forgot password sending encyprted password by email

Hello,

I use the Security Assist wizard to create security pages. I chose crypt() as the encryption method.

Pages seem to be created properly including forgotpassword.php in the root directory and forgotpassword_email.php in the webassist/securityassist/email directory.

When I click on the "forgot password?" link on the login.php page, it sends an email like this:

----------------------
Password Information

Your username and password were requested from our website. They have been recovered and are listed below:

Username: user@domainname.com
Password: 53bqlujVVhk4A
------------------------------------------

The problem is, that is the encrypted password which, of course, the user cannot use to login, not that I would want that anyway, as I assume that the solution for forgetting an encrypted password would not be for the user to receive it by email, but to get a link to a page where he may reset it.

What do I have wrong that is causing the encrypted password to be sent and how can I have the user reset his password instead?

"webassist/security_assist/email/forgotpassword_email5.php"

1. Where do I configure this URL to include the domain, assuming this is indeed the proper destination for the user to receive in the email?

Appending that path to my domain name, I get a page that says this, in its entirety:
-----------------------------
Password Information

Your username and password were requested from our website. You will be required to re-set your password to gain access to the site. Please use the following link to access your password update. You may also copy and paste the following URL into your browser:

URL: [*return_url*]

----------------------------

Obviously, some configuration parameter is missing. I assumed that including the "forgotpassword.php" page in the SecurityAssist create pages wizard would have made this functional.

2. Am I neglecting something when using the wizard that keeps these pages from being properly configured or are there additional steps I need to take after using the wizard to properly configure these pages?

I consulted the online documentation, but found it unclear.

Thanks for any guidance.

when using encryption of the password column in the wizard, the pages created should not send the password in the email, it should send a link to a page to reset the password.

Please provide a Skype username or a US phone number and a good time to contact you when you will be in front of your computer and we will have an engineer contact you to resolve this issue over the phone.

We are available Monday - Friday from 9am - 4pm EST (except major U.S. holidays).

Thanks for the offer, Jason, but I've figured out the problem and the fix which I will describe should anybody else refer to this thread with the same problem.

Using the wizard multiple times to create security pages will result in subsequent files being named with a numerical suffix (register.php, register2.php and so on). While I had been deleting the previous files prior using the wizard again to avoid the numerical suffix, I was missing the fact that a new forgotpassword_email.php file was being added to the webassist directory (webassist/securityassist/emai/) each time I used the wizard, so I ending up having five forgotpassword_email.php files, each with an incremented numerical suffix.

Deleting those files (locally and on the server) and running the wizard again solved the problem. The forgot password link is now properly sending a link by email to the reset page.

ok, glad to hear it is working.