I suggest adding a new bit flag column to the table and only update records that have that flag set to 0.
The password update query could set that flag to 1 so if you accidentally run that template twice, you don't hash and salt salted hashes. Step 1, back up the database. On 3/7/13 11:02 AM, "Torrent Girl" <moniqueb...@gmail.com> wrote: > >>Here you go. >> >><Cfquery name="GetUserPasswords"> >>select memberid, password from users >></cfquery> >><cfoutput>#getUserPasswords.RecordCount#</cfoutput><!---Just to see how >>many we have ---> >><Cfset salt = ''/> >><cfset newpassword = ''/> >><Cfset count = 0/> >><cfloop query="GetUserPasswords"> >><cfset salt = generateSecretKey("DESEDE" )/> >><Cfset newpassword = hash( hash(password[currentrow]) & >>user.salt,"SHA-256","us-ascii")/> >> <cfquery name="updateUser"> >>UPdate users set password = '#user.password#', salt = '#user.salt#' >>where memberid = '#memberid[currentrow]#' >> </cfquery> >><Cfset salt= ''/> >> <cfset newpassword = ''/> >><Cfset count = count +1/> >></cfloop> >> and we changed <cfoutput>#count#</cfoutput> >> >>Again, you will want to change one account and test it to make sure that >>your login routine will validate the password and login the user. Then >>you >>can just run this on the whole table, no muss no fuss. You won't have to >>make the users change anything, their passwords will just be secure. You >>will also have to come up with a Forgot Password routine, since the >>passwords are irretrievable. >> >>Cheers, >> >>Rob >> >> > > >Thank you! > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354874 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm