SA1, admin retrieves or changes customers passwords

Hi,

I am at a fork in the middle of finishing this but I have an important question which will guide me one way or another and I hope for #1 way.

#1 - I have SA1, how can the admin change other users passwords if they are SHA1 encrypted? Can I set something up like the tutorial (05_update_page.swf) except maybe adding a link for each user in the (user_Results.php) created by DA so as an admin I can click change password for any user. I know the customer can do forgot email password; but some of the customers don't use email.

Currently:
-passwords are not encrypted
-email has not been set as unique value during registration process (because some customers don't have email)

Will setup if there is a way for #1:
-encrypt passwords
-email setup as unique value (#2 can we leave email blank during registration process if it's setup as unique to block duplicate entries?)


So my 2 questions are:

How to do #1
Is #2 possible

Thanks,
Ed

to have the admin change the password, you would use data assist to create pages for search results and update for the users table.

where the password is not encrypted, a strait data assist update page linked with a results page is all that is needed.


If you leave the email blank for some users, you cannot set the email column to be unique. it fail for the second blank email address since a blank one was already entered.

Hi,

I have a multiple step question below,

1. I do have the DA update page; however, if I update the password will it not be encrypted anymore in the database?

So would I encrypt the password in the registration page -> which sends encrypted password in the database table so I can't read it, -> then when I log in as Admin I can go to users_Results can click on update -> then on users_Update will it show me dots for the password field and can I just type over them or will it show the password unencrypted? Then if I change that password field, how can I have it send an encrypted new password to the database for that user?

2. Is there any ideas to make #2 work?

in the update record behavior, set the password column to use the SHA1 format.


It is not possible to make #2 work


the email cannot be unique, but allow blank values.

Ok I will give #1 a try. Thanks

For #2, if we do have a duplicate email address, what would happen when a user enters his email in the forgot password email box? Will he get both passwords?

One question regarding the profile page, how can I make a link for a customer to click to view his own profile. I know I need the parameter but don't know what to use? My session is called ID.

Thanks
Ed

if you have duplicate emails, only one message will be sent for the first record.


If the session name created by the login page is ID, create a recordset on the profile page that filters the user records on the ID session variable.

Nothing special needs to be done with the link, just filtering the recirdset on the session will pull up the logged in users information.