PDA

View Full Version : Prevent Password Changing


Primal Rage
02-09-2005, 11:19 PM
Is there a way to disable the option for users to change their profile password? Basically i want them to use the same password forever without being able to reset it or change it in the USERCP . Is such possible??

trafix
02-09-2005, 11:23 PM
nope cant be done .... as default vb software requires members to change their password after the current one is 120 + days old

Primal Rage
02-09-2005, 11:33 PM
That option is disabled meaning it will never expire. So i want to be able to prevent them from changing it themselves

Andreas
02-09-2005, 11:35 PM
I strongly (I can't stress this enough) recommend NOT to do so, but it you really want:

In profile.php FIND and COMMENT OUT

if ($newpassword != $newpasswordconfirm OR (strlen($newpassword_md5) == 32 AND $newpassword_md5 != $newpasswordconfirm_md5))
{
eval(print_standard_error('passwordmismatch'));
}

if (!empty($newpassword) OR !empty($newpassword_md5))
{
if (strlen($newpassword_md5) == 32)
{
$newpassword = md5($newpassword_md5 . $bbuserinfo['salt']);
}
else
{
$newpassword = md5(md5($newpassword) . $bbuserinfo['salt']);
}

// delete old password history
$DB_site->query("DELETE FROM " . TABLE_PREFIX . "passwordhistory WHERE userid=$bbuserinfo[userid] AND passworddate <= FROM_UNIXTIME(" . (TIMENOW - $permissions['passwordhistory'] * 86400) . ")");

// check to see if the new password is invalid due to previous use
if ($permissions['passwordhistory'] AND $historycheck = $DB_site->query_first("SELECT UNIX_TIMESTAMP(passworddate) AS passworddate FROM " . TABLE_PREFIX . "passwordhistory WHERE userid=$bbuserinfo[userid] AND password = '" . addslashes($newpassword) . "'"))
{
eval(print_standard_error('passwordhistory'));
}

}


FIND

if (!empty($newpassword))
{
// insert record into password history
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "passwordhistory (userid, password, passworddate) VALUES ($bbuserinfo[userid], '" . addslashes($newpassword) . "', NOW())");

$newpassword = "password = '" . addslashes($newpassword) . "', passworddate = NOW(),";
} else {
$newpassword = '';
}

if ($newpassword OR $newemail)
{
$DB_site->query("UPDATE " . TABLE_PREFIX . "user SET $newpassword $newemail usergroupid = " . intval($bbuserinfo['usergroupid']) . " WHERE userid = $bbuserinfo[userid]");
}


REPLACE that with

/* Commented out to prevent password changes
if (!empty($newpassword))
{
// insert record into password history
$DB_site->query("INSERT INTO " . TABLE_PREFIX . "passwordhistory (userid, password, passworddate) VALUES ($bbuserinfo[userid], '" . addslashes($newpassword) . "', NOW())");

$newpassword = "password = '" . addslashes($newpassword) . "', passworddate = NOW(),";
} else {
$newpassword = '';
}
*/
// Hack: Prevent Password Change: Removed OR $newpassword from the IF and $newpassword from the query
if ($newemail)
{
$DB_site->query("UPDATE " . TABLE_PREFIX . "user SET $newemail usergroupid = " . intval($bbuserinfo['usergroupid']) . " WHERE userid = $bbuserinfo[userid]");
}


You might also want to remove the input controls:


<fieldset class="fieldset">
<legend>$vbphrase[edit_password]<if condition="$show['password_optional']"> ($vbphrase[optional])</if></legend>
<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
<tr>
<td>
<div>$vbphrase[new_password]:</div>
<div><input type="password" class="bginput" name="newpassword" size="50" maxlength="50" /></div>
</td>
</tr>
<tr>
<td>
<div>$vbphrase[confirm_new_password]:</div>
<div><input type="password" class="bginput" name="newpasswordconfirm" size="50" maxlength="50" /></div>
</td>
</tr>
</table>
</fieldset>


Remove this from Template modifypassword.

Primal Rage
02-09-2005, 11:38 PM
I strongly (I can't stress this enough) recommend NOT to do so, but it you really want:

I understand your concern, and trust me i would not advise anyone to do this either, but like i said i have reasons to apply this hack.

Thanx I will try your suggestion and get back to you.

Primal Rage
02-11-2005, 03:24 AM
The above worked great, I also removed the Forgoten Password vbprases to avoid users resetting the pass. Thank You.

Daddio53
01-12-2006, 04:12 AM
I also need this kind of instruction, but for 3.5.3. I can find a similar section in profile.php, but am not a PHP programmer and am loathe to attempt this change without some guidance with the newest release.

Yes, I understand most would not want to do this, but vB is integrated with a third-party membership management script; I cannot have members changing passwords in vB and getting them out of sync with other site modules.

Thanks in advance for any help anyone can provide.

surrosurro
01-19-2006, 08:43 PM
Can this be done to a "certain" user and not apply it to all?

Tk1
02-01-2006, 06:54 PM
I also need this kind of instruction, but for 3.5.3.

yatta yatta yatta... :p

I'm quite interested in this as well for vBulletin 3.5.3.

so i suppose this is a *bump

hiiped
02-02-2006, 01:18 AM
I also need this kind of instruction, but for 3.5.3. I can find a similar section in profile.php, but am not a PHP programmer and am loathe to attempt this change without some guidance with the newest release.

Yes, I understand most would not want to do this, but vB is integrated with a third-party membership management script; I cannot have members changing passwords in vB and getting them out of sync with other site modules.

Thanks in advance for any help anyone can provide.


https://vborg.vbsupport.ru/showthread.php?t=105992
Enable/Disable many settings in vb {custom and default}. Version 2.1
that hack has disable profile edits


something to consider

Tk1
02-02-2006, 09:43 PM
thanks hiiped, very useful link :)