Mass email users their unique passwords

Question

I have a database with 2k+ users and I want to send them their own passwords, but mass email it to them. The mass emailing can be done several ways, but the question is how to do it so each user gets his/her own unique password?

The user password is stored inside a field within a MySQL DB. And so does the email adress.

Appreciate any ideas.

You can't send single mail with different content.You have to send mail in a loop changing content as you want for each user. — Rikesh, Jan 23 '13 at 10:23
i agree with Rikesh and also i would suggest you to send the users a same message containing a link . the link will take them to the application page where they can get their current password — Hussain Akhtar Wahid 'Ghouri', Jan 23 '13 at 10:28

score 6 · Answer 1 · edited Jun 20 '20 at 09:12

6

I want to send them their own passwords

NOOOOOO please don't

Seee e.g. the Password policy hall of shame:

Storing passwords in PLAIN TEXT is NOT SAFE.

It's time to make online services clean up their act!

Also: plaintextoffenders.com - "Did you just email me back my own password?!"

Sending clear-text passwords via E-Mail is considered a really, really bad practice. Passwords should be hashed; all users should be able to get through E-Mail is a link to reset it.

To answer your question though, you'd have to walk through each record, and send a custom E-Mail to each customer. That can be resource intensive, and/or bring down the machine if there's too many messages at once, so you'd have to wait in between sending each bunch. You could also use a 3rd party service like MailChimp.

edited Jun 20 '20 at 09:12

Community

1
1

answered Jan 23 '13 at 10:22

Pekka

442,112
142
972
1,088

Thank you, however I'm aware of the risks, this is not a live website, it's a private project. and it doesn't matter how the password is sent out. – Johan Larsson Jan 23 '13 at 11:31
@Johan fair enough. In that case, you want to simply send out every message one by one.... your MailMerge idea is good as well, because that will presumably distribute the load a bit. Nice! – Pekka Jan 23 '13 at 11:54

score 1 · Answer 2 · answered Jan 23 '13 at 10:27

Whats wrong with this approach (pseudo-code):

$result = sql_query ("SELECT id, email, username, password FROM users"); // get all users

$mailer = new SomeMailer();
while ($row = sql_fetch_row($result)) {
    $mailer->AddRecipient($row['email']);
    $mailer->AddBody("Hey, here is you pass LOL: " . $row['password']);
    $mail->Send();
}

That is how you can do it generally, I'd advise you to take Pekka's advice seriously though. Sending passwords in plain-text is a big no-no.

Johan Larsson · Answer 3 · 2013-04-01T14:40:02.553

0

Well, I found the most flexible and easiest way to get this done is by using MailMerge inside MS WORD and then send out the messages.

Microsoft Word --> Mailings You have to extract the required data fields from the db and save them as an MS Excell file.

edited Apr 01 '13 at 14:40

answered Jan 23 '13 at 11:44

Johan Larsson

175
5
17

Mass email users their unique passwords

3 Answers3