forgot password sending encyprted password by email
Hello,
I use the Security Assist wizard to create security pages. I chose crypt() as the encryption method.
Pages seem to be created properly including forgotpassword.php in the root directory and forgotpassword_email.php in the webassist/securityassist/email directory.
When I click on the "forgot password?" link on the login.php page, it sends an email like this:
----------------------
Password Information
Your username and password were requested from our website. They have been recovered and are listed below:
Username: user@domainname.com
Password: 53bqlujVVhk4A
------------------------------------------
The problem is, that is the encrypted password which, of course, the user cannot use to login, not that I would want that anyway, as I assume that the solution for forgetting an encrypted password would not be for the user to receive it by email, but to get a link to a page where he may reset it.
What do I have wrong that is causing the encrypted password to be sent and how can I have the user reset his password instead?
"webassist/security_assist/email/forgotpassword_email5.php"
1. Where do I configure this URL to include the domain, assuming this is indeed the proper destination for the user to receive in the email?
Appending that path to my domain name, I get a page that says this, in its entirety:
-----------------------------
Password Information
Your username and password were requested from our website. You will be required to re-set your password to gain access to the site. Please use the following link to access your password update. You may also copy and paste the following URL into your browser:
URL: [*return_url*]
----------------------------
Obviously, some configuration parameter is missing. I assumed that including the "forgotpassword.php" page in the SecurityAssist create pages wizard would have made this functional.
2. Am I neglecting something when using the wizard that keeps these pages from being properly configured or are there additional steps I need to take after using the wizard to properly configure these pages?
I consulted the online documentation, but found it unclear.
Thanks for any guidance.