Community & Support
Support » Post installation

Force users to change password on first login

Posted by richard007 on March 7, 2008 at 1:57pm

Hi all

I have seen this mentioned a quite a few threads, but not answered.

I have imported a large number of users into the database and have given them a generic password.

I want to be able to force a password change when they first log in. Is there a module or some code that would allow a 6.1 installation to manage this?

Many thanks

Richard

Login or register to post comments Categories: ,

Comments

I am looking for the same

Posted by j4h8 on April 4, 2008 at 1:16pm

Hi,
have you found a solution to your problem? I am looking exactly for the same tool.
It does not have to be ready for 6.x as the project's on 5.7.

Otherwise I will have to assemble something myself, probably using a combination of
http://drupal.org/project/login_destination and
http://drupal.org/project/profile_enforcer

Thanks in advance,
Jutta

Solution to your problem here

Posted by takinola on December 16, 2008 at 10:52pm

See http://drupal.org/node/245209#comment-1158442

Hoping for the same...

Posted by waltWright on May 4, 2008 at 4:19pm

There must be a huge demand for first time password change.

Walt

subscribing...

Posted by nektir on May 29, 2008 at 9:25pm

subscribing...

They will fix it in D7

Posted by clau_bolson on September 5, 2008 at 5:19pm

http://drupal.org/node/75924

but meanwhile, is there a patch to apply for D6?
(patches in that thread are for D5, I guess)

just to add "required" in password field when editing a user (coming from "one time login") would be nice.

Did it - well, sort of

Posted by clau_bolson on September 9, 2008 at 1:19am

With a little help from Fubar ThePanda, starting with http://drupal.org/node/245209 :

- a. Adding a hidden field to Profile for "verification".

- b. Adding a PHP snippet to LoginDestination which checks for the presence of "verification" and, if not found, adds the field and redirects the user to the first time login page. If it is found, then redirects the user to the regular home page.

My adding:
In PHP snippet I ERASED THE PASSWORD

Then I redirect to a page that says "must change passwords - click here to continue" with a button that takes the user to the edit page.

Yes, the can exit this page without changing the password - but they will have to require a one-time login by mail to enter again. *They have been warned*

Other way is to create a custom "change password" page (easy to do), they can exit this page and re-enter with their old password, that is why I erase it.

Could you supply the snippets?

Posted by setfree on October 2, 2008 at 8:22pm

Would you mind posting the snippets that you used to get this to work? I am trying to achieve the same thing, erasing the password and all.

Thanks for you help!

The Cosmic Gift | Complete Computer Care | Team Hope

Complete Computer Care

Snippets

Posted by clau_bolson on October 11, 2008 at 4:06pm

Ok, so this is what *I* did

- Enabled "Profile" module

- In profile configuration, I added a new field called "verification"

- I *manually* created the users in "users" table.
Supposing you want to add a user called "myuser" with password "mypassword":

INSERT INTO users (name, pass, created, status) VALUES ('myuser',md5('mypassword'),unix_timestamp(now),'1');

- I installed Login Destination module

- This is the snippet in Login Destination - again, credit goes to Fubar thePanda for his help

global $user;
//if user is admin go to administration page
if ($user->uid == 1) {
  return 'admin';

} else {
  // Check to see if previous profile_login_verification exists
  $count = db_result(db_query("SELECT count(uid) FROM profile_values WHERE uid = '$user->uid'"));
  if ($count > 0) {

//if user has already login once return to the referring page
$referrer = strtolower($_SERVER["HTTP_REFERER"]);
return $referrer;

  } else {
//insert a field showing that the user has login
$uid=$user->uid;
$pag='user/'.$uid.'/edit';
    db_query("INSERT INTO {profile_values} (fid, uid) VALUES ('1', '$uid')");
//erase the password
    db_query("UPDATE {users} SET pass='' WHERE uid='$uid'");
//go to edit page
    return '?q=user/$uid/edit'; //can be a custom page also, edit page let the user leave without setting a new password
  }
}

I wanted to just force the

Posted by amariotti on January 22, 2010 at 11:25pm

I wanted to just force the users to go to their user edit screen, and also be able to recognize the admin and here's my snippet:

global $user;
if ($user->uid == 1) {
  return 'admin';
}
else {
$uid=$user->uid;
    return 'user/' . $uid . '/edit';
}

I fixed the return statement so that it would actually get the correct uid variable. Hope this helps someone!

This feature could be introduced

Posted by ilo on September 21, 2009 at 1:21am

in the login_security module if you are interested. would anyone create the appropiate issue?

I just created the Force

Posted by Jay Matwichuk on January 24, 2010 at 4:05am

I just created the Force Password Change module that will force users to change their password immediately, or upon their next login. It also contains a setting to require new users to change their password on first login.

Full-time freelancer, always looking for work.
jaypan.com (my portfolio)

Merged into Password Policy

Posted by deekayen on April 14, 2010 at 1:42pm

This feature request was from a rather old issue to Password Policy at #292166: force password change on next login. Force Password Change is now merged into Password Policy.

--
deekayen.net