Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Are there any risks/ issues with Member's having NULL passwords after a CSV import?


Go to End
Reply


11 Posts   429 Views

Avatar
Tama

Community Member, 130 Posts

30 June 2014 at 3:29pm

I want to import several hundred users into their website.

A test import shows the Passwords, Salt and PasswordEncryption as NULL in the database. Along with all the locale, date/time formats etc.

Is there any risks or issues with this approach?

Will the users be able to easily reset their passwords via the "forgot password" link? I'm testing on a local machine that doesn't have a mail server setup on it so can't test this.

Avatar
Tama

Community Member, 130 Posts

30 June 2014 at 3:45pm

Just to follow up on this. I've installed [url=http://www.toolheap.com/test-mail-server-tool/]Test Mail Server Tool[/url] to catch outgoing mail from my local web server.

I cannot reset the password because it says "Your current password does not match, please try again" - and the password is NULL so I cannot enter it.

Avatar
wmk

Community Member, 45 Posts

30 June 2014 at 5:36pm

Hi Tama,

depends where you get the user data from you'll need either the original password or an idea how to encode the password to match the password hash.

How did you import the users? A custom import script or a built in function?

I once imported users from another framework and wrote a password encryptor to match the old hash. A changed password used the default silverstripe encryption. Pretty simple to solve with silverstripe.

Avatar
Tama

Community Member, 130 Posts

1 July 2014 at 8:10am

Thanks wmk

The users I'm wanting to import don't have passwords. So I need a way of users being able to reset their passwords via email links.

I'm wondering if randomly generating password/salt keys would allow the normal "forgot password" to work?

Avatar
Devlin

Community Member, 215 Posts

1 July 2014 at 8:32pm

I'm wondering if randomly generating password/salt keys would allow the normal "forgot password" to work?

Yes, I'm doing this. If there is no registration form, I usually set up my users with some random passwords and then I tell them to use the "forgot password" link to choose a password for themselves.

Avatar
Tama

Community Member, 130 Posts

1 July 2014 at 9:13pm

Thank you Devlin - I think I'll take this route.

Out of interest are you generating the random passwords in code (BeforeWrite) or just filling a spreadsheet with random strings?

Avatar
Devlin

Community Member, 215 Posts

1 July 2014 at 9:38pm

Edited: 01/07/2014 10:01pm

I usually just use simple BuildTask.

Something like:

class MyBuildTask extends BuildTask {

   protected $enabled = true;
   
   function run($request) {
      // Could be a CSV too
      $emails = array(
         'test@test.de'
      );
      foreach($emails AS $email) {
         $generator = new RandomGenerator();
         $member = new Member();
         $member->Email = $email;
         $member->Password = $generator->randomToken(); // cleartext password; encryption is done in onBeforeWrite()
         $member->write();
         $member->addToGroupByCode('content-authors');
      }
   }

}

Avatar
Tama

Community Member, 130 Posts

2 July 2014 at 8:39am

Edited: 02/07/2014 8:45am

Great Devlin. Here's my solution:

class PopulateBlankPasswords extends BuildTask {

protected $title = 'Populate Blank Passwords';
protected $description = 'Randomly assigns passwords to users with no password. Run after user import from CSV';
protected $enabled = true;

function run($request) {
$this->populatePasswords();
}

function populatePasswords() {
$BlankPasswords = Member::get()->where('Password is NULL');
$count = 0;
if ($BlankPasswords && !empty($BlankPasswords)) {

foreach ($BlankPasswords as $BlankPasswordMember) {
$Password = //Random Password Generated
$BlankPasswordMember->Password = $Password;
$BlankPasswordMember->write();

$count++;
}

echo "<br /><br /><strong>{$count} Blank passwords replaced with random passwords...</strong><br />";
} else
echo 'No blank passwords found...';
}

}

Does anyone know the maximum length for a password in Silverstripe?

And on an unrelated note how did Devlin get his code to indent?

Go to Top