So I am making a basic log-in page. I have a good idea of what to do, but I'm still unsure of some things.

I have a database full of students and a password column of course. I know I'm going to use md5 encryption in that column. The student enters their e-mail and student ID, and they get e-mailed a password if correct.

But, where do I create the password? Do I have to manually add the password (which is just a randomly generated string) in mySQL to all the students? And I am suppose to send the password to the student; how will I know what to send the student if the password is encrypted?

I was thinking about generating the password when the student first enters their e-mail and student ID. They get an e-mail of the random string, and at the same time, I add the same random string to the database, encrypted.

Is that how it's suppose to work though? And it feels unsafe doing that all on the same page.

Sorry for the long-winded, newbish question. I find this all facisnating at the same time as well (AES and RSA encryption :O)