Unable to generate random password for a database

Hello everybody,
I am facing problem for create random unique password for every row. My idea is : I have a button and when i will click on that button then all password will be reseted and create unique password for every row. By my recent script all password is reset but all password is same but i want different password for every row. Please help me. I am providing you my code here :


<form action='ques-mng.php?do=submit&for=reset-all' method='post'>
<input type='submit' name='submit' value='Reset all password' class='btn btn-danger'>
</form>



if($do=='submit' and $for=='reset-all'){
$reset=rand();
mysql_query("UPDATE ques_ans_data SET rec_restriction='$reset' 
WHERE qa_id!=''");
echo "<meta http-equiv='refresh' content='0;url=ques-mng.php'>";
exit();
}

I want when that reset button will be pressed then all password will be reseted and all password will be different than another . Please help me if you know about this.

Thanks in advance :slight_smile:

You’re generating a random password, then you’re running one query to set every password to that random password, so they will all be the same. What you need is a query to select every record, get each row, generate the random password individually for each row, then assign it to the password. So roughly pseudo-code:

$result = mysql_query(“select * from ques_ans_data”)
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)
{
$pw = rand()
$res = mysql_query(“update ques_ans_data set rec_restriction=$pw where id = <your-record-id>”)
}

So you grab each record in turn, generate the password, then post it back into the record, then loop to the next record.

Since you’re giving only one value and updating all records with it, ofcourse all records are going to have same value. So either you do this in a loop or if you just want some random strings in your rows then this is much more efficient (instead of updating all rows one by one):


if( $do == 'submit' && $for == 'reset-all' ) {
    mysql_query( "UPDATE ques_ans_data SET rec_restriction = LEFT( MD5( RAND() ), 12 ) WHERE qa_id != ''" );
    echo "<meta http-equiv='refresh' content='0;url=ques-mng.php'>";
    exit();
}

Ah, I saw the mysql rand() function but hadn’t thought of the MD5 part as I’m beginning with this.

Although out of the scope of the OPs question, isn’t there a flaw in using the single query to set all the passwords to a random string, in that no-one would know what their password is? Using a loop would allow users to be emailed with their ‘random’ password so they can login and change it. I’m working on a site (my first PHP site) that will need user login control and reading up on how others do it.

You should never ever email passwords. One of the situations where you might need to batch reset passwords of user accounts is when you think your database(s) might have been compromised. In that situation, you reset passwords of all accounts and then email the users a unique link (usable only once) which they can use to reset the password themselves. That way passwords are not transmitted (by you) outside your app.

Yes, fair point. I hope I was thinking of self-generated user names rather than passwords when talking of email. But I recall now the massive password reset links I’ve had before.