Preventing the expiration of passwords for certain users

From pmusers
Jump to: navigation, search

PPP_EXPIRATION_IN can be defined in the file shared/sites/{workspace}/db.php to make passwords expire after a fixed number of days, but it is a universal setting that applies to all users.

If the passwords for certain users should never expire, here are 3 workarounds:

1. The PPP_EXPIRATION_IN setting is only checked when the user logs in, so you won't have to reset the password if the user doesn't login. For example, you could define PPP_EXPIRATION_IN during a time when the user won't login, then comment it out in the db.php file when the user will login.


2. Another option is to change the source code. For example, in workflow/engine/classes/model/UserProperties.php:175, change from:

    (PPP_EXPIRATION_IN > 0) {

To:

    (PPP_EXPIRATION_IN > 0 and (!isset($_SESSION['USR_USERNAME']) or $_SESSION['USR_USERNAME'] != 'admin')) {

Now the "admin" user will never have to change his password.


3. A third option is to not use PPP_EXPIRATION_IN. Instead, manually mark the option "User must change password at next Login" in each user's profile, except the user whose password shouldn't change.

If you don't want to do this manually, then change the USERS_PROPERTIES.USR_LOGGED_NEXT_TIME field in the database from 0 to 1 to force the user to change her password on the next login.

For example, the following commands issued from the command line would force all the users except the users "admin", "sally" and "bob" to change their passwords on the next login:

mysql -u root -p
USE wf_workflow;
UPDATE USERS_PROPERTIES AS UP JOIN USERS AS U ON U.USR_UID=UP.USR_UID SET UP.USR_LOGGED_NEXT_TIME=1
   WHERE U.USR_USERNAME NOT IN ('admin', 'sally', 'bob');
EXIT;