Adding new users to a database and generating them unique passwords - mysql

I currently have a large user database where every user has a unique password. All the passwords are md5 encrypted. The way I originally set it up was by converting the list of user details to SQL by saving the excel sheet I had as a CSV, and then converting that to SQL at csv2sql.com. I then used sql to create the unique passwords with the following command line:
UPDATE users SET numbers = SUBSTRING(MD5(RAND()) FROM 1 FOR 10)
To make sure this command didn't generate duplicates I made the password field a UNIQUE field. I then exported this table so I had a copy of all the original passwords. Once exported I then encrypted the list to md5 using the following command line:
UPDATE users SET `password` = MD5(`password`)
This all worked fine, albeit not the most efficient way of dealing with it.
Now I have to add a whole load more users to the database. Of course I have to maintain the original passwords from the original users. I'm able to insert the new users, but I'm unsure how I'm going to create the new passwords for them without changing all the previous ones. Can someone point me in the right direction please!

You could import your csv into a temporary table, do your modifications there, and then insert into users (...) select ... from temp_users
You could add a column 'unencrypted password' to your user table, import the csv, so that the unencrypted pw is in that column, and then run update users set password = md5(unencrypted_password) where unencrypted_password is not null
You could use a different csv-sql-converter. As a hack, i often imported the csv into excel/oo-calc, and made a column like this: =concat('insert into table (...) values (', A1, ', ', A2, ')');, which allowed me to do custom sql-statements

Related

Randomise all password in MySQL table

I have a MySQL database with a table that contains usernames and passwords. I want a bash script or MySQL statement that will randomise all the passwords.
I can reset one password with something like
select md5(rand()) as password;
I can loop through with a bash read while loop. Just need help putting it all together.
Yews I know there should not be passwords stored in the clear, it's a legacy system we are moving people away from.
UPDATE `users` SET `password` = md5(rand())
I think you should be able to just CONCAT the current password into the md5, to keep them all unique.
UPDATE passwords SET password = md5(CONCAT(RAND(), password))

concatenating a field in mysql database?

I'm new and don't have much experience in database. I've a front end GUI flex application and saves user interactions to MySQL database.
Database will have fields like this.
ID Name ChartName SequenceOfActions rest--of--fields
I want to update the database whenever the user makes GUI change or interacts. I know the update command but it will delete older value and update.
I want something like append command which will save the values in the database.
Are you looking for CONCAT? Something like:
UPDATE my_table SET my_field = CONCAT(my_field, 'New content');

phpMyAdmin export/import results in duplicate primary key error

I want to globally replace all instances of my site url in the Wordpress MySQL database with a new site url. To do that, I'm using phpMyAdmin to export the database to a .sql file, then doing a global replace in a text editor, then using phpMyAdmin to import the .sql file.
During the import, I'm encountering a duplicate entry for primary key error. Trying to debug this, I exported the file, then imported the identical file, making no changes and I still get the same error.
I appreciate any help solving this.
--
-- Dumping data for table `wp_comments`
--
INSERT INTO `wp_comments`
(`comment_ID`, `comment_post_ID`, `comment_author`, `comment_author_email`
,`comment_author_url`, `comment_author_IP`, `comment_date`, `comment_date_gmt`
,`comment_content`, `comment_karma`, `comment_approved`, `comment_agent`
,`comment_type`, `comment_parent`, `user_id`)
VALUES (1, 1, 'Mr WordPress', ''
,'http://wordpress.org/', '', '2011-04-28 00:49:55', '2011-04-28 00:49:55'
,'Hi, this is a comment.<br />To delete a comment,
just log in and view the post's comments.
There you will have the option to edit or delete them.'
, 0, 'post-trashed', '', '', 0, 0 ) ;
MySQL said:
#1062 - Duplicate entry '1' for key 'PRIMARY'
The original data is still in the database.
If you were working manually you'd send a UPDATE rather than INSERT query with the new values, but since you're doing a batch import, it may just be better to wipe the existing table clean before the import.
DELETE FROM `tblName`;
Be sure to back-up your data, first.
To avoid duplicates you have to use UPDATE instead of INSERT statements. To achieve this in phpMyAdmin, follow these steps:
Select your database in the tree.
OPTIONAL. Go to "Search" tab and search for string you want to replace in all tables. If string is found in several tables only, note their names. This will help to speed up process by updating only the tables which needs updating. This my be important if you have lot of data.
Go to "Export" tab.
In the "Export method:" select "Custom".
OPTIONAL. If you noted the tables which need updating in step 2 above, then in the "Table(s):" section, click "Unselect all" and then select only the tables which need to be updated.
Scroll down to "Data creation options" section, and in the drop
box labeled "Function to use when dumping data:" select "UPDATE"
(default is "INSERT").
Click "Go".
Open the downloaded SQL dump file.
IMPORTANT! Save the file with a new name for backup purposes before any changes are made.
Use Search & replace function of your editor to change what you want. Then save the file.
In phpMyAdmin go to "Import" tab.
In the "File to import:" section click the "Choose file" button and
browse for the edited file. Click GO
You are ready! To check if everything is OK, search the database second time (repeat step 2). You should not find any tables containing your old string.
If you're exporting, that means that the main content stays in the database. So, when you try to insert a new row with the same PRIMARY KEY, which are always UNIQUE, you'll get an error.
Solution: You must delete the row from the table that has the same comment_ID.
You must open the PHPMyAdmin and go your table page, and check the row with the ID you want. In this case is 1, which means that it is probabily in the first results page of your table listing. Just click on the red X which appears in the row.
This could also be done by SQL, which could be simple too.
DELETE FROM `wp_comments` WHERE `comment_ID` = 1 LIMIT 1
For this, just select your database in PHPMyAdmin and go to the SQL tab, and insert the code above in the text area.
Had the same problem and error number. Deleted the database, recreate with no tables, and import the changed export file worked for me.
The problem is related with your file - you are trying to create a DB using a copy - at the top of your file you will find something like this:
CREATE DATABASE IF NOT EXISTS *THE_NAME_OF_YOUR_DB* DEFAULT CHARACTER SET latin1 COLLATE latin1_general_ci;
USE *THE_NAME_OF_YOUR_DB*;
and I'm sure that you already have a DB with this name - IN THE SAME SERVER - please check, because you are trying to overwrite!! Just change the name OR (better) ERASE THIS LINE!
Since you already have that record there, you can just update the record rather than inserting. It would go something like this.
UPDATE `wp_comments`
SET 'comment_author_url' = 'YOUR NEW ADDRESS'
WHERE `comment_ID` = 1
Just update every instance of your old address using this method. You can search through all of all posts by saying "WHERE 'comment_author_url' = 'YOUR OLD ADDRESS'"
If all you want to do is replace your URL, I believe this is all you must do:
Update `wp_comments` Set
`comment_author_url` = 'http://wordpress.org/'
Where `comment_author` = 'Mr WordPress'
Just type the above SQL into PHPMyAdmin's SQL box and execute.
NOTE: First make sure you have a backup. And there's no need to do all that export and import stuff :)
Change to code to
INSERT .... (what you already have)
ON DUPLICATE KEY UPDATE;
This will fix your problem with a minimum of fuss, whilst still inserting new rows.

