Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.As an administrator, if you create a new user with the "Force password change on first-time login" option enabled, they are presented with the "Enter current password" field. If the user doesn't know the password you created for them in the first place, they get stuck in a loop of resetting their password.
Put this code in a custom module to remove the "current password" field and let them simply change it.
<?php
/**
* Implement hook_form_FORM_ID_alter
*/
function hook_form_user_profile_form_alter(&$form, &$form_state) {
// An issue exists with force_password_change module, where when users are
// created with the "Force password change on first login" option enabled,
// they must enter their current password to change it (which they don't have).
if (module_exists('force_password_change')) {
if (force_password_change_check()) {
unset($form['account']['current_pass_required_values']);
unset($form['account']['current_pass']);
}
}
}
?>
Comments
Comment #1
masu0105 commentedHi!
I also had an issue with this. I have tried the solution you discribe here but that gives me a problem in the user_validate_current_password() function in wich i get an invalid argument for the foreach loop. So what i had to do was also remove that validator.
Comment #2
jaypanRemoving the current password field is a security risk, and therefore I won't be adding any code that removes it. So to create a fix for this problem, I made the description for the current password field read 'Enter your current password to change the E-mail address or Password. If you do not know your current password, you can [request a new password].', where [request a new password] is a link to the password reset page. I also allowed access to this page, even when a user is under a force password change requirement. This will be part of the upcoming 7.x-2.x release.