Few security questions.
I am trying to make custom login and forgot_email pages.
So far they kind work.
This is how it all works, so you understand what I have.
1. The admin is the only person who puts users into this private site. On this form, there is a hidden field that inserts a random password, SHA1, every time the form is submitted. This works.
2. At this point I would like to have an email sent to the user that was just entered into the DB... not sure how to do this yet.
3. The login form is email / password, and the password is SHA1. This works.
4. If a user forgets password, I would like to generate a new one and email it. This kinda works.
I followed this tutorial: 07_send_password.swf But I run into an issue, I don't have an option to encrypt the new one. In the Update records Wizard, I only have data types of:
text, numeric, date, date ms access, and various checkbox types.
How can I go about emailing the unencrypted password, and also, at the same time, encrypt it into the DB?
Once I understand how to do this, I can then apply the same functionality for step 2.
thanks