0

I would like to create a random string for every row in my row for the field password - basically its a bulk password generator.

Unfortunately, when I hit the bulk reset button the passwords are reset to all the same string. I would like to have a different random string for each row.

Here is my code:

echo '<form method="post" action=""><input type="submit" name="bulk_password_reset" value="Bulk Password Reset" /></form>';
if (isset($_POST['bulk_password_reset'])) {
    $password = generateRandomString();
    while ($result = $sqlUpdate->fetch()) {
        $sqlUpdate = $dbh->prepare("UPDATE $tableName SET password = :password");
        $sqlUpdate-> execute(array(':password'=>$password));
        $sqlUpdate->execute();
        header('Location: su_password_reset.php');
    }
}

Here is my random string generator function:

//Generate random password
function generateRandomString($length = 10) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, strlen($characters) - 1)];
    }
    return $randomString;
}

What am I doing wrong please?

Improve this question
1
  • 1
    I can't help but notice that you're not hashing your passwords. Don't write it off as "something minor" or "I'm not storing anything important" or say "I'll do it later". We just had to notify 20k people about a password breach because our wonderful devs subscribed to all of these reasons. Commented Feb 26, 2014 at 21:41

5 Answers 5

Reset to default
5

You should place $password = generateRandomString(); inside while loop, and also add WHERE condition (I assume, you have id in your table) to apply each UPDATE to only one row.

$sqlSelect = $dbh->query("SELECT id FROM $tableName"); // select ids where you want to change passwords
while ($result = $sqlSelect->fetch()) {
    $password = generateRandomString();
    $sqlUpdate = $dbh->prepare("UPDATE $tableName SET password = :password WHERE id = :id");
    $sqlUpdate->execute(array(':password'=>$password, ':id'=>$result['id']));
    header('Location: su_password_reset.php');
}

UPD I am no pretty sure about syntax, but this gives you an idea, what you need to do (select id for each row, generate password, then update password for this row only).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

This seems to be the problem:

UPDATE $tableName SET password = :password

You aren't specifying a WHERE clause in your UPDATE statement, so it is being applied to the entire column rather than a specific row.

Improve this answer

Comments

0

Move this inside your while loop:

$password = generateRandomString();

Currently you're calculating the $password just once, then using that value for every row.

Additionally, your UPDATE clause isn't restricted to any matching criteria. Each cycle through the loop, you're updating every row in the table. You need to add a WHERE clause to restrict the update to that particular row.

Improve this answer

1 Comment

Hi. It still gives me the same problem.
0

Try moving your $password = generatRandomString() inside your while loop

while ($result = $sqlUpdate->fetch()) {
    $password = generateRandomString();
    $sqlUpdate = $dbh->prepare("UPDATE $tableName SET password = :password");
    $sqlUpdate-> execute(array(':password'=>$password));
    $sqlUpdate->execute();
    header('Location: su_password_reset.php');
}
Improve this answer

1 Comment

It still gives me the same problem.
0 
<?php
$password = generateRandomString(); // Move this inside your while loop
while ($result = $sqlUpdate->fetch())
{
    $password = generateRandomString(); // Like so...
}

// Change function generateRandomString($length = 10) {...} to...
function generateRandomString()
{
    return md5(rand().time());
}

And add a where clause to your update query.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.