close ad
Install the LAtest Updates to Work with CC 2017 and CC 2018
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Forgot password page emails encrypted password.

Thread began 4/12/2010 9:30 pm by dan361748 | Last modified 4/27/2010 3:41 pm by Eric Mittman | 1826 views | 7 replies |

dan361748

Forgot password page emails encrypted password.

Hi - I'm sure I've done something simple to mess this up.

I've created a forgot password page using the solution recipe. The new password session value is being used by the update record correctly and it looks like the password is being stored in the DB. Also the password is encrypted.

The forgot password page sends the email but the password in the email is encrypted as well. It should show the random password generated.

Should the email password value somehow be set to the session value and not the database one?

Thanks

Sign in to reply to this post

Eric Mittman

You are exactly rite on this, the emailed password should be the non encrypted password held in the session variable where you set the random password. If you have any trouble updating this post back with the forgot password page in question.

Sign in to reply to this post

Lee Firth

I am having a similar problem. The returned password is encrypted. I haven't used the random password data binding though, preferring to allow the user to enter their own password rather than a randomly generated one. Is this required for encrypted passwords?

Sign in to reply to this post

Eric Mittman

You can have the user enter their own password so long as you can identify the user and confirm that they are updating their password.

When do you encrypt the password and what is the value in the email that you have for the password? If the user is entering the password then the unencrypted version should be in the posted password element. You can reference this value directly in the email or save it to a session variable first then reference it in the email.

You still want to ensure that you store the password in the db encrypted though. Post back with the pages in question if you have any further trouble with this.

Sign in to reply to this post

Lee Firth

Am I to understand that the forgot password procedure actually creates a new one in the DB and emails that to the user?

Ok I probably need help with the workflow here. This is what needs to happen.

1. The initial user is created by an administrator, not the user himself. A random password is generated, but the administrator has the ability to change the password at the time the user record is generated. This part is done already.

2. User email address is a required field when adding the user record so I would now like an email to be automaticaly sent to the added user with their username and password.

3. The ability for the user to change his password to something he can remember a little easier if he wants to.

4. The ability for the user to have his existing password emailed to him.

Sign in to reply to this post

Eric Mittman

You are correct in your understanding of the new password, it is generated the stored in the db. The user gets the original unencrypted value sent to them in the email.

So when you are adding the user you can have the password that was entered stored in a session variable, then when the user is inserted you would send out the email to the user with their details. For the password you would use the unencrypted version held in the session variable.

In order for the user to change their password they would either need to be logged in already, or go to a forgot password page that will generate a new random password and email it to the user.

If you store the passwords in an encrypted format you will not have the ability to email the password to the user, you would need a forgot password page that resets the user's password to a random value and emails them with that.

Sign in to reply to this post

Lee Firth

Thanks for the explanation Eric, I have a better idea of how it should work now.

Sign in to reply to this post

Eric Mittman

Your welcome, let us know if you have any other questions.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...