1

Solved: See @RiggsFolly answer below for adequate work around.

Goal: I want to update user passwords using phpMyAdmin that have been stored using the password_hash() with PASSWORD_BCRYPT.

I am working on a web DB where the user passwords are set using php code such as:

$newPWHash = password_hash($newPW, PASSWORD_BCRYPT);

and then written into the database using:

$sql = "update employees set pw_hash = :newpwhash where employee_id = :id";

That part is fine, and I get how that is working. However, now I am trying to go back in an change user passwords for a number of accounts I created, and I would prefer to do it using phpMyAdmin's SQL window. I have tried:

UPDATE  `table` SET  `pw_hash` = PASSWORD('test') WHERE `email_address` =  'myemail@email.com'

However, this doesn't seem to be generating the same password. All the other passwords have the $2$y structure, and the ones generated by the above are not.

How to get this to work?

Cœur
  • 37,241
  • 25
  • 195
  • 267
user1563247
  • 516
  • 1
  • 7
  • 20
  • 1
    `PASSWORD('test')` !== `password_hash('test', PASSWORD_BCRYPT)` – Federkun Dec 11 '16 at 10:18
  • Thats right its not the same. Write a User password change script. You will need one anyway – RiggsFolly Dec 11 '16 at 10:18
  • I have a user reset function that works, but it mails out the password to the user - since these are dummy accounts I basically just want to set a bunch of passwords manually - hence wanting to do it with PhPmyAdmin – user1563247 Dec 11 '16 at 10:37
  • @Federkun is there to use {PASSWORD('test')} in a way that would make it work in phpMyAdmin? – user1563247 Dec 11 '16 at 10:41
  • 1
    Possible duplicate of [How to use \`bcrypt\` algorithm within \`encrypt\` function in MySQL for verifying password?](http://stackoverflow.com/questions/20295778/how-to-use-bcrypt-algorithm-within-encrypt-function-in-mysql-for-verifying-p) – Federkun Dec 11 '16 at 10:42
  • 2
    My Workaround: Create a new acc using normal PHP method using a password you like. Then copy paste this HASHED password into which ever accounts you want to mess with using a simple UPDATE query. – RiggsFolly Dec 11 '16 at 10:51
  • @RiggsFolly - that works. Thanks for helping come up with a work around. – user1563247 Dec 11 '16 at 11:03

1 Answers1

1

Just to highlight that there is an answer for this now: My Workaround: Create a new acc using normal PHP method using a password you like. Then copy paste this HASHED password into which ever accounts you want to mess with using a simple UPDATE query. – RiggsFolly Dec 11 '16 at 10:51

user1563247
  • 516
  • 1
  • 7
  • 20