Index: user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.module,v retrieving revision 1.775 diff -u -F^f -r1.775 user.module --- user.module 24 Apr 2007 13:53:15 -0000 1.775 +++ user.module 24 Apr 2007 14:11:18 -0000 @@ -194,10 +194,11 @@ function user_save($account, $array = ar } // If the password changed, delete all open sessions and recreate - // the current one. + // the current one. Also, mark required password change as complete. if (isset($array['pass'])) { sess_destroy_uid($account->uid); sess_regenerate(); + unset($_SESSION['user_pw_change']); } // Refresh user object @@ -963,6 +964,13 @@ function user_menu() { function user_init() { drupal_add_css(drupal_get_path('module', 'user') .'/user.css', 'module'); + + global $user; + if ($user->uid && isset($_SESSION['user_pw_change']) && + $_SESSION['user_pw_change'] && arg(0) != 'user') { + drupal_set_message('Please change your password.', 'error'); + drupal_goto('user/'.$user->uid.'/edit'); + } } function user_current_load($arg) { @@ -1240,6 +1248,8 @@ function user_pass_reset($uid, $timestam db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $account->uid); // Now we can set the new user. $user = $account; + // Require the user to change his/her password. + $_SESSION['user_pw_change'] = 1; // And proceed with normal login, going to user page. $edit = array(); user_module_invoke('login', $edit, $user); @@ -1446,6 +1456,8 @@ function user_edit_form($uid, $edit, $re $form['account']['pass'] = array('#type' => 'password_confirm', '#description' => t('To change the current user password, enter the new password in both fields.'), '#size' => 25, + '#required' => (isset($_SESSION['user_pw_change']) && + $_SESSION['user_pw_change']), ); } elseif (!variable_get('user_email_verification', TRUE) || $admin) {