I would appreciate any advise with this little issue.
We have recently rebuilt our web site and the programmer decided to do it in PHP
He create a log in form that gives access to a user to a client area which has no confidential information but only descriptions of tours and hotels ( we are a tour operator )
In the past we have spent a lot of money developing a web based program in asp that automatically quotes and reserves all of our products. It is, of course, password protected.
I gave him at the time an .xls file and asked him to import all user names and passwords to his data base so that he could later create a link that would automatically open our quotation page in a new window without making the user log in twice
My problem now is that hes encrypted the passwords and I can not use them to auto fill the parameters required to open the quotation page which is the most important tool in our business.
I have asked him to remove the passwords encryption as there is no need for this level of security in our client area, It was more important to put our quotation page back on line.
Although he is following the right protocol, in our case, this password security is not helping our business he did not even create a reset password function. The bottom line is that I need to convince the boss of that.
Can anybody tell me if I am right, or and if there is any solution to this?
Here are the links to our website and to our quotation page.
Ps. Once they enter the quotation page, their password is encrypted and there is a session time out.