force password check

force password check

The plugin you created, "force password check" is very close to what I've been searching for, but I need it to force every user to reset their password / update their details on next login. I tried modifying the code, but was unsuccessful. Any help you could give me would be greatly appreciated.

Thanks!

4thdimension
useravatar
Offline
6 Posts
Active Subscriptions:

None
Administrator has disabled public posting. Please login or register in order to proceed.

Re: force password check

The way the plugin knows to force someone to change their password is if their last visit date is: 0000-00-00 00:00:00

If you want to force every user in your system to update their password, you could modify all their last visit dates to zero and therefore everyone would have to change their password.  This SQL should do it:

Code:


UPDATE jos_users SET lastvisitDate = '0000-00-00 00:00:00'

I would highly suggest doing this on your development site first to make sure it doesn't cause issues with any of your other extensions or anything.

If you would rather change the plugin to fire using some other criteria, I can help with that as well.  Just let me know what criteria you want to use.  Since you will be making this change on your own site and this doesn't have to work for everyone, we could even just keep a temporary table to know if users have already changed their passwords.

Let me know.

If you use our extensions, please consider leaving a rating and review at the Joomla! Extension Directory:
JFBConnect | SCLogin

alzander
Alex
useravatar
Offline
23659 Posts
Support Specialist
Administrator has disabled public posting. Please login or register in order to proceed.

Re: force password check

So I tried it, and it worked perfect! Except for one thing... I'm using mighty registration to gather additional info from my users, and the main point for me wanting to do this is to get my users to update all of their details.  So when I run the plugin it takes them to the Main joomla registration page.  I think I could make this work by updating the "forcepasswordchange.php" and changing "com_user" to "com_juser"  But I'm stuck on the "Redirect to edit profile" link.  I don't know the location of the Mighty Registration edit profile link.

Thanks again for all your help!!!

4thdimension
useravatar
Offline
6 Posts
Active Subscriptions:

None
Administrator has disabled public posting. Please login or register in order to proceed.

Re: force password check

Also the info provided by Mighty Registration is here:

<!-- m --><a class="postlink" href="http://www.mightyextensions.com/knowledge-base/faq/list/answers/12-user">http://www.mightyextensions.com/knowled ... rs/12-user</a><!-- m -->

4thdimension
useravatar
Offline
6 Posts
Active Subscriptions:

None
Administrator has disabled public posting. Please login or register in order to proceed.

Re: force password check

I could add some menu item parameters so you could choose which menu items to send the user to.  Would this work for you?

If you use our extensions, please consider leaving a rating and review at the Joomla! Extension Directory:
JFBConnect | SCLogin

alzander
Alex
useravatar
Offline
23659 Posts
Support Specialist
Administrator has disabled public posting. Please login or register in order to proceed.

Re: force password check

I think that would work... thanks a lot for your help!

4thdimension
useravatar
Offline
6 Posts
Active Subscriptions:

None
Administrator has disabled public posting. Please login or register in order to proceed.

Re: force password check

So In my never ending endeavor to learn, I tried to modify the script on my own.  I found out the URL for Mighty registration is the following:

index.php?option=com_juser&view=user&layout=mydetails

So I modified your script and got it to work, it takes the user to the correct details page, but it throws a 500 error once I type in the password field.  At that point it locks up the site and I have to manually uninstall everything to get it running correctly again.

