When importing members from another data source, ExpressionEngine utilizes a special XML format for member data:
<members> <member> <username>brettb</username> <screen_name>Brett Bretterson</screen_name> <password type="md5">653132ffd94b986bf2bb806b3c67d190</password> <email>firstname.lastname@example.org</email> </member> <member> <username>robr</username> <screen_name>Robert Robertson</screen_name> <password type="sha1">1b4395b877794a16a7f4db5747380dbaafc7ff18</password> <email>email@example.com</email> </member> </members>
The XML tags are identical to their database field counterparts from the exp_members table. All fields are allowed except for “unique_id”.
Important: The <member_id> tag will cause the import utility to overwrite any existing members with the same ID. It is generally recommended that you do not use a <member_id> tag, so when transferring users from one system to another, ExpressionEngine can automatically create new unique IDs for each member without overwriting any existing members.
There are a few tags common to every ExpressionEngine member XML file, as follows.
XML documents require a root tag surrounding all of the elements. For the ExpressionEngine member XML format, the required root tag is
Each XML element of your member data must be contained in a
<member></member> tag block.
There are three required tags to form a valid member element.
The <password> tag has a special attribute, type. This allows you to provide contextual information for the password.
“text” type passwords are plain text, unencrypted passwords. When importing members from an XML file, ExpressionEngine will automatically encrypt “text” type passwords for you before inserting them into the database. This allows you to keep existing passwords when importing member data from a third party application that does not store encrypted passwords.
“md5” passwords are those that have been encrypted with an RSA Data Security, Inc. MD5 Message-Digest Algorithm (md5) hash. [RFC1321]
“sha1” passwords are those that have been encrypted with a US Secure Hash Algorithm 1 (sha1) hash. [RFC3174]
Note: If you import encrypted passwords of one type and your ExpressionEngine installation was configured with a different type of encryption, the passwords will not work, and users will need to use the “Forgot Password” link to log in.