Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.We have users that forget their password, request a new one, then when they use the one-time login token, never actually reset their password once they're temporarily logged in. They need to be forced to change their password before they can browse the site.
| Comment | File | Size | Author |
|---|---|---|---|
| #8 | password_policy-reset_force_change-1051390-8.patch | 2.5 KB | erikwebb |
Comments
Comment #1
deekayen commentedComment #2
George Bills commented+1 / subscribe.
Comment #3
jrz commentedsubscribed
Comment #4
jrz commentedBack Again. I found a solution without touching the Password Policy Module.
function mymodule_form_user_pass_alter(&$form, &$form_state) {
$form['#submit'][] = 'mymodule_pass_submit';
}
function mymodule_pass_submit($form, &$form_state) {
$account = $form_state['values']['account'];
if(module_exists('password_policy')) {
db_query('UPDATE {password_policy_force_change} SET force_change = 1 WHERE uid = %d', $account->uid);
}
}
Comment #5
erikwebb commentedPart of a greater issue - #574180: 1st change of password should ignore time limits
Comment #6
deekayen commentedThe other was closed as un-solvable. If that's really the case, then let's patch core in a way that would allow this feature to happen. I think the request itself still has reasonable merit.
Comment #7
erikwebb commentedLet's get this fixed for the more active 7.x branch and then we can patch backwards if the need exists.
Comment #8
erikwebb commentedSince this changes core's behavior, I've added it as an option to the admin page to enable this behavior.
This somewhat depends on #1596960: Force password change on first-time login requires password to change
Comment #9
roball commentedHas anybody tried that patch?
Looking for the same functionality in 6.x-1.x.
Comment #10
deekayen commented