Adding users directly from the database [UserFrosting 0.3.1]

Question

I want to add a number of test user accounts and it's a lot faster to do it directly from the Database.

There are a couple of fields that I cannot figure out:

1. secret_token: How do I generate this on the fly? Is it necessary? Can I copy it from other accounts?
2. password: Even though I have created some accounts the normal way (register page), with the same password, the password fields are different for each user. Therefore I assume it's not a simple copy/paste case (question also applies to changing a user's password from the DB).

Any insight appreciated, thank you.

Answer 1

secret_token is an md5 hash, and is created by the User::generateActivationToken() method. It is used for special account activities like email verification, password reset, and password creation for new accounts.

password is a 60-character salted hash generated by password_hash using the bcrypt function. Since the salt is randomly generated each time a password is created, it will be different from user to user, even if their plaintext passwords are exactly the same. Indeed, this is the purpose of using a salt.

If you are just setting up test accounts for development purposes, you can leave secret_token empty and use password_hash to generate passwords (perhaps by running a custom PHP script from the command line).

If you need to generate accounts in bulk for real users, you may want to set a secret_token but leave the password empty, generate a "password reset" event for each user, and then send them a password creation email so they can choose their own passwords. This is in fact what is done in the createUser controller method:

$data['password'] = "";

...

$user = new User($data);

...

$user->newEventPasswordReset();

You can see the code for newEventPasswordReset here.