PHP random string for every PDO row

Question

I would like to create a random string for every row in my row for the field password - basically its a bulk password generator.

Unfortunately, when I hit the bulk reset button the passwords are reset to all the same string. I would like to have a different random string for each row.

Here is my code:

echo '<form method="post" action=""><input type="submit" name="bulk_password_reset" value="Bulk Password Reset" /></form>';
if (isset($_POST['bulk_password_reset'])) {
    $password = generateRandomString();
    while ($result = $sqlUpdate->fetch()) {
        $sqlUpdate = $dbh->prepare("UPDATE $tableName SET password = :password");
        $sqlUpdate-> execute(array(':password'=>$password));
        $sqlUpdate->execute();
        header('Location: su_password_reset.php');
    }
}

Here is my random string generator function:

//Generate random password
function generateRandomString($length = 10) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, strlen($characters) - 1)];
    }
    return $randomString;
}

What am I doing wrong please?

Answer 1

You should place $password = generateRandomString(); inside while loop, and also add WHERE condition (I assume, you have id in your table) to apply each UPDATE to only one row.

$sqlSelect = $dbh->query("SELECT id FROM $tableName"); // select ids where you want to change passwords
while ($result = $sqlSelect->fetch()) {
    $password = generateRandomString();
    $sqlUpdate = $dbh->prepare("UPDATE $tableName SET password = :password WHERE id = :id");
    $sqlUpdate->execute(array(':password'=>$password, ':id'=>$result['id']));
    header('Location: su_password_reset.php');
}

UPD I am no pretty sure about syntax, but this gives you an idea, what you need to do (select id for each row, generate password, then update password for this row only).

Answer 2

<?php
$password = generateRandomString(); // Move this inside your while loop
while ($result = $sqlUpdate->fetch())
{
    $password = generateRandomString(); // Like so...
}

// Change function generateRandomString($length = 10) {...} to...
function generateRandomString()
{
    return md5(rand().time());
}

And add a where clause to your update query.

Answer 3

This seems to be the problem:

UPDATE $tableName SET password = :password

You aren't specifying a WHERE clause in your UPDATE statement, so it is being applied to the entire column rather than a specific row.

Answer 4

Try moving your $password = generatRandomString() inside your while loop

while ($result = $sqlUpdate->fetch()) {
    $password = generateRandomString();
    $sqlUpdate = $dbh->prepare("UPDATE $tableName SET password = :password");
    $sqlUpdate-> execute(array(':password'=>$password));
    $sqlUpdate->execute();
    header('Location: su_password_reset.php');
}

Answer 5

Move this inside your while loop:

$password = generateRandomString();

Currently you're calculating the $password just once, then using that value for every row.

Additionally, your UPDATE clause isn't restricted to any matching criteria. Each cycle through the loop, you're updating every row in the table. You need to add a WHERE clause to restrict the update to that particular row.