User directed reset of password

[kotinkarwak]

Hi,
When utilizing internal security as provided to make use of user roles etc, wondered, how a defined user can amend their own password. The idea is to have a "profile" page available for the users where they can provide extra information like e-mail address to be saved to a database (external resource) whilst also being able to change their current password.

[Segi]

hey there kotinkarwak,

I have a page like this on our internal network and it should be relatively easy to do this.

I'm assuming that you are using the same database table that you had used to verify the user.

First off, are your login credentials (password specifically) stored in plain text in the database ?

If not, I would highly recommend encrypting it. Check out this site on using AES encryption in MySQL:

https://dev.mysql.com/doc/refman/5.5/en ... tions.html

Once the user logs in you can create a form with an email address field and password field. The password field can be set to password type so it will automatically insert * as the user types characters into it.

When the user clicks on a submit button, you would map the fields to the USERS table resource and call tables.USERS.updateTable()

[kotinkarwak]

I am hoping to use the external database option we worked on but also neede to know for the internal one how password reset is meant to be implemented.

For the external db, I have created a form with the relevant fields, password/confirm being set to type as appropriate. These are fields but did you mean I should be working from a table that points to the database and mapped as the form controls?
Will read up on securing the database as suggested.

A query already in my mind. Once encrypted, will the routine to compare the passwords need to change?

[Segi]

The way that you'd implement is by creating a new form called profile and import the USERS database resource. drag the password field and add a submit button then call tables.USERS.updateTable()