diff --git a/password_policy.module b/password_policy.module index 5e58ff1..d7281fd 100644 --- a/password_policy.module +++ b/password_policy.module @@ -33,10 +33,10 @@ function password_policy_init() { $account = user_load($user->uid); // Check password reset status and force a reset if needed. - $change_password_url = 'user/' . $account->uid . '/' . (module_exists('password_policy_password_tab') ? 'password' : 'edit/account'); - if ($account->force_password_change && $_GET['q'] != $change_password_url) { - // let users log out - if (current_path() != 'user/logout') { + $change_password_url = 'user/' . $account->uid . '/' . (module_exists('password_policy_password_tab') ? 'password' : 'edit'); + if (isset($account->force_password_change) && $account->force_password_change && $_GET['q'] != $change_password_url) { + // let users log out or change their password + if (current_path() != 'user/logout' || current_path() == 'user/' . $account->uid . '/edit') { drupal_set_message(t('Your password has expired. You must change your password to proceed on the site.'), 'error', FALSE); drupal_goto($change_password_url, array('query' => drupal_get_destination())); } @@ -284,7 +284,7 @@ function password_policy_user_update(&$edit, $account, $category) { // If the current user is being forced to change their password and is // changing their password, toggle the force_change field off. - if (isset($account->force_password_change) && $account->force_password_change && ($account->pass != $account->original->pass) && $user->uid == $account->uid) { + if ((!isset($edit['force_password_change']) || $edit['force_password_change'] == 0) && isset($edit['pass']) && $user->uid == $account->uid) { db_update('password_policy_force_change') ->fields(array( 'force_change' => 0, @@ -419,6 +419,8 @@ function password_policy_user_delete($account) { * Implements hook_form_alter(). */ function password_policy_form_alter(&$form, $form_state, $form_id) { + global $user; + switch ($form_id) { case 'user_profile_form': case 'user_register_form': @@ -439,7 +441,7 @@ function password_policy_form_alter(&$form, $form_state, $form_id) { $form['password_policy']['force_password_change'] = array( '#type' => 'checkbox', '#title' => t('Force password change on next login'), - '#default_value' => $force_change, + '#default_value' => $user->uid != $form['#user']->uid, ); } @@ -1031,7 +1033,7 @@ function _password_policy_block_account($account) { ->fetchField(); if ($blocked) { - db_query("UPDATE {password_policy_expiration} SET blocked = %d WHERE uid = :uid", time(), array(':uid' => $account->uid)); + db_query("UPDATE {password_policy_expiration} SET blocked = %d WHERE uid = :uid", array('%d' => time(), ':uid' => $account->uid)); } else { db_query("INSERT INTO {password_policy_expiration} (uid, blocked) VALUES (:uid, :blocked)", array(':uid' => $account->uid, ':blocked' => time())); diff --git a/tests/password_policy.test b/tests/password_policy.test index e2a0a5d..cae3932 100644 --- a/tests/password_policy.test +++ b/tests/password_policy.test @@ -472,7 +472,7 @@ class PasswordPolicyForcePasswordChangeTestCase extends DrupalWebTestCase { $edit = array( 'force_password_change' => 1, ); - $this->drupalPost("user/$admin->uid/edit/account", $edit, t('Save')); + $this->drupalPost("user/$admin->uid/edit", $edit, t('Save')); $this->assertRaw(t('The changes have been saved.'), t('Admin has queued account for password change.')); $this->assertNoRaw(t('Your password has expired. You must change your password to proceed on the site.'), t('Admin not initially prompted to change password.')); $this->drupalGet('node');