After the module forces a password change and the password is changed, it gives a message saying the changes have been saved. But, if I try to go anywhere else in the site, it prompts for a password change again, making the site inaccessible.

Comments

divan’s picture

I have the same problem. please help how to fix it

... I managed to restore the system in file swapping "global $ user;" with "$ user = new StdClass;", so when it enters again as dev system gave me an error, but at least let me get to the modules and uninstal problematic module

MohMag’s picture

I have same issue. In fact I force changed password for only one role to test, and not it is looping for every user, even for administrator user. I can not even login as administrator.

jvendryes’s picture

I'm also having this issue. What do we do?

dwalker51’s picture

I had to disable the module via drush to get back into my site.

drush dis force_password_change

I then did

drush pm-uninstall

This removed the tables from the database
I downloaded the module again

drush dl force_password_change

It seems that the problem occurs when you configure the module to force password change on first login, it does this for the admin and accepts the new password, but then requieres a new login again..., I have left this option disabled for the moment

kenmc’s picture

The problem stems from $pending_users[$account->uid] never being unset in the second conditional clause of force_password_change_user_update().

SweetTomato’s picture

Issue summary: View changes

Are others still having this issue? I am in an infinite change password loop like in #4 above "It seems that the problem occurs when you configure the module to force password change on first login, it does this for the admin and accepts the new password, but then requires a new login again." This is in Drupal 7.28 I believe.

sfcamil’s picture

Hy,

I have exact the same problem and I don't understand why. The problem is that is random not every user have this situation. That’s the big problem. I try with my account and everything is ok. But another user after his is forced to change the password every re-login it must to change the password again and again. Is the browser? No error messages in logs..... I don't understand….
If someone has an idea, how to get some logs or anything else …..

Thank you.

sfcamil’s picture

Just see that after the user input the password and click on submit button I just see a flip-flap of the page, just like drupal want to go somewhere but change the direction immediately. Something like that.
I look (debug) on function force_password_change_user_update function and I see the variable $destination is ‘node/1’ but after the user press the button to change pass it stay on the same page. Something goes wrong there but I don’t know what.
Commented the line $_REQUEST['destination'] = $destination; and the user stay in the same edit page but no more flip-flap of the page.
I want to see if something changes…….

Peters196’s picture

I had exactly the same problem. The administrator not being able to access his own website because of this infinite loop of password change requests is not fun!!
I know a little php but not enough to follow drupal modules in detail.
I did however find that display of the password request page was conditional on variable $redirect being TRUE (line 98 of force_password_change.module).
My solution: Find all references to '$redirect = TRUE' (lines 79 and 93) and change them to '$redirect = FALSE' and VOILA!! I got access to my website again.
Obviously this means that the whole module does absolutely nothing, but it does allow you to continue using your site until the author (or other drupal php expert) produces a proper solution, or for you to uninstall this module and get something which works!

mastersh4h’s picture

I enclosed the

$redirect = TRUE

statements on lines 79 and 93 in if statements to bypass the endless loop for admin accounts.

if (!(in_array('administrator', $user->roles))){
    //this "if" statement will bypass force password change for admins.
    $redirect = TRUE;
}
DevBeware’s picture

Assigned: Unassigned » DevBeware

Pour moi j'ai du verifier si l'utilisateur courant était devais bien changer le password ou pas.

Line : 79 and 93

if ($user->force_password_change){ 
	$redirect = TRUE ; 
} 
alex.xequals’s picture

Same problem here... installed this module because it looked like a quick and easy way to force users to change their password upon first login. Now user1, as well as all other users, are stuck in an infinite password reset loop. The whole site is locked up and no one can do anything and I have to go uninstall the module via the database.... fun times. Apparently this module is a better alternative but I'm yet to try it: https://www.drupal.org/project/password_policy

phubear’s picture

For those that have problems with this and are using the admin_menu module, I suggest looking at https://www.drupal.org/node/1897362#comment-11627731 for possible fix.

jaypan’s picture

Status: Active » Fixed

I believe this was caused by an ajax request issue, where ajax requests were being redirected to the account page for the user to change their password. I fixed this in another issue. If someone sees the problem again, please re-open, with steps to recreate the issue.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.