Ugh - what a nightmare. All of the passwords that are in the database are hashed passwords. Is there no way that I can un-encrypt them to look at what they are? Do you have any other suggestions to how I can work with this password field?
"If you run the security assist wizard with MD5 encryption on the password field, it will create the correct style of forgot password page that sends a reset link instead of trying to send the password in the email. That might be a good way to just replace that page since your other pages are working now, back them up and don't use the wizard created pages for those."
I would run the SA wizard for forgotpassword.php only? Will it be able to interpret the field value so it can send it to them in an email? Is this what you are recommending? See screen print, please.