Force users to change password on first login
richard007 - March 7, 2008 - 13:57
Hi all
I have seen this mentioned a quite a few threads, but not answered.
I have imported a large number of users into the database and have given them a generic password.
I want to be able to force a password change when they first log in. Is there a module or some code that would allow a 6.1 installation to manage this?
Many thanks
Richard
I am looking for the same
Hi,
have you found a solution to your problem? I am looking exactly for the same tool.
It does not have to be ready for 6.x as the project's on 5.7.
Otherwise I will have to assemble something myself, probably using a combination of
http://drupal.org/project/login_destination and
http://drupal.org/project/profile_enforcer
Thanks in advance,
Jutta
Solution to your problem here
See http://drupal.org/node/245209#comment-1158442
Hoping for the same...
There must be a huge demand for first time password change.
subscribing...
subscribing...
They will fix it in D7
http://drupal.org/node/75924
but meanwhile, is there a patch to apply for D6?
(patches in that thread are for D5, I guess)
just to add "required" in password field when editing a user (coming from "one time login") would be nice.
Did it - well, sort of
With a little help from Fubar ThePanda, starting with http://drupal.org/node/245209 :
My adding:
In PHP snippet I ERASED THE PASSWORD
Then I redirect to a page that says "must change passwords - click here to continue" with a button that takes the user to the edit page.
Yes, the can exit this page without changing the password - but they will have to require a one-time login by mail to enter again. *They have been warned*
Other way is to create a custom "change password" page (easy to do), they can exit this page and re-enter with their old password, that is why I erase it.
Could you supply the snippets?
Would you mind posting the snippets that you used to get this to work? I am trying to achieve the same thing, erasing the password and all.
Thanks for you help!
The Cosmic Gift | Complete Computer Care | Team Hope
Snippets
Ok, so this is what *I* did
- Enabled "Profile" module
- In profile configuration, I added a new field called "verification"
- I *manually* created the users in "users" table.
Supposing you want to add a user called "myuser" with password "mypassword":
INSERT INTO users (name, pass, created, status) VALUES ('myuser',md5('mypassword'),unix_timestamp(now),'1');- I installed Login Destination module
- This is the snippet in Login Destination - again, credit goes to Fubar thePanda for his help
global $user;
//if user is admin go to administration page
if ($user->uid == 1) {
return 'admin';
} else {
// Check to see if previous profile_login_verification exists
$count = db_result(db_query("SELECT count(uid) FROM profile_values WHERE uid = '$user->uid'"));
if ($count > 0) {
//if user has already login once return to the referring page
$referrer = strtolower($_SERVER["HTTP_REFERER"]);
return $referrer;
} else {
//insert a field showing that the user has login
$uid=$user->uid;
$pag='user/'.$uid.'/edit';
db_query("INSERT INTO {profile_values} (fid, uid) VALUES ('1', '$uid')");
//erase the password
db_query("UPDATE {users} SET pass='' WHERE uid='$uid'");
//go to edit page
return '?q=user/$uid/edit'; //can be a custom page also, edit page let the user leave without setting a new password
}
}
This feature could be introduced
in the login_security module if you are interested. would anyone create the appropiate issue?