Force Password Change on Initial Login and/or Forgot Password Re-login
Hello!
I've built a site where parents can login and view their children(s)' information. I built the pages using DataAssist, Security Assist & Validation Toolkit. The problem is that I built the pages with a simple "straight-through" login procedure (username/password match db records = successful login) before I knew that I was going to have to provide a "Forgot Password" feature and a "Force Password Change" on initial login.
I've followed the solution recipes for "forgot password" & "change password" & "email password" so those pages are built and connected together but i don't know how to control logging in / forcing password change within and around these pages.
Additionally, we've added a column to the user table that is "requirePW" that has an initial value of "Y" for all users.
This is what I have to accomplish and I'm at a total loss as to how to do it or whether or not Security Assist/Data Assist have these capabilities built into their features:
On initial login:
authenticate username/password and check requirePW value
if requirePW=Y then redirect to "force_chg_pwd.php"
here the user enters new password (2x), the password record gets updated, the requirePW value gets changed to N and the user is redirected to a "chg_pwd_success.php" page with a link that takes them to userProfile.php.
if requirePW= N then skip "force_chg_pwd.php" and go directly to "userProfile.php"
I'm not a PHP developer so I'm completely at a loss as to how to do this, even within the WA software. Any clues would be deeply appreciated!
I've toyed with header(Location...) and an if else statement written independently of WA extensions but i've hit deadends at every turn.
Client has suddenly asked for all of this to be working tomorrow so what I thought was going to be a "learning" project over a bit of time has turned into "must know now".
Help?
Thank you in advance for any assistance you can provide.
btw...i'm using DWCS4 on Windows XP and testing on my localhost with a copy of the real mysql database
coco