Here's how I modified your scrip Maybe it would be something simple to fix:


            <?php

// no direct access
defined('_JEXEC') or die('Restricted access');

jimport('joomla.plugin.plugin');

class plgSystemForcePasswordChange extends JPlugin
{
    function plgSystemForcePasswordChange(&$subject, $config)
    {
        parent::__construct($subject, $config);
    }

    function onAfterRoute()
    {
        $user = &JFactory::getUser();

        $option = JRequest::getVar('option');
        $view = JRequest::getVar('view');
        $task = JRequest::getVar('task');
        $layout = JRequest::getVar('layout');

        if(!$user->guest && $user->lastvisitDate == "0000-00-00 00:00:00")
        {
            // The user is not a guest and their lastvisitDate is zeros

            if($option == "com_juser" && $task == "save")
            {
                // The user is saving their profile

                // Set the last visit date to a real value so we won't continue forcing them to update their profile
                $user->setLastVisit();
                $date = JFactory::getDate();
                $user->lastvisitDate = $date->toMySQL();
            }
            else if(!($option == "com_juser" && $view == "user" && $layout == "mydetails"))
            {
                // The user is not on the edit profile form

                // Update lastvisitDate back to zero
                $dbo = &JFactory::getDBO();
                $query = "UPDATE #__users ".
                    "SET lastvisitDate = ".$dbo->quote("0000-00-00 00:00:00")." ".
                    "WHERE id = ".$dbo->quote($user->id);
                $dbo->setQuery($query);
                $dbo->query();
   
                // Redirect to edit profile
                $app = &JFactory::getApplication();
                $app->redirect(
                    "index.php?option=com_juser&view=user&layout=mydetails",
                    $this->params->get("message", "You must update your password before continuing to use the site.")
                );
            }
        }
    }
}





Thanks again for all your help, I really do appreciate this a lot!

4thdimension
useravatar
Offline
6 Posts
Active Subscriptions:

None
Administrator has disabled public posting. Please login or register in order to proceed.

Re: force password check

Are you doing this work on a test site?  If you want to PM me and give me access, I can try changing debugging and seeing what changes need to be made to work with Mighty Registration.

If not, I can try to download Mighty Registration this afternoon and test on my local site.

Let me know.

If you use our extensions, please consider leaving a rating and review at the Joomla! Extension Directory:
JFBConnect | SCLogin

alzander
Alex
useravatar
Offline
23659 Posts
Support Specialist
Administrator has disabled public posting. Please login or register in order to proceed.

Re: force password check

Actually it's a live site, I've been trying to do the work on it early morning / late at night.
Let me know what works best for you.

Thanks

4thdimension
useravatar
Offline
6 Posts
Active Subscriptions:

None
Administrator has disabled public posting. Please login or register in order to proceed.

Re: force password check

Would you have any interest in setting yourself up a dev site?  It makes things much easier and typically you can do it on the same server as your live site, so you don't need to pay any more or anything.  That would be the route I would go down so you can easily test changes going forward without having to avoid higher traffic times.

If you'd be interested, PM me and we can discuss what needs to be done.

If not, no big deal.  I can try to setup a test site on my local machine.

If you use our extensions, please consider leaving a rating and review at the Joomla! Extension Directory:
JFBConnect | SCLogin

alzander
Alex
useravatar
Offline
23659 Posts
Support Specialist
Administrator has disabled public posting. Please login or register in order to proceed.

Re: force password check

Would this be able to do the same for JomSocial?

I had to do some crazy code re-vamping to get it to work but it does....

Code:

<?php
/**
* @package        Force Password Change
* @copyright (C) 2010 by Source Coast - All rights reserved
* http://www.sourcecoast.com
* http://www.cmsmarket.com
* http://www.covertapps.com
* @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
*/

// no direct access
defined('_JEXEC') or die('Restricted access');

jimport('joomla.plugin.plugin');

class plgSystemForcePasswordChange extends JPlugin
{
    function plgSystemForcePasswordChange(&$subject, $config)
    {
        parent::__construct($subject, $config);
    }

    function onAfterRoute()
    {
                global $mainframe;

                // Don't do anything if this is the administrator backend or debugging is on
                if($mainframe->isAdmin() || JDEBUG) {
                        return;
                }

        $user = &JFactory::getUser();

