Prevent Password Changing

[Primal Rage]

Is there a way to disable the option for users to change their profile password? Basically i want them to use the same password forever without being able to reset it or change it in the USERCP . Is such possible??

[trafix]

nope cant be done .... as default vb software requires members to change their password after the current one is 120 + days old

[Primal Rage]

That option is disabled meaning it will never expire. So i want to be able to prevent them from changing it themselves

[Andreas]

I strongly (I can't stress this enough) recommend NOT to do so, but it you really want:

In profile.php FIND and COMMENT OUT

PHP Code:

    if ($newpassword != $newpasswordconfirm OR (strlen($newpassword_md5) == 32 AND $newpassword_md5 != $newpasswordconfirm_md5))
    {
        eval(print_standard_error('passwordmismatch'));
    }

    if (!empty($newpassword) OR !empty($newpassword_md5))
    {
        if (strlen($newpassword_md5) == 32)
        {
            $newpassword = md5($newpassword_md5 . $bbuserinfo['salt']);
        }
        else
        {
            $newpassword = md5(md5($newpassword) . $bbuserinfo['salt']);
        }

        // delete old password history
        $DB_site->query("DELETE FROM " . TABLE_PREFIX . "passwordhistory WHERE userid=$bbuserinfo[userid] AND passworddate <= FROM_UNIXTIME(" . (TIMENOW - $permissions['passwordhistory'] * 86400) . ")");

        // check to see if the new password is invalid due to previous use
        if ($permissions['passwordhistory'] AND $historycheck = $DB_site->query_first("SELECT UNIX_TIMESTAMP(passworddate) AS passworddate FROM " . TABLE_PREFIX . "passwordhistory WHERE userid=$bbuserinfo[userid] AND password = '" . addslashes($newpassword) . "'"))
        {
            eval(print_standard_error('passwordhistory'));
        }

    } 


FIND

PHP Code:

    if (!empty($newpassword))
    {
        // insert record into password history
        $DB_site->query("INSERT INTO " . TABLE_PREFIX . "passwordhistory (userid, password, passworddate) VALUES ($bbuserinfo[userid], '" . addslashes($newpassword) . "', NOW())");

        $newpassword = "password = '" . addslashes($newpassword) . "', passworddate = NOW(),";
    }    else {
        $newpassword = '';
    }

    if ($newpassword OR $newemail)
    {
        $DB_site->query("UPDATE " . TABLE_PREFIX . "user SET $newpassword $newemail usergroupid = " . intval($bbuserinfo['usergroupid']) . " WHERE userid = $bbuserinfo[userid]");
    } 


REPLACE that with

PHP Code:

/* Commented out to prevent password changes
    if (!empty($newpassword))
    {
        // insert record into password history
        $DB_site->query("INSERT INTO " . TABLE_PREFIX . "passwordhistory (userid, password, passworddate) VALUES ($bbuserinfo[userid], '" . addslashes($newpassword) . "', NOW())");

        $newpassword = "password = '" . addslashes($newpassword) . "', passworddate = NOW(),";
    }    else {
        $newpassword = '';
    }
*/
         // Hack: Prevent Password Change: Removed OR $newpassword from the IF and $newpassword from the query
    if ($newemail)
    {
        $DB_site->query("UPDATE " . TABLE_PREFIX . "user SET $newemail usergroupid = " . intval($bbuserinfo['usergroupid']) . " WHERE userid = $bbuserinfo[userid]");
    } 


You might also want to remove the input controls:

HTML Code:

		<fieldset class="fieldset">
			<legend>$vbphrase[edit_password]<if condition="$show['password_optional']"> ($vbphrase[optional])</if></legend>
			<table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
			<tr>
				<td>
					<div>$vbphrase[new_password]:</div>
					<div><input type="password" class="bginput" name="newpassword" size="50" maxlength="50" /></div>
				</td>
			</tr>
			<tr>
				<td>
					<div>$vbphrase[confirm_new_password]:</div>
					<div><input type="password" class="bginput" name="newpasswordconfirm" size="50" maxlength="50" /></div>
				</td>
			</tr>
			</table>
		</fieldset>

Remove this from Template modifypassword.

[Primal Rage]

Quote:

Originally Posted by KirbyDE

I strongly (I can't stress this enough) recommend NOT to do so, but it you really want:

I understand your concern, and trust me i would not advise anyone to do this either, but like i said i have reasons to apply this hack.

Thanx I will try your suggestion and get back to you.

[Primal Rage]

The above worked great, I also removed the Forgoten Password vbprases to avoid users resetting the pass. Thank You.

[Daddio53]

I also need this kind of instruction, but for 3.5.3. I can find a similar section in profile.php, but am not a PHP programmer and am loathe to attempt this change without some guidance with the newest release.

Yes, I understand most would not want to do this, but vB is integrated with a third-party membership management script; I cannot have members changing passwords in vB and getting them out of sync with other site modules.

Thanks in advance for any help anyone can provide.

[surrosurro]

Can this be done to a "certain" user and not apply it to all?

[Tk1]

Quote:

Originally Posted by Daddio53

I also need this kind of instruction, but for 3.5.3.

yatta yatta yatta...

I'm quite interested in this as well for vBulletin 3.5.3.

so i suppose this is a *bump

[hiiped]

Quote:

Originally Posted by Daddio53

I also need this kind of instruction, but for 3.5.3. I can find a similar section in profile.php, but am not a PHP programmer and am loathe to attempt this change without some guidance with the newest release.

Yes, I understand most would not want to do this, but vB is integrated with a third-party membership management script; I cannot have members changing passwords in vB and getting them out of sync with other site modules.

Thanks in advance for any help anyone can provide.

https://vborg.vbsupport.ru/showthread.php?t=105992
Enable/Disable many settings in vb {custom and default}. Version 2.1
that hack has disable profile edits


something to consider