I suggest adding a new bit flag column to the table and only update
records that have that flag set to 0.
The password update query could set that flag to 1 so if you accidentally
run that template twice, you don't hash and salt salted hashes.
Step 1, back up the database.
On 3/7/13 11:02 AM, "Torrent Girl" <moniqueb...@gmail.com> wrote:
>
>>Here you go.
>>
>><Cfquery name="GetUserPasswords">
>>select memberid, password from users
>></cfquery>
>><cfoutput>#getUserPasswords.RecordCount#</cfoutput><!---Just to see how
>>many we have --->
>><Cfset salt = ''/>
>><cfset newpassword = ''/>
>><Cfset count = 0/>
>><cfloop query="GetUserPasswords">
>><cfset salt = generateSecretKey("DESEDE" )/>
>><Cfset newpassword = hash( hash(password[currentrow]) &
>>user.salt,"SHA-256","us-ascii")/>
>> <cfquery name="updateUser">
>>UPdate users set password = '#user.password#', salt = '#user.salt#'
>>where memberid = '#memberid[currentrow]#'
>> </cfquery>
>><Cfset salt= ''/>
>> <cfset newpassword = ''/>
>><Cfset count = count +1/>
>></cfloop>
>> and we changed <cfoutput>#count#</cfoutput>
>>
>>Again, you will want to change one account and test it to make sure that
>>your login routine will validate the password and login the user. Then
>>you
>>can just run this on the whole table, no muss no fuss. You won't have to
>>make the users change anything, their passwords will just be secure. You
>>will also have to come up with a Forgot Password routine, since the
>>passwords are irretrievable.
>>
>>Cheers,
>>
>>Rob
>>
>>
>
>
>Thank you!
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354874
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
