Convert all users plain text password to hashed password

PHPMaker General Discussion (PHPMaker)
1

Hi,

Can I convert all users plain text password in field “password” to hashed password in field “passwordhash”, so users do not have to create new passwords themselves?

Have tried this in phpMyadmin:

UPDATE usertable SET passwordhash = SHA2(passwordlower, 256) WHERE 1

But that does not seem to work

/Poul

2

The password_hash() function is a PHP function, so you cannot update the password by SQL. You need to write a Custom File (with “Include common files” enabled) or a server event to update them, e.g. FOR v2024+ ONLY

// For v2024
$em = GetUserEntityManager();
$users = GetUserRepository()->findAll();
foreach ($users as $user) { // Assume the password field is named "password" so the getter/setter are get/setPassword()
	$plainPassword = $user->getPassword(); // The original password must be plain text
	$user->setPassword(EncryptPassword(Config("CASE_SENSITIVE_PASSWORD") ? $plainPassword : strtolower($plainPassword)));
	$em->persist($user);
}
$em->flush();

Notes:

  1. Make very sure you run above ONCE AND ONLY ONCE, so backup your user table first!
  2. Make sure you have enabled Hashed password under User Login Options (so password_hash() will be used by EncryptPassword()).
  3. Above is to demonstrate the approach only, do not just copy and paste, you should test and modify as needed.
3

Thanks, but I cannot get this to work.I have followed the instructions regarding Custom File: https://phpmaker.dev/docs/index.html#/customfile.html
With debug ON, I see the code is being executed, but is has no effect on the password field.Is this code different in v2023?

4

arbei wrote:

// For v2024
$em = GetUserEntityManager();

For v2023, you can only use UPDATE statement, see example for Database Abstraction Layer (DBAL 3), you may select and loop through the records, and execute UPDATE statement to update the password field.