        $option = JRequest::getVar('option');
        $view = JRequest::getVar('view');
        $task = JRequest::getVar('task');
        $savetask = JRequest::getVar('action');
        // no_html is sent by Mighty Registration for ajax checks, so we need to ignore them
        $noHtml = JRequest::getVar('no_html');

        $editProfileOption = "com_community";
        $editProfileSaveTask = "save";
        $editProfileView = "profile";
        $editProfileTask = "edit";

        if(!$user->guest && $user->lastvisitDate == "0000-00-00 00:00:00" && $noHtml != "1")
        {
            // The user is not a guest and their lastvisitDate is zeros
            if($option == $editProfileOption && $savetask == $editProfileSaveTask)
            {
                // The user is saving their profile

                // Set the last visit date to a real value so we won't continue forcing them to update their profile
                $user->setLastVisit();
                $date = JFactory::getDate();
                $user->lastvisitDate = $date->toMySQL();
            }
            else if(!($option == $editProfileOption && $view == $editProfileView && $task == $editProfileTask))
            {
                // The user is not on the edit profile form

                // Update lastvisitDate back to zero
                $dbo = &JFactory::getDBO();
                $query = "UPDATE #__users ".
                    "SET lastvisitDate = ".$dbo->quote("0000-00-00 00:00:00")." ".
                    "WHERE id = ".$dbo->quote($user->id);
                $dbo->setQuery($query);
                $dbo->query();
   
                // Redirect to edit profile
                $app = &JFactory::getApplication();

                $app->redirect(
                    "index.php?option=".$editProfileOption."&view=".$editProfileView."&task=".$editProfileTask,
                    $this->params->get("message", "You must update your password before continuing to use the site.")
                );
            }
        }
    }
}

nimda79
useravatar
Offline
1 Posts
Active Subscriptions:

None
Administrator has disabled public posting. Please login or register in order to proceed.

Re: force password check

Thanks for posting back your solution.  I will take a look at it and incorporate it into the released version.  If I can, I will add a parameter to make it easier for others to switch which profile page they want to redirect to.

Thanks again for your help!

If you use our extensions, please consider leaving a rating and review at the Joomla! Extension Directory:
JFBConnect | SCLogin

alzander
Alex
useravatar
Offline
23659 Posts
Support Specialist
Administrator has disabled public posting. Please login or register in order to proceed.

Re: force password check

Hi. I love this plugin. To continue this conversation....I would like to force my new users to complete additional fields when they are changing their password, but I am using community builder. Does anyone have any advice before I start custom coding my own solution on top of this plugin?

tk42i
useravatar
Offline
1 Posts
Active Subscriptions:

None
Administrator has disabled public posting. Please login or register in order to proceed.

Re: force password check

If you're using CB, why don't you just mark the fields as required?  I'm guessing you're maybe creating the account for them and then want them to fill it out after they log in?

There should be a pretty easy way to check profile status, or a specific field at least, to see if it has values.  If not, redirect to the profile repeatedly until that field has something.  Won't guarantee all fields are complete, but at least you'll know they did something...

Just some thoughts.

If you use our extensions, please consider leaving a rating and review at the Joomla! Extension Directory:
JFBConnect | SCLogin

alzander
Alex
useravatar
Offline
23659 Posts
Support Specialist
Administrator has disabled public posting. Please login or register in order to proceed.
There are 0 guests also viewing this topic
There are 0 users also viewing this topic

Board Info

Board Stats
 
Total Topics:
11405
Total Polls:
0
Total Posts:
48071
Posts today:
1
User Info
 
Total Users:
47236
Newest User:
perinf
Members Online:
0
Guests Online:
646

Online: 
There are no members online
Social Stream
Refer and Earn

Like our extensions? You're not alone! That's why they're used on tens of thousands of websites. Now you can earn 20% of any sale you refer to SourceCoast.com.

We provide excellent documentation, well laid out sales pages and great support. All you need to do is spread the word and we'll take care of the rest.

Learn About Our Affiliate Program