About password

[napiedra]

Is there a way to prompt the users to change their passwords right after the first login only if they have not changed it from a predefined password set by the site administrator?

[arbei]

You can compare the user password to the default password, then save the result in the session variable.

For example:
(In Uesr_LoggedIn Server Event)
if (CurrentUserInfo("<password field>") == "<Default password")
$_SESSION["<var name>"] = TRUE;

Then add a message in header in "Page_DataRendering" Server Event.

For example:
if ($_SESSION["<var name>"])
$header .= "Please update your password";

You can read help file topic "Server Events and Client Scripts" -> "Page_DataRendering" and "User_LoggedIn" for more information.

[mobhar]

The other approach is by adding a new field in your "users" table, for example, "Force_Change_Password" which is "Y" by default. So, when your end-user is successfully registered, then the value of this field is "Y" which means he/she will be forced by system to change his/her password.

System must check this field after user is logged in using "User_LoggendIn" server event under "Server Events" -> "Other" -> "Login Page", and if its value is "Y", then display the "Change Password" page. You need to assign the session variable that related to force user to change password by using this code:

if (CurrentUserInfo("Force_Change_Password") == "Y") {
SetSessionPasswordExpired();
$this->setFailureMessage(Language()->Phrase("PasswordExpired"));
$this->Page_Terminate("changepwd.php");
}

This will make system will always force him/her to change the password. This is the closest approach to force end-user to change the password.

In order to make sure user has successfully changed the password, you need to update that field value above to "N" using "User_ChangePassword" server event under "Server Events" -> "Other" -> "Change Password Page".