oblige user to change password on next login

[Toflar]

Hi Leo

I was thinking about a feature this morning while I was creating user accounts for a company.
I created nonsense passwords like "changeme1234".

Unfortunately, telling the users that they must change their password after the first login doesn't really keep them from using their account with the insecure password for months...

What about a new option "user must change password on next login" to force the user to change his/her password before he/she can do anything else with Contao?
Would be a nice feature!

BR
Yanick

Download the attachments

--- Originally created on March 15th, 2011, at 10:44am (ID 2928)

[ghost]

Nice idea, I second it.

Problem is, how do you want them to force changing it? Redirecting to the profile page and "locking" them there until changed?

--- Originally created by xtra on March 15th, 2011, at 10:46am

[Toflar]

Haven't looked at any way how to implement this best at all yet but I rather think of a certain stand-alone welcome screen and only after the password has been changed there, the user gets redirected to the Contao backend. Sort of intermediate page like you know it from other systems e.g. Windows etc.

--- Originally created on March 15th, 2011, at 10:55am

[aschempp]

@Toflar: I suggest you create a patch or implementable idea how to do this?

--- Originally created on March 19th, 2011, at 10:08am

[Toflar]

It's definitely on my to-do list =)

--- Originally created on March 19th, 2011, at 02:39pm

[Toflar]

First: I'm sorry, seems like TortoiseSVN currently has an UTF-8 issue when creating patches - will have to report a bug in the other tracker :D
Anyway, apart from the German translation the patch is fine.
That's how I'd do it and I think it's a base we can use to work on, what do you think?

--- Originally created on March 19th, 2011, at 07:19pm

[Toflar]

And a Contao2Go-File for those that are using it: http://www.certo-net.ch/dev/obligepw____1300559408.c2g
BTW: The c2g files are really great but the 5 MB max here is too little - couldn't you set that to 8 MB or so?

--- Originally created on March 19th, 2011, at 07:36pm

[Toflar]

Damn, I forgot about the most important thing: the comparison to the former password :D

--- Originally created on March 19th, 2011, at 08:48pm

[aschempp]

Cool!
Wofür steht denn das o in opwchange? :)
Und liesse sich nicht das normale Password Widget verwenden? Sieht nur etwas nach redundantem Code aus?

--- Originally created on March 21st, 2011, at 09:06am

[ghost]

@andreas: I guess it stands for "oblige".

here we definately should keep things either the one or the other way. Either "oblige" or "force" but not in mixed manner.

--- Originally created by xtra on March 21st, 2011, at 10:59am

[aschempp]

Das wollte ich damit andeuten :D

--- Originally created on March 21st, 2011, at 11:50am

[Toflar]

• Ja, das "o" steht für oblige und ja, ich hab es ab und zu gemixt und ja, es müsste geändert werden =)
• Jep, hab mir auch überlegt, ob wir nicht das Widget verwenden sollten/könnten, hab's erst mal aus Zeitgründen nicht gemacht...wollte primär aufzeigen WO ich es implementieren würde, nicht unbedingt wie :-)
• hab ich mir überlegt da noch einen Hook einzubauen - warum? keine Ahnung, aber er wäre zumindest da.
• ist es ein Vorschlag und ihr dürft ihn gerne verbessern, dafür ist er da =)

Allerdings hätte ich gerne mal Leo's Meinung dazu - sonst coden wir an Zeugs rum, ohne zu wissen, ob es überhaupt implementiert wird ;-)

--- Originally created on March 21st, 2011, at 12:13pm

[leofeyer]

Implementiert in 16b7ba4.

[narrenfrei]

Would be great, if this option would be also available for members.

[aschempp]

+1, but difficult because we dont know the page where the password can be changed...

[ralfhartmann]

is not so difficult. After PW change proceed like login.
here the related pull request: #6304

[narrenfrei]

Thanks a lot!

[ralfhartmann]

there stil is something to do, i have created the tableless template for html5, only