By richard007 on

Hi all

I have seen this mentioned a quite a few threads, but not answered.

I have imported a large number of users into the database and have given them a generic password.

I want to be able to force a password change when they first log in. Is there a module or some code that would allow a 6.1 installation to manage this?

Many thanks

Richard

Categories: Drupal 6.x

Comments

j4h8’s picture

j4h8 commented

Hi,
have you found a solution to your problem? I am looking exactly for the same tool.
It does not have to be ready for 6.x as the project's on 5.7.

Otherwise I will have to assemble something myself, probably using a combination of
http://drupal.org/project/login_destination and
http://drupal.org/project/profile_enforcer

Thanks in advance,
Jutta

takinola’s picture

takinola commented

See http://drupal.org/node/245209#comment-1158442

waltWright’s picture

waltWright commented

There must be a huge demand for first time password change.

hillaryneaf’s picture

hillaryneaf commented

subscribing...

clau_bolson’s picture

clau_bolson commented

http://drupal.org/node/75924

but meanwhile, is there a patch to apply for D6?
(patches in that thread are for D5, I guess)

just to add "required" in password field when editing a user (coming from "one time login") would be nice.

clau_bolson’s picture

clau_bolson commented

With a little help from Fubar ThePanda, starting with http://drupal.org/node/245209 :

- a. Adding a hidden field to Profile for "verification".

- b. Adding a PHP snippet to LoginDestination which checks for the presence of "verification" and, if not found, adds the field and redirects the user to the first time login page. If it is found, then redirects the user to the regular home page.

My adding:
In PHP snippet I ERASED THE PASSWORD

Then I redirect to a page that says "must change passwords - click here to continue" with a button that takes the user to the edit page.

Yes, the can exit this page without changing the password - but they will have to require a one-time login by mail to enter again. *They have been warned*

Other way is to create a custom "change password" page (easy to do), they can exit this page and re-enter with their old password, that is why I erase it.

3cwebdev’s picture

3cwebdev commented

Would you mind posting the snippets that you used to get this to work? I am trying to achieve the same thing, erasing the password and all.

Thanks for you help!

The Cosmic Gift | Complete Computer Care | Team Hope

clau_bolson’s picture

clau_bolson commented

Ok, so this is what *I* did

- Enabled "Profile" module

- In profile configuration, I added a new field called "verification"

- I *manually* created the users in "users" table.
Supposing you want to add a user called "myuser" with password "mypassword":

INSERT INTO users (name, pass, created, status) VALUES ('myuser',md5('mypassword'),unix_timestamp(now),'1');

- I installed Login Destination module

- This is the snippet in Login Destination - again, credit goes to Fubar thePanda for his help

global $user;
//if user is admin go to administration page
if ($user->uid == 1) {
  return 'admin';

} else {
  // Check to see if previous profile_login_verification exists
  $count = db_result(db_query("SELECT count(uid) FROM profile_values WHERE uid = '$user->uid'"));
  if ($count > 0) {

//if user has already login once return to the referring page
$referrer = strtolower($_SERVER["HTTP_REFERER"]);
return $referrer;

  } else {
//insert a field showing that the user has login
$uid=$user->uid;
$pag='user/'.$uid.'/edit';
    db_query("INSERT INTO {profile_values} (fid, uid) VALUES ('1', '$uid')");
//erase the password
    db_query("UPDATE {users} SET pass='' WHERE uid='$uid'");
//go to edit page
    return '?q=user/$uid/edit'; //can be a custom page also, edit page let the user leave without setting a new password
  }
}
amariotti’s picture

amariotti commented

I wanted to just force the users to go to their user edit screen, and also be able to recognize the admin and here's my snippet:

global $user;
if ($user->uid == 1) {
  return 'admin';
}
 else {
$uid=$user->uid;
    return 'user/' . $uid . '/edit';
}

I fixed the return statement so that it would actually get the correct uid variable. Hope this helps someone!

ilo’s picture

ilo commented

in the login_security module if you are interested. would anyone create the appropiate issue?

jaypan’s picture

jaypan
Location Victoria, BC
commented

I just created the Force Password Change module that will force users to change their password immediately, or upon their next login. It also contains a setting to require new users to change their password on first login.

Contact me to contract me for D7 -> D10/11 migrations.

deekayen’s picture

deekayen commented

This feature request was from a rather old issue to Password Policy at #292166: force password change on next login. Force Password Change is now merged into Password Policy.

Drupa1ish’s picture

Drupa1ish commented

ForcePassword Change is not merged. The real situation explained at #771130-1: Deprecate as duplicate functionality in password policy

Drupalish by EuroDomenii

account169’s picture

account169 commented

There must be a huge demand for the first time to change the password.go