I have just added a null password field to a mysql table using this code:
ALTER TABLE `mytable` ADD `password` VARCHAR( 25 ) AFTER `ClientEmail`
Now that the password field is in the table I want to populate those null fields with a password of some sort. What is the proper method of populating the fields with randomly chosen passwords which are different for each of the records? After the passwords have been written to the table, I intend to email each record in the table to advise them of their newly created password (and then of course give them an opportunity to create their own, but that’s a separate issue).
Thank you.
I generally create a string of characters that I deem are valid password characters. I then use rand() with substr() in a loop to create the random password, one character at a time.
Then, once you have the password, you send a HTTPS link to the customer via email that allows them to “pick up” the password for a limited time.
After you let the user change their password, you should store just the hash of the password in the database.
Of course, this could be simplified by removing the password and just use the unique link, and require them to set the password when they click on the secure link.