I wanted to just have a password reset where I generated a password and then e-mailed it to the user. However, since I am encrypting the password I am having trouble sending a random password to the user and then using that same password to be stored in the DB after encryption.
Well I think I have a workaround that will take a little extra time/effort. I'll implement a password reset that:
1) Requires the user to input a new password that I can encrypt and easily e-mail the decrypted password to them
2) Add a personal security question that they choose the answer for and require it for all new registrants/existing registrants
3) Add a generic validation question to help stop SPAM bots
Thoughts? Is there an easier way to do this?