Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Are there any risks/ issues with Member's having NULL passwords after a CSV import?

Go to End

11 Posts   419 Views


30 June 2014 at 3:29pm Community Member, 130 Posts

I want to import several hundred users into their website.

A test import shows the Passwords, Salt and PasswordEncryption as NULL in the database. Along with all the locale, date/time formats etc.

Is there any risks or issues with this approach?

Will the users be able to easily reset their passwords via the "forgot password" link? I'm testing on a local machine that doesn't have a mail server setup on it so can't test this.


30 June 2014 at 3:45pm Community Member, 130 Posts

Just to follow up on this. I've installed [url=]Test Mail Server Tool[/url] to catch outgoing mail from my local web server.

I cannot reset the password because it says "Your current password does not match, please try again" - and the password is NULL so I cannot enter it.


30 June 2014 at 5:36pm Community Member, 45 Posts

Hi Tama,

depends where you get the user data from you'll need either the original password or an idea how to encode the password to match the password hash.

How did you import the users? A custom import script or a built in function?

I once imported users from another framework and wrote a password encryptor to match the old hash. A changed password used the default silverstripe encryption. Pretty simple to solve with silverstripe.


1 July 2014 at 8:10am Community Member, 130 Posts

Thanks wmk

The users I'm wanting to import don't have passwords. So I need a way of users being able to reset their passwords via email links.

I'm wondering if randomly generating password/salt keys would allow the normal "forgot password" to work?


1 July 2014 at 8:32pm Community Member, 215 Posts

I'm wondering if randomly generating password/salt keys would allow the normal "forgot password" to work?

Yes, I'm doing this. If there is no registration form, I usually set up my users with some random passwords and then I tell them to use the "forgot password" link to choose a password for themselves.


1 July 2014 at 9:13pm Community Member, 130 Posts

Thank you Devlin - I think I'll take this route.

Out of interest are you generating the random passwords in code (BeforeWrite) or just filling a spreadsheet with random strings?


1 July 2014 at 9:38pm (Last edited: 1 July 2014 10:01pm), Community Member, 215 Posts

I usually just use simple BuildTask.

Something like:

class MyBuildTask extends BuildTask {

   protected $enabled = true;
   function run($request) {
      // Could be a CSV too
      $emails = array(
      foreach($emails AS $email) {
         $generator = new RandomGenerator();
         $member = new Member();
         $member->Email = $email;
         $member->Password = $generator->randomToken(); // cleartext password; encryption is done in onBeforeWrite()



2 July 2014 at 8:39am (Last edited: 2 July 2014 8:45am), Community Member, 130 Posts

Great Devlin. Here's my solution:

class PopulateBlankPasswords extends BuildTask {

protected $title = 'Populate Blank Passwords';
protected $description = 'Randomly assigns passwords to users with no password. Run after user import from CSV';
protected $enabled = true;

function run($request) {

function populatePasswords() {
$BlankPasswords = Member::get()->where('Password is NULL');
$count = 0;
if ($BlankPasswords && !empty($BlankPasswords)) {

foreach ($BlankPasswords as $BlankPasswordMember) {
$Password = //Random Password Generated
$BlankPasswordMember->Password = $Password;


echo "<br /><br /><strong>{$count} Blank passwords replaced with random passwords...</strong><br />";
} else
echo 'No blank passwords found...';


Does anyone know the maximum length for a password in Silverstripe?

And on an unrelated note how did Devlin get his code to indent?

Go to Top