I have a MySQL database with a table that contains usernames and passwords. I want a bash script or MySQL statement that will randomise all the passwords.
I can reset one password with something like
select md5(rand()) as password;
I can loop through with a bash read while loop. Just need help putting it all together.
Yews I know there should not be passwords stored in the clear, it's a legacy system we are moving people away from.
UPDATE `users` SET `password` = md5(rand())
I think you should be able to just CONCAT the current password into the md5, to keep them all unique.
UPDATE passwords SET password = md5(CONCAT(RAND(), password))
Related
I'm working on a project, continuing a work of somebody else I need to have user name and PW for the update I want to make I can access database it is a MYSQL database. I can see user names but I can't know the PW of any user to do my tests.
I tried to make a new user using the insert tab in php my admin but the query generated was like this
INSERT INTO `user`
(`id`, `username`, `auth_key`, `password_hash`,
`password_reset_token`, `email`, `status`, `created_at`,
`updated_at`, `central_branch`)
VALUES ([value-1], [value-2], [value-3], [value-4], [value-5],
[value-6],[value-7],[value-8],[value-9],[value-10])
where auth_key, password_hash generated from the pw in the view can any body help me either create user or know pw of any user
In general, hashes are not reversible. So if the value of password_hash in your table is storing a hash, you can't get the original plaintext password back from that hash. You can replace it with a new hash string for a password you know, but you can't reverse the existing hash to get the password that was used to generate that hash.
If you can't ask the original developer, and that developer didn't leave any notes about the password for you, then you can only replace it with a new password hash.
If you can't do that because you don't have privilege to update the table, then you need to use the instructions for starting the MySQL Server without privilege enforcement, so you can make users and grant privileges for yourself to work on it. See https://dev.mysql.com/doc/refman/8.0/en/resetting-permissions.html
I am trying to change all input for one field of all records though can't figure it out. Any help is much appreciated.
I was trying to change them by using:
SELECT * FROM `users` SET 'password'='NewPassword';
UPDATE is the proper command for changing values in MySQL - example:
UPDATE `users` set password='new_password_string' where password is not null
try looking up the update statement
You need an UPDATE statement, not a SELECT statement to update rows in your table. (Hence why it's called update.) Also, you use backticks or nothing around the column name, not single quotes.
UPDATE `users` SET `password`='NewPassword';
That being said, storing passwords in plaintext as you appear to be doing is incredibly insecure. Please make sure you implement a proper password hashing system.
Use the UPDATE command (http://www.w3schools.com/sql/sql_update.asp).
UPDATE 'users' SET 'password' = 'NewPassword';
MySQL 5.1 has a RENAME USER feature that would do what I want. But unfortunately I'm running MySQL 4.1.12.
What I want to do is just change the host part of the username. I want to change the User name from 'myUsername'#'localhost' to 'myUsername'#'123.45.%'.
Sorry to inform you but the host is not a part of the username but a separate field in the mysql users table . You need either to create another user with the same username (yes it is possible) or to update the host field value of the record of that user like something:
UPDATE mysql.user SET host = '123.45.%' WHERE user = 'myUsername';
Warning - this would update every record where username is equal to the given one additionally if it is needed you could specify another condition in the where clause.
I currently have a large user database where every user has a unique password. All the passwords are md5 encrypted. The way I originally set it up was by converting the list of user details to SQL by saving the excel sheet I had as a CSV, and then converting that to SQL at csv2sql.com. I then used sql to create the unique passwords with the following command line:
UPDATE users SET numbers = SUBSTRING(MD5(RAND()) FROM 1 FOR 10)
To make sure this command didn't generate duplicates I made the password field a UNIQUE field. I then exported this table so I had a copy of all the original passwords. Once exported I then encrypted the list to md5 using the following command line:
UPDATE users SET `password` = MD5(`password`)
This all worked fine, albeit not the most efficient way of dealing with it.
Now I have to add a whole load more users to the database. Of course I have to maintain the original passwords from the original users. I'm able to insert the new users, but I'm unsure how I'm going to create the new passwords for them without changing all the previous ones. Can someone point me in the right direction please!
You could import your csv into a temporary table, do your modifications there, and then insert into users (...) select ... from temp_users
You could add a column 'unencrypted password' to your user table, import the csv, so that the unencrypted pw is in that column, and then run update users set password = md5(unencrypted_password) where unencrypted_password is not null
You could use a different csv-sql-converter. As a hack, i often imported the csv into excel/oo-calc, and made a column like this: =concat('insert into table (...) values (', A1, ', ', A2, ')');, which allowed me to do custom sql-statements
I need a password for an user as Drupal's installation asks that. I'm totally newcomer on creating databases so I tried this:
CREATE DATABASE 'drupaltest';
CREATE USER 'jaakko'#'localhost' IDENTIFIED BY 'password';
But PHPMyAdmin says
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`password`'
Could anyone say what queries should I put to make an user with password that Drupal's installation requires and what grants should the new user have?
What you have should work I think. The only things I can think of is maybe you have the wrong type of quotation marks or maybe it has an issue with you setting password to 'password'. Perhaps try set it to something else. If that doesn't work maybe try create the user and then in a separate statement set the password and see if / where it trips up. E.g.
CREATE USER 'jaakko'#'localhost';
SET PASSWORD FOR 'jaakko'#'localhost' = PASSWORD('newpass');
This will also store the password more securely since the hash value will be stored instead of just the plain-text.
Brent777's solution will work, but for added security I would suggest salting the hash with a salt_value.
SELECT users.id, users.name into #id, #name FROM users where users.name = 'jaakko';
CREATE USER 'jaakko'#'localhost';
SET #newpass = 'newpass';
SET PASSWORD FOR 'jaakko'#'localhost' = PASSWORD(concat(#id,#name,#newpass));
Otherwise it will be too easy to attack the password table.