XF 2.2 How to force a password reset on a large group of users?

dougdirac

dougdirac

Active member
I'm getting spam from older inactive accounts. Likely they reused the password somewhere. Is there a way for force a password reset on users that have been inactive for a a given amount of time?

If not in the ACP, then through a DB query?
 
Sort by date Sort by votes
you should be able to do it using batch update users manually. above addon is pretty useful to automate the process to do it regularly.

basically search for users who haven't logged on till x number of days. and then mark those accounts for reset password.
 
Upvote 0 Downvote
Chromaniac said:
you should be able to do it using batch update users manually. above addon is pretty useful to automate the process to do it regularly.

basically search for users who haven't logged on till x number of days. and then mark those accounts for reset password.
Click to expand...
Does that then send an email to all of them?
 
Upvote 0 Downvote
So it doesn't automatically send out an email?
That would be my preference.

What's the difference between "User must reset password" versus "User must change password"?
 
Upvote 0 Downvote
it is a bit confusing for me as well. i believe reset password would require user to have access to connected email account so this is better.

second option is more of a precautionary change like you just prefer if they would change their password. this would be kind of useless in case of hacked accounts.

Security | Manual | XenForo

End-user documentation for XenForo
xenforo.com xenforo.com

User must change password will force the user to enter their existing password and create a new, different password when they next log in to their account.

User must reset password forces the user to reset their password by responding to a message sent to their registered email address.
Click to expand...
 
Upvote 0 Downvote
Chromaniac said:
it is a bit confusing for me as well. i believe reset password would require user to have access to connected email account so this is better.

second option is more of a precautionary change like you just prefer if they would change their password. this would be kind of useless in case of hacked accounts.

Security | Manual | XenForo

End-user documentation for XenForo
xenforo.com xenforo.com
Click to expand...
Exactly, but no email is sent. To do so add them to a group then send the group an email.

eu1.webp

eu2.webp
 
Upvote 0 Downvote
dougdirac said:
So it doesn't automatically send out an email?
That would be my preference.

What's the difference between "User must reset password" versus "User must change password"?
Click to expand...
In my case, thousands of users had old/bounced emails. Mass emailing might be a bigger headache than it's worth.

I did a forced password reset to over 150k members in Aug 2021, and STILL get a user every week/two that is looking to log back in, but their email is no longer accessible. Those first couple weeks were non-stop. At the 6-month point, 25k users had reset their password.
 
Upvote 0 Downvote
dougdirac said:
Yeah, I specifically didn't want to send out a mass email. Just have an email triggered when/if they try to log in.
Click to expand...
That's exactly what happens, a password reset is automatically sent to their inbox WHEN they visit the site.

DO be sure that ALL accounts can use the "contact us"....XF fails at permissions when it comes to users that fall within the "security lock" parameters. I ended up with a dismissable notice with WHY their password no longer worked, and contact info should their email be no longer accessible.
 
Upvote 0 Downvote
woody said:
DO be sure that ALL accounts can use the "contact us"....XF fails at permissions when it comes to users that fall within the "security lock" parameters. I ended up with a dismissable notice with WHY their password no longer worked, and contact info should their email be no longer accessible.
Click to expand...
Hmm... so how do you do that? I do notice the Contact Us link doesn't work for accounts that got the reset. Also how do I show a notice to just locked accounts.
 
Upvote 0 Downvote
Script to set same password for specific user IDs. Modify as needed:

PHP: 
<?php

if (PHP_SAPI != 'cli')

{

   exit();

}

ignore_user_abort(true);



$dir = __DIR__;

require($dir . '/src/XF.php');



XF::start($dir);

$app = XF::setupApp('XF\Pub\App');



// Array of user IDs to update

$user_ids = [

    1, 2, ,3 ,4

];



// Password to set for all users

$newPassword = 'NEWPASS';



// Create log file

$logFile = __DIR__ . '/password_update_log_' . date('Y-m-d_H-i-s') . '.txt';

$log = fopen($logFile, 'w');



// Initialize counters

$successCount = 0;

$failCount = 0;

$notFoundCount = 0;



// Get users

$users = \XF::finder('XF:User')->whereIds($user_ids)->fetch();



foreach($users as $user)

{

    try {

        $auth = $user->getRelationOrDefault('Auth');

        $auth->setPassword($newPassword);

        $auth->save();

      

        $message = "SUCCESS: Password updated for user ID {$user->user_id} (Username: {$user->username})";

        echo $message . "\n";

        fwrite($log, $message . "\n");

        $successCount++;

    } catch (\Exception $e) {

        $message = "ERROR: Failed to update password for user ID {$user->user_id}: " . $e->getMessage();

        echo $message . "\n";

        fwrite($log, $message . "\n");

        $failCount++;

    }

}



// Write summary to log

$summary = "\nOperation Summary:\n";

$summary .= "Total users processed: " . count($user_ids) . "\n";

$summary .= "Successful updates: " . $successCount . "\n";

$summary .= "Failed updates: " . $failCount . "\n";

$summary .= "Operation Completed: " . date('Y-m-d H:i:s');



echo $summary;

fwrite($log, $summary);



// Close log file

fclose($log);
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

CZ Eddie
  • Question Question
XF 2.3 A password reset request has been emailed to you. Please follow the instructions in that email.
Replies
0
Views
23
CZ Eddie
CZ Eddie
shawn
  • Question Question
Errors during a password reset?
Replies
7
Views
1K
Mike
Mike
Back
Top Bottom