MYSQL: Load Data Infile but update if same key found?

I have a members table. Half the data/fields are populated through an online CMS.
But for the member's core contact detail fields, they come from a CSV exported from a desktop database.
I wanted to be able to upload this CSV and use the LOAD DATA command to update the members contact detail fields (matching on id) but without touching/erasing the other fields.
Is there a way to do this or must I instead loop through each row of the CSV and UPDATE... (if that's the case, any tips for the best way to do it?)
The Load Data Infile command supports the REPLACE keyword. This might be what you're looking for. From the manual:
REPLACE works exactly like INSERT,
except that if an old row in the table
has the same value as a new row for a
PRIMARY KEY or a UNIQUE index, the old
row is deleted before the new row is
inserted
The Load Data Infile command also has options where you can specify which columns to update, so perhaps you can upload the data, only specifying the columns which you want to update.

How can I make a remote table in MS Access "write only"?

I have a little MS Access application (I know, I know), which accesses a table on a remote MS SQL Server.
I also have a form, which allows the users to enter data into the table. The problem is, that I want the users not to be able to read or modify existing data, but I only want them to enter data and store it (the data is a bit sensitive).
I tried to grant only INSERT privileges to the user connecting to the database, resulting in the error, that the table is not accessible at all.
After googling, I couldn't find anything which would solve this issue.
So my question: How can I ensure, that the users only enter data, but do not modify or read existing data in MS Access (2003)?
I would remove select permissions from the table (as you already have done) and do all the IO through a stored procedure. That way you can control exactly what is inserted into the system
Let me know if you need help running a stored procedure in ADO and I will post something up
I prefer a stored proc, but thought this was an alternate to give access to a view of the table with a check option
create table testview (somevalue varchar(25), entereddate datetime)
go
insert into testview values( 'First Value', getdate() )
go
create view testview_currentonly
as
SELECT
somevalue
, entereddate
FROM testview
WHERE entereddate >= getdate()
with check option
-- end view create
go
insert into testview_currentonly values( 'Second Value', getdate() )
select * from testview_currentonly
select * from testview
You can't select anything from this view because all entries (assuming the user could not manipulate the value going into the 'entereddate' field (probably should have a default?).
For the identity principal you use to access the remote SQL server table (this will be defined in the link), remove all permissions except db_datareader.
You can do this with MS Access permissions (but be warned: it's quite a difficult area...):
Microsoft Access Database Security - Security Permissions
Types of permissions (MDB)
Finally here's what I've done:
First, I created two tables:
CREATE TABLE mydata (...)
CREATE TABLE mydata2 (...)
Then I created an INSTEAD OF trigger:
CREATE TRIGGER mytrigger ON mydata
INSTEAD OF INSERT
AS
INSERT INTO mydata2 SELECT * FROM INSERTED
END
This moved every single entry from mydata to mydata2 on insert. The form in Access remained on mydata though, which made the entries invisible to the user.
Thanks to CodeSlave, who also suggested this solution