MDL-14092: forcing imported users with a weak password to change it on first login. (merge from 1.9)

2025-04-21 00:12:56 +02:00 · 2008-09-26 09:13:24 +00:00 · 2008-09-26 09:13:24 +00:00 · feecd4d6a5
commit feecd4d6a5
parent 61a828842e
2 changed files with 14 additions and 1 deletions
--- a/admin/uploaduser.php
+++ b/admin/uploaduser.php
@ -151,6 +151,8 @@ if ($formdata = $mform->is_cancelled()) {
    $renameerrors = 0;
    $usersskipped = 0;

+    $forcechangepassword = 0;
+
    // caches
    $ccache    = array(); // course cache - do not fetch all courses here, we  will not probably use them all anyway!
    $rolecache = array(); // roles lookup cache
@ -202,6 +204,9 @@ if ($formdata = $mform->is_cancelled()) {
                if ($key == 'password') {
                    if ($value !== '') {
                        $user->password = hash_internal_user_password($value);
+                        if (!empty($CFG->passwordpolicy) and !check_password_policy($value, $errmsg)) {
+                            $forcechangepassword++;
+                        }
                    }
                } else {
                    $user->$key = $value;
@ -436,6 +441,9 @@ if ($formdata = $mform->is_cancelled()) {
                            continue;
                        } else if (!empty($user->password)) {
                            $upt->track('password', get_string('updated'));
+                            if ($forcechangepassword) {
+                                set_user_preference('auth_forcepasswordchange', 1, $existinguser->id);
+                            }
                        }
                    }
                    if ((array_key_exists($column, $existinguser) and array_key_exists($column, $user)) or in_array($column, $PRF_FIELDS)) {
@ -539,6 +547,9 @@ if ($formdata = $mform->is_cancelled()) {
                    set_user_preference('auth_forcepasswordchange', 1, $user->id);
                    $upt->track('password', get_string('new'));
                }
+                if ($forcechangepassword) {
+                    set_user_preference('auth_forcepasswordchange', 1, $user->id);
+                }
            } else {
                // Record not added -- possibly some other error
                $upt->track('status', $strusernotaddederror, 'error');
@ -709,6 +720,7 @@ if ($formdata = $mform->is_cancelled()) {
    if ($usersskipped) {
        echo get_string('usersskipped', 'admin').': '.$usersskipped.'<br />';
    }
+    echo get_string('usersweakpassword', 'admin').': '.$forcechangepassword.'<br />';
    echo get_string('errors', 'admin').': '.$userserrors.'</p>';
    print_box_end();

@ -995,4 +1007,4 @@ function uu_allowed_roles($shortname=false) {

    return $choices;
 }
-?>
+?>
--- a/lang/en_utf8/admin.php
+++ b/lang/en_utf8/admin.php
@ -782,6 +782,7 @@ $string['userrenamed'] = 'User renamed';
 $string['users'] = 'Users';
 $string['userscreated'] = 'Users created';
 $string['usersdeleted'] = 'Users deleted';
+$string['usersweakpassword'] = 'Users having a weak password';
 $string['usersrenamed'] = 'Users renamed';
 $string['usersskipped'] = 'Users skipped';
 $string['usersupdated'] = 'Users updated';