XF 2.0 Bulk password rest, how?

[mikez006]

Our database (Vbulletin 4) was leaked in 2016 that contained the encrypted passwords.

Recently someone must have unencrypted them and is using bots with dynamic IPs to log into hundreds of old inactive accounts. Even though they can login, they need the security code sent to the email so in most cases they're unable to use the account anyway.

I did a force password reset in 2016 so when someone logged in, they were forced to change the password through email. However if someone never logged in, the password was never changed.

Using the 'batch update users' feature, I want to do a password change for all members that meet certain criteria.
/admin.php?users/batch-update

This would simply change their password to something random for each member. No emails need to be sent. If they ever come back then can just do a normal password reset.

Is there any addon or built in XF2 feature that does this?

 

[ProCom]

Also looking for a way to batch-update a specific set of user's passwords... either setting to something random and/or forcing a password reset request email.

Even if there was a SQL query update that would alter the passwords for a certain subset of users?

 

[Xon]

This script will reset the password for everyone who has an email address with gmail.com;

<?php
if (PHP_SAPI != 'cli')
{
   exit();
}
ignore_user_abort(true);

$dir = __DIR__;
require($dir . '/src/XF.php');

XF::start($dir);
$app = XF::setupApp('XF\Pub\App');

$users = \XF::finder('XF:User')->where('email', 'like', '%@gmail.com')->fetch();
foreach($users as $user)
{
   $auth = $user->getRelationOrDefault('Auth');
   $auth->resetPassword();
   $auth->save();
}

Be very careful as this does no backups, loads all the users at once, and probably will require a lot of memory. Also requires running from the web-root unless modified