BigSpring

Skip to content

Home / Blogs / Research Blog / Batch Creation of Joomla Passwords

Batch Creation of Joomla Passwords

Tuesday, 15 September 2009 18:23 Jon Martin

Ever needed to populate the password field in Joomla's jos_user table but didn't know how? Neither did we, but we found out.

A recent project required migrating a list of users from an old, non-Joomla CMS into a new, Joomla! based system. One of the issues we encountered involved porting the user's passwords across from the old system to the new.

For reasons we don't need to discuss here, we actually had to create new passwords for the users, but the solution is the same regardless of where the passwords come from.

All you'll need to start is a table containing two columns. The first column is the Joomla User ID from jos_user, and the second is a varchar containing the plain text password for that user.

Next, take the following script and modify the connection details and query to suit your needs:

<?php
// function to generate salt
function genRandomPassword($length = 32)
{
$salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$len = strlen($salt);
$makepass = '';
mt_srand(10000000 * (double) microtime());
for ($i = 0; $i < $length; $i ++) {
$makepass .= $salt[mt_rand(0, $len -1)];
}
return $makepass;
}
// connection
// FILL IN YOUR DATABASE DETAILS HERE
$hostname = "hostname";
$database = "database";
$username = "username";
$password = "password";
$site = mysql_pconnect($hostname, $username, $password) or trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db($database, $site);

// run query
// COMPLETE YOUR QUERY TO RETURN THE USER ID AND PLAIN TEXT PASSWORD HERE
$query = "SELECT id, password FROM yourtable";
$result = mysql_query($query, $site) or die(mysql_error());
$row_result = mysql_fetch_assoc($result);
do {
//generate salt
$salt = genRandomPassword();
// update
$query_update = "UPDATE jos_users SET password = '" . md5(stripslashes($row_result['new_pass_plain']).$salt) .':'.$salt . "' WHERE id = " . $row_result['id'];
$update_result = mysql_query($query_update, $site) or die(mysql_error());
} while ($row_result = mysql_fetch_assoc($result));
?>

You'll need to:

Modify the connection details on lines 16-19 to match those of your own database.
Modify the query on line 25 to provide the User ID and password as discussed above.

Once you've done that, it's as simple as uploading the script to your site and running it.

As always - take a backup of the jos_users table prior to running the script just in case something does go wrong. This script has been tested and works, but we can't vouch for you editing it by mistake or writing you own query incorrectly!