Sorry if I sounded confrontational, that was not my intention. I'm just having problems and felt that the tutorial was a bit misleading.
1) The tutorial does indeed state "Email new unencrypted password". That's the point.
The tutorial lists what it is going to teach. The whole point is to encrypt passwords. The preceding ones in the series talk of how to encrypt passwords.
The content summery of this particular tutorial states:
"Send password page:
Generate new unencrypted password
Update database with encrypted value
Email new unencrypted password".
Following the tutorial letter by letter it creates a new unencrypted password, enters that password into the database ENCRYPTED and then emails that password to the user (still encrypted even though the title of this is "Email new unencrypted password). I understand that it cannot send it unencrypted but right at the end it shows an example of the email received with the password UNENCRYPTED.
I'm sorry if you think I'm being awkward but I'm merely pointing out that this particular tutorial is a bit misleading.
Maybe we are talking about two different tutorials. This is the one I'm talking about 07_send_password.swf
Also you state "The tutorial covers scenarios where the password is not encrypted". I'm sorry but the tutorial does just the opposite of that. The whole series, in fact, is about encrypting passwords.
Sorry to be negative. Now I know for sure that it can't be done I shall have to think of another way.
My thoughts are to to place the new password into the database UNENCRYPTED. Send this to the user by email and provide a link to a new login page (only used for this) that is NOT set up to encryption. Then the user can login and from there immediately change their password to a new ENCRYPTED one.