Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.849
diff -u -F^f -r1.849 user.module
--- modules/user/user.module 19 Sep 2007 18:00:52 -0000 1.849
+++ modules/user/user.module 26 Sep 2007 14:17:24 -0000
@@ -247,10 +247,11 @@ function user_save($account, $array = ar
}
// If the password changed, delete all open sessions and recreate
- // the current one.
+ // the current one. Also, mark required password change as complete.
if (!empty($array['pass'])) {
sess_destroy_uid($account->uid);
sess_regenerate();
+ unset($_SESSION['user_password_needs_change']);
}
// Refresh user object
@@ -500,7 +501,7 @@ function user_fields() {
* Implementation of hook_perm().
*/
function user_perm() {
- return array('administer access control', 'administer users', 'access user profiles', 'change own username');
+ return array('administer access control', 'administer users', 'access user profiles', 'change own username', 'skip required password change');
}
/**
@@ -1067,6 +1068,12 @@ function user_menu() {
function user_init() {
drupal_add_css(drupal_get_path('module', 'user') .'/user.css', 'module');
+
+ global $user;
+ if ($user->uid && !empty($_SESSION['user_password_needs_change']) && !(arg(0) == 'user' && arg(1) == $user->uid && arg(2) == 'edit')) {
+ drupal_set_message('Please change your password.', 'error');
+ drupal_goto('user/'. $user->uid .'/edit');
+ }
}
function user_current_load($arg) {
@@ -1293,6 +1300,7 @@ function user_edit_form(&$form_state, $u
'#title' => t('E-mail address'),
'#default_value' => $edit['mail'],
'#maxlength' => EMAIL_MAX_LENGTH,
+ '#description' => t('A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you request a new password or wish to receive certain news or notifications by e-mail.'),
'#description' => t('A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'),
'#required' => TRUE,
);
@@ -1300,6 +1308,7 @@ function user_edit_form(&$form_state, $u
$form['account']['pass'] = array('#type' => 'password_confirm',
'#description' => t('To change the current user password, enter the new password in both fields.'),
'#size' => 25,
+ '#required' => !empty($_SESSION['user_password_needs_change']),
);
}
elseif (!variable_get('user_email_verification', TRUE) || $admin) {
@@ -1462,11 +1471,11 @@ function _user_mail_text($key, $language
case 'register_no_approval_required_subject':
return t('Account details for !username at !site', $variables, $langcode);
case 'register_no_approval_required_body':
- return t("!username,\n\nThank you for registering at !site. You may now log in to !login_uri using the following username and password:\n\nusername: !username\npassword: !password\n\nYou may also log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\n\n-- !site team", $variables, $langcode);
+ return t("!username,\n\nThank you for registering at !site. You may now log in to !uri_brief by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be required to set your initial password.\n\n\n-- !site team", $variables, $langcode);
case 'register_admin_created_subject':
return t('An administrator created an account for you at !site', $variables, $langcode);
case 'register_admin_created_body':
- return t("!username,\n\nA site administrator at !site has created an account for you. You may now log in to !login_uri using the following username and password:\n\nusername: !username\npassword: !password\n\nYou may also log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\n\n-- !site team", $variables, $langcode);
+ return t("!username,\n\nA site administrator at !site has created an account for you. You may now log in to !uri_brief by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be required to set your initial password.\n\n\n-- !site team", $variables, $langcode);
case 'register_pending_approval_subject':
case 'pending_approval_admin_subject':
return t('Account details for !username at !site (pending admin approval)', $variables, $langcode);
@@ -1477,7 +1486,7 @@ function _user_mail_text($key, $language
case 'password_reset_subject':
return t('Replacement login information for !username at !site', $variables, $langcode);
case 'password_reset_body':
- return t("!username,\n\nA request to reset the password for your account has been made at !site.\n\nYou may now log in to !uri_brief clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once. It expires after one day and nothing will happen if it's not used.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.", $variables, $langcode);
+ return t("!username,\n\nA request to reset the password for your account has been made at !site.\n\nYou may now log in to !uri_brief by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once. It expires after one day and nothing will happen if it's not used.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.", $variables, $langcode);
case 'status_activated_subject':
return t('Account details for !username at !site (approved)', $variables, $langcode);
case 'status_activated_body':
@@ -2139,10 +2148,10 @@ function user_register_submit($form, &$f
$op = $notify ? 'register_admin_created' : 'register_no_approval_required';
_user_mail_notify($op, $account);
if ($notify) {
- drupal_set_message(t('Password and further instructions have been e-mailed to the new user %name.', array('@url' => url("user/$account->uid"), '%name' => $account->name)));
+ drupal_set_message(t('Password creation instructions have been e-mailed to the new user %name.', array('@url' => url("user/$account->uid"), '%name' => $account->name)));
}
else {
- drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.'));
+ drupal_set_message(t('Password creation instructions have been sent to your e-mail address.'));
$form_state['redirect'] = '';
return;
}
@@ -2150,7 +2159,7 @@ function user_register_submit($form, &$f
else {
// Create new user account, administrator approval required.
_user_mail_notify('register_pending_approval', $account);
- drupal_set_message(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.
In the meantime, your password and further instructions have been sent to your e-mail address.'));
+ drupal_set_message(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.
If your account is approved, password creation instructions will be sent to your e-mail address.'));
$form_state['redirect'] = '';
return;
Index: modules/user/user.pages.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.pages.inc,v
retrieving revision 1.1
diff -u -F^f -r1.1 user.pages.inc
--- modules/user/user.pages.inc 10 Sep 2007 13:14:38 -0000 1.1
+++ modules/user/user.pages.inc 26 Sep 2007 14:17:25 -0000
@@ -29,6 +29,7 @@ function user_autocomplete($string = '')
* @see user_pass_submit().
*/
function user_pass() {
+ $form['instructions'] = array('#value' => ''. t('Instructions on how to change your password will be sent to your e-mail address.') .'
');
$form['name'] = array(
'#type' => 'textfield',
'#title' => t('Username or e-mail address'),
@@ -36,7 +37,7 @@ function user_pass() {
'#maxlength' => max(USERNAME_MAX_LENGTH, EMAIL_MAX_LENGTH),
'#required' => TRUE,
);
- $form['submit'] = array('#type' => 'submit', '#value' => t('E-mail new password'));
+ $form['submit'] = array('#type' => 'submit', '#value' => t('E-mail instructions'));
return $form;
}
@@ -64,7 +65,7 @@ function user_pass_submit($form, &$form_
// Mail one time login URL and instructions using current language.
_user_mail_notify('password_reset', $account, $language);
watchdog('user', 'Password reset instructions mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail));
- drupal_set_message(t('Further instructions have been sent to your e-mail address.'));
+ drupal_set_message(t('Password creation instructions have been sent to your e-mail address.'));
$form_state['redirect'] = 'user';
return;
@@ -101,6 +102,11 @@ function user_pass_reset(&$form_state, $
db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $account->uid);
// Now we can set the new user.
$user = $account;
+ // Require the user to change his/her password unless they
+ // are special.
+ if (!user_access('skip required password change')) {
+ $_SESSION['user_password_needs_change'] = 1;
+ }
// And proceed with normal login, going to user page.
$edit = array();
user_module_invoke('login', $edit, $user);