close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

forgot password with encryption (but without encryption, really)?

Thread began 1/08/2019 9:57 am by tony | Last modified 1/10/2019 12:34 pm by Ray Borduin | 53 views | 10 replies |

tony

forgot password with encryption (but without encryption, really)?

Hello all,
I almost completed my user registration pages with double opt-in but now I need to build the forgot password page.
Actually the password are not encrypted.
I don't want to send the password in plain text by email.
So, I'm looking at "email encrypted password" sb.
Can I use the "email encrypted password" sb with passwords that are not encrypted? it seems possible, looking at the email encrypted password interface.
But what I need to do in this case? Have I to build a page with a form (two fields: "new password" and "confirm new password") and update the database accorrdingly?

I would like that the user clicks the link in the email received using the forgot password sb and then go to a specific page where he can change the password.
Where can I find some little guidelines about this?
TIA
Tony

Sign in to reply to this post

Ray BorduinWebAssist

I went into your site with FTP access and updated the webassist/securityassist/helpwer_php.php file so it should be possible to use the encrypted password workflow without actual encryption.

Make sure to download and back up that file so it doesn't get overwritten.

Sign in to reply to this post

tony

Just to understand it better:
do the encryption encrypts the password in the database or it only encrypt the data in the email so that you cannot hijack it?
If it's the latter, that's fine to use the encryption. Have I to reset the websassist/security_assist/helper_php.php or it will just work with your updates?
TIA
tony

Sign in to reply to this post

tony

Thanks Ray,
the email goes out regularly now.
But the password return page doesn't work. It redirects because the lookup differs.
I attach here a screenshot of the forgot password return sb.
Have I to set it differently based on your modification to the forgot password page?
TIA
tony

Sign in to reply to this post

Ray BorduinWebAssist

For some reason the password encryption was still set to crypt on the page... line 22 had:
"passwordEncryption" => "crypt",

I updated that manually to:
"passwordEncryption" => "",

and it appears to stop the redirect and allow me to view the page.

Sign in to reply to this post

tony

Thanks Ray,
I really appreciate your help.
Just one last question: now that the redirect works I should create a recordset that filters the db by fp_id and add an UPDATE server behaviour, right?
Just out of curiosity: how can I encrypt the password in a standard insert record sb? is there a sb that helps here?
Thanks again for your help.
Tony

Sign in to reply to this post

Ray BorduinWebAssist

When you bind the column to a form field for an insert or update there is a "format" option where you can choose an encryption algorithm.

Yes, you can just filter a recordset with the fp_id and add an UPDATE server behavior.

Of course you need to decide before moving forward whether you will be encrypting the password or not on insert and update since it would be difficult to get the system to work when some but not all passwords are encrypted.

Sign in to reply to this post

tony

Thanks for the reply, Ray,
I can't see a format that allow me to encypt the password. There are only the standard formats provided by DW. I attach a screenshot for this.
And I agree with you: the entire workflow should "all encrypted" or "none encrypted".

Sign in to reply to this post

Ray BorduinWebAssist

It may have something to do with the foreign language version you are using. If you send me your version of the file:

Configuration/ServerFormats/PHP_MySQL/Formats.xml

It is in your users configuration folder and that is what populates the format list you are seeing. I may be able to add the missing format options manually and send it back to you.

Sign in to reply to this post

tony

here it is.
Thanks ray
Tony

Attached Files
Formats.zip
Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...