I am in the process of setting up a database for a website that will have many members. I know I can upload the basic information to preload the database, but what about the encrypted passwords.
Is there a way I can have the members send me their desired password, and I can encrypt it, place it in the data file before uploading?
Or is there a better way to get the initial password in the database?
Got it. Seems obvious, but I couldn’t see the trees…
I will just make a simple form with some verifications and email them an activation password (I will already have their email addresses). Once they login with the activation password, they will then change the password to what they want.
I would suspect most of the users would be reluctant to send you their intended password for obvious security reasons.
I think a better option would be to get them to register their username and password on your website. Don’t forget to salt the password before hashing it prior to adding it to your users table.
This is what I am thinking I will do, but I want to be sure I am thinking correctly.
I will generate a temp password and email it to the initial users, and set a "reset’ field in the database. (will also do this for forgotten passwords). When they login, I will check the ‘reset’ field and if it is set, direct them to the change password form. Once they complete the change password form, I will clear the ‘reset’ field.
Does this make sense, or is there an easier way to do this?