I want to import several hundred users into their website.

A test import shows the Passwords, Salt and PasswordEncryption as NULL in the database. Along with all the locale, date/time formats etc.

Is there any risks or issues with this approach?

Will the users be able to easily reset their passwords via the "forgot password" link? I'm testing on a local machine that doesn't have a mail server setup on it so can't test this.

Just to follow up on this. I've installed Test Mail Server Tool to catch outgoing mail from my local web server.

I cannot reset the password because it says "Your current password does not match, please try again" - and the password is NULL so I cannot enter it.

Hi Tama,

depends where you get the user data from you'll need either the original password or an idea how to encode the password to match the password hash.

How did you import the users? A custom import script or a built in function?

I once imported users from another framework and wrote a password encryptor to match the old hash. A changed password used the default silverstripe encryption. Pretty simple to solve with silverstripe.

Thanks wmk

The users I'm wanting to import don't have passwords. So I need a way of users being able to reset their passwords via email links.

I'm wondering if randomly generating password/salt keys would allow the normal "forgot password" to work?

I'm wondering if randomly generating password/salt keys would allow the normal "forgot password" to work?

Yes, I'm doing this. If there is no registration form, I usually set up my users with some random passwords and then I tell them to use the "forgot password" link to choose a password for themselves.

Thank you Devlin - I think I'll take this route.

Out of interest are you generating the random passwords in code (BeforeWrite) or just filling a spreadsheet with random strings?

I usually just use simple BuildTask.

Something like:

class MyBuildTask extends BuildTask {

	protected $enabled = true;
	
	function run($request) {
		// Could be a CSV too
		$emails = array(
			'test@test.de'
		);
		foreach($emails AS $email) {
			$generator = new RandomGenerator();
			$member = new Member();
			$member->Email = $email;
			$member->Password = $generator->randomToken();  // cleartext password; encryption is done in onBeforeWrite()
			$member->write();
			$member->addToGroupByCode('content-authors');
		}
	}

}

Great Devlin. Here's my solution:

class PopulateBlankPasswords extends BuildTask {

  protected $title = 'Populate Blank Passwords';
  protected $description = 'Randomly assigns passwords to users with no password. Run after user import from CSV';
  protected $enabled = true;

  function run($request) {
    $this->populatePasswords();
  }

  function populatePasswords() {
    $BlankPasswords = Member::get()->where('Password is NULL');
    $count = 0;
    if ($BlankPasswords && !empty($BlankPasswords)) {

      foreach ($BlankPasswords as $BlankPasswordMember) {
        $Password = //Random Password Generated
        $BlankPasswordMember->Password = $Password;
        $BlankPasswordMember->write();
        
        $count++;
      }
      
      echo "<br /><br /><strong>{$count} Blank passwords replaced with random passwords...</strong><br />";
    } else
      echo 'No blank passwords found...';
  }

}

Does anyone know the maximum length for a password in Silverstripe?

And on an unrelated note how did Devlin get his code to indent?