I have just completed the security assist wizard and the solution recepie tutorials and Security Assist does not seem to be working. I have come accross the ff errors.

1. When I fill in the registration form it always seems to fail and take me to the forgot password page.

2. On my users_EmailPW.php page, I followed the solution recepie tutorial exactly but ended up with the following server behaviors

ecart set session value (NewPW)
! update record (users) - red exclamation mark appeared.
Security Assist Email Password
Security Assist Email Password
Security Assist Email Password - 3 instances appeared.

So in a nutshell when I test the registration page (fill in details), it takes me to the login page correctly. When I try to log in, (it appears to fail) it takes me to the forgot password page. When I type my email and submit, it sends the encrpted password email instead of the unencrypted password. When I check my database the registered details are there with the encrypted password. However when i try to log in it always sends me to the forgot password page. I cannot figured out what is wrong as I followed the tutorial word for word.

Ok I managed to find out what is triggering the error. It works fine until I implement the solution recipie for encryption. The exact tutorial is "Setting Up Log In (Interactive Tutorial)" this is what appears to cause security assist to jump from login page to forgot password page, even though users are registered.

You are probably forgetting the step of encrypting the password when it is passed to the login authentication. If the information is incorrect, which it would be if not encrypted properly, then it goes to the forgot password page.

I have the exact same problem. Could you explain the solution in more detail.

Everything works fine untill I add the encryption.

Thanks

What is the exact problem?

Most likely you are trying to do something that isn't possible... like send the password in an email.

It isn't possible, because it is encrypted using a one-way encryption.

The solution is to instead send the user a link to a page where they can update their password, since you can't send them their password. That should be included in the tutorial if I'm not mistaken.