As the attached files show, this login system uses MD5 on clientside to encypt the password to prevent a clear text transmisson. A more secure login as it were. Currently this script stores the MD5 version of the plain text password. It is entirely possible to MD5 the already ecrypted password (double encryption, for all or a portion of the string). This is still not totally secure unless you run under SSL.
Pages include:
1. register.php --> registration with both clear and encrypted versions of the password. This is compared to the MD5 password on the server and if the client MD5 and the server MD5 match.
2. login.php --> does the login, also encrypts the password before sending it to the server
3. ep.php --> creates and emails a new temporary random password to the user's email account as set in the db
4. change_password.php --> forces the user to change the temp password the next time they log in.
Additional Files:
1. MD5.js --> is the js include file to do the encryption on the clientside
2. cust_info.sql --> is the table structure for the login table
3. conn.php --> holds the connection data and a function that gets passed the sql statement and returns the result.
