stevector
commented
8 years ago Hi @ptmkenny, what is the behavior you are expecting? This code is meant to remove the stored password hashes from the database and replace them with nearly unusable hashes. the purpose of this script is to prevent distribution of real users' password hashes.
It is conceivable that you could reverse engineer a usable password to enter for a user after this script ran, but that is not the intention. If you want to log in to a site after running this script you should run drush user-login.
ptmkenny
I may be doing it wrong, but the sanitization example does not seem to be correct for resetting the password on Drupal 7.
When I use the statement:
db_query("UPDATE users SET pass = MD5(CONCAT('MILDSECRET', name));");
And then try to log in, it won't accept the password. The sanitation script references this blog post, http://crackingdrupal.com/blog/greggles/creating-sanitized-drupal-database-dump#comment-164, which is dated to 2010, a year before Drupal 7 was released.
Can the example be updated to handle Drupal 7 as well?
EDIT:
The real goal here is to have a way to do basic DB sanitization (email addresses and passwords) in D7. It doesn't matter if it uses Drush or some other way, but I want to be able to log in as UID@localhost.com with password "password". (in other words, more or less the default behavior of drush sql-sanitize)