forgot password with encryption (but without encryption, really)?
I almost completed my user registration pages with double opt-in but now I need to build the forgot password page.
Actually the password are not encrypted.
I don't want to send the password in plain text by email.
So, I'm looking at "email encrypted password" sb.
Can I use the "email encrypted password" sb with passwords that are not encrypted? it seems possible, looking at the email encrypted password interface.
But what I need to do in this case? Have I to build a page with a form (two fields: "new password" and "confirm new password") and update the database accorrdingly?
I would like that the user clicks the link in the email received using the forgot password sb and then go to a specific page where he can change the password.
Where can I find some little guidelines about this?