I have a web project that I am rewriting for a customer, their old version was written using Java and we are rewriting it to use PHP and add some new features. The reasons for that aren't important, what I have encountered however, is that the passwords for all the users are stored in their plain text format in the MySQL database.

I've written the PHP code to store new user passwords and retrieve them by adding a pre and post random string, and then hashing them using MD5. What I need to do now is update the existing passwords and store their new versions in the database using this formula.

Is there a MySQL command I could hand write (it only needs to run this one time) that would iterate through the users in the table, retrieve their current passwords, and then store them using my MD5 formula? I've considered making a new temporary field, duplicating their passwords into that field, and then running the conversion, so if there is a problem I will still have their old password to match against (in case I should get the format wrong).

I realize I could reset all their passwords and have them log in when we launch the new site and reset their passwords, but the client would prefer that the users don't notice much of a change as we transition to the new system.

Sorry for the long winded question, hope someone might have a quick solution to this issue.

Greg