Transferring MD5 hashed passwords from one MySQL to another - mysql

So I am currently building a new Wordpress site that has a functionality where users can login and create a business listing for themselves. All of these users are currently using another site of the clients to perform other business aspects.
We are looking at bringing all the sites together in time.
Right now though, I have a user table on the existing site that has login details (username, display name and password among others). I want to grab these details including the MD5 hashed password field and import it into the Wordpress users table?
Is this even possible?
Thanks,
A

It seems most of the data is transferable, you'll need a script or something to make sure all the data from your other website is inserted the right way in your wp_users and wp_usermeta table.
All data you want to save extra for users, can be inserted in the wp_usermeta table as key-value pair.
To make sure users can login into the new WordPress site :
This is possible if you set your security in WordPress using MD5 hash only without using a salt.
You can do this by overwriting wordpress's wp_hash_password() method.
But you are better of letting existing users change their PW, because MD5 is really insecure.

I have managed to find a way to do this. It may be a little backwards, and please correct me if I have this entirely wrong.
I grabbed a SQL dump from the old database using phpMyAdmin of the fields that I needed. I edited the SQL file and adjusted the field names to correlate with the Worpress wp_users table. Then in the new database I used an INSERT INTO command to create the new users.
In Wordpress I then had to assign all the new users a role.
It took the MD5 hashed password and stored it initially in the DB but on the first login it changed the encryption to phpass.
Hope this helps anyone else looking.
A

Related

dbConnect- Does cleaning data in R change data values in the real database

I am doing research on MySQL data. I used the dbConnect function to connect to the database and used dbReadTable to read a table.
My question is: if I start cleaning data to make it tidy using tidyr and dplyr, etc, will this change the data from the database (data that is stored in mySQL and was collected by researcher)
Or does cleaning data in R only change the data called upon in R and have NO EFFECT ON THE database.
I need a definitive, well-backed, and professional answer as the data I'm dealing with is pretty important and valuable.
Given a database connection, you can definitely modify data in the database by using any of the keywords such as INSERT, UPDATE, DELETE depending on the role of the database user;
One safe way to avoid any modification of the database is ask the database administrator (I assume you are not the one) to create a user that has only read access to it, and then connect the database using this specific user. Then you would be safe to do analysis without unintentionally injecting anything into your database because the database won't allow you to do so;
But most importantly consult with the database administrator before taking next step, this answer is just for giving a clue on how to do this safely from my personal perspective. No responsibility taken for the next move you made.

How to encrypt the Password column in jos_users (Joomla)

My aim was to import a CSV file full of user details into jos_users through Phpmyadmin. All columns match and it was imported without issue.
I have also applied user group definitions in the jos_usergroup_map table, without issue.
The list of users match with the backend side of Joomla but I cannot log into the new users in the front end. After playing around I have realized that the password column in jos_users must be encrypted to work. You can do this in the back end of joomla by re-typing the password and saving changes (and it encrypts it and works fine).
I was wondering. Is there a way to encrypt the jos_users password column in one go. Instead of going one by one?
Thanks again!
There is a similar thread explaining the joomla password encryption.
Joomla 3.2.1 password encryption
Write a script which will update the password as per the joomla standards, export data from jos_users table and pass this data as input to the script.

How many db-users should I create?

guys!
I need to ask you a question... I'm mew in programming business and if this question seems silly, please indulge me.
I have a little site where people have to register in order to post something. So I register every user in the database. I log into the db with:
$pdo = new PDO("mysql:host=localhost;dbname="MY-DB", "My-USER", "My-password");
The question is: when I log into the databse to do whatever operation I need (select, update, delete, insert) how many users ("MY-USER") should I create to login to the db ? Should I create one db-user for every users that registers on my site, or one one single user is enough to do the operations ?
Thanks.
In normal situations you should have additionally to a root user, which can create new databases and add new users, you should create one user per application which is accessing the database, so that a bug in one application wouldn't affect another.
In your case this means to have 1 additional user for your web application which has all permissions on one mysql-database and can create the necessary tables as well as read / modify data in those.
You should not use mysql as your user manager, instead create a table with the users, their (hashed) passwords, ... and manage them in your application.

How can I generate salt and confirmation_token entries for migrated users with FOSUserBundle

I am resurrecting a website that has been down for a few years and I am migrating everything to Symfony2. I was able to get all of my old user database entries into the fos_user table. The only problem is that the salt and confirmation_token entries are empty because users were were not created the standard way. I want all users to reset their passwords, so I'm not worried about the old hashed passwords at all. How can I generate the entries for 13,000 users at once? Maybe I need to override the controller to create the salt and confirmation_token each time a password is requested? Do methods already exist for this? It seems like someone else would have had this problem before.
Thanks
I solved this by overriding the fosUserBundle Resetting controller. Instructions can be found here.
I forced generation of a new toke with these lines:
$tokenGenerator = $this->container->get('fos_user.util.token_generator');
$user->setConfirmationToken($tokenGenerator->generateToken());
I was able to generate the salt values with a simple SQL query.
UPDATE fos_user set salt = SUBSTRING(MD5(RAND()) FROM 1 FOR 31) WHERE salt IS NULL

Is a simple MySql Database possible?

Steps:
I want a registered user to be able to insert values into a table.
Those values would only be able to be seen or edited by the user. (a few rows)
I have a registration/login page and insert form page complete and they can add do their respective jobs.
Here's the problem and i realize it probably a super simple answer:
How do I link the registration/login username to the values that I'm entering so that only that username has access to it?
Thanks,
Michael
You can create a MySQL user for each registered user and protect their data at the DB level. That's usually overkill for a web application.
What you probably want here is enforcing data owner at the data access layer. Associate the data to the user and restrict any data queries or updates to that user, i.e. any insert, update, select SQL statements would include the user id as a parameter.