use the generated hash to update the password of another user B (directly in dadabik_user) and then delete user A (or change the password if you need another hash). It's a longer process but you are 100% sure to use the same algorithm that DaDaBIK is using.

Alternatively, if you want to automate it using a script, you can encrypt password using create_password_hash(), it's the function that DaDaBIK uses (it's in include/general_functions.php).

Best,
 
You must log in or register to reply here.
Top