forgot password with encryption (but without encryption, really)?

Hello all,
I almost completed my user registration pages with double opt-in but now I need to build the forgot password page.
Actually the password are not encrypted.
I don't want to send the password in plain text by email.
So, I'm looking at "email encrypted password" sb.
Can I use the "email encrypted password" sb with passwords that are not encrypted? it seems possible, looking at the email encrypted password interface.
But what I need to do in this case? Have I to build a page with a form (two fields: "new password" and "confirm new password") and update the database accorrdingly?

I would like that the user clicks the link in the email received using the forgot password sb and then go to a specific page where he can change the password.
Where can I find some little guidelines about this?
TIA
Tony

I went into your site with FTP access and updated the webassist/securityassist/helpwer_php.php file so it should be possible to use the encrypted password workflow without actual encryption.

Make sure to download and back up that file so it doesn't get overwritten.

Just to understand it better:
do the encryption encrypts the password in the database or it only encrypt the data in the email so that you cannot hijack it?
If it's the latter, that's fine to use the encryption. Have I to reset the websassist/security_assist/helper_php.php or it will just work with your updates?
TIA
tony

Thanks Ray,
the email goes out regularly now.
But the password return page doesn't work. It redirects because the lookup differs.
I attach here a screenshot of the forgot password return sb.
Have I to set it differently based on your modification to the forgot password page?
TIA
tony

For some reason the password encryption was still set to crypt on the page... line 22 had:
"passwordEncryption" => "crypt",

I updated that manually to:
"passwordEncryption" => "",

and it appears to stop the redirect and allow me to view the page.

Thanks Ray,
I really appreciate your help.
Just one last question: now that the redirect works I should create a recordset that filters the db by fp_id and add an UPDATE server behaviour, right?
Just out of curiosity: how can I encrypt the password in a standard insert record sb? is there a sb that helps here?
Thanks again for your help.
Tony

When you bind the column to a form field for an insert or update there is a "format" option where you can choose an encryption algorithm.

Yes, you can just filter a recordset with the fp_id and add an UPDATE server behavior.

Of course you need to decide before moving forward whether you will be encrypting the password or not on insert and update since it would be difficult to get the system to work when some but not all passwords are encrypted.

Thanks for the reply, Ray,
I can't see a format that allow me to encypt the password. There are only the standard formats provided by DW. I attach a screenshot for this.
And I agree with you: the entire workflow should "all encrypted" or "none encrypted".

It may have something to do with the foreign language version you are using. If you send me your version of the file:

Configuration/ServerFormats/PHP_MySQL/Formats.xml

It is in your users configuration folder and that is what populates the format list you are seeing. I may be able to add the missing format options manually and send it back to you.

here it is.
Thanks ray
Tony