Force password change option

Start of renovation of our password system. First step: New
administrator option to force a password change for individual or all
users via the control center. After reload a page or after logging-in
the user lands directly on the (already existing) "change password"
dialog in the control center. A message in a red box says "For security
reasons, you are required to change your password.". The user can only
move inside the control center until he changed the password. Every
other link is redirected to the change password dialog.

common.php

@@ -32,7 +32,7 @@
 define( "PHORUM_SCHEMA_VERSION", "2010101500" );
 
 // our database patch level in format of year-month-day-serial
-define( "PHORUM_SCHEMA_PATCHLEVEL", "2015082600" );
+define( "PHORUM_SCHEMA_PATCHLEVEL", "2016101000" );
 
 // Initialize the global $PHORUM variable, which holds all Phorum data.
 global $PHORUM;
@@ -996,6 +996,19 @@
             $PHORUM['DATA']['BREADCRUMBS'][$track]['URL'] = phorum_get_url(PHORUM_LIST_URL, $track);
         }
     }
+
+    // Check if user is forced to change his password and redirect to control center
+    if (    phorum_page !== 'control'
+         && phorum_page !== 'login'
+         && phorum_page !== 'ajax'
+         && phorum_page !== 'css'
+         && phorum_page !== 'javascript'
+         && isset($PHORUM['user']['force_password_change'])
+         && $PHORUM['user']['force_password_change'] ) {
+        phorum_redirect_by_url(phorum_get_url(PHORUM_CONTROLCENTER_ACTION_URL, 'panel=password'));
+        exit();
+    }
+
 }
 
 // ----------------------------------------------------------------------
@@ -1013,7 +1026,6 @@
     }
 }
 
-
 // ----------------------------------------------------------------------
 // Functions
 // ----------------------------------------------------------------------

control.php

@@ -313,6 +313,7 @@ function phorum_controlcenter_user_save($panel)
     if ($panel == 'password') {
       $userdata['password'] = NULL;
       $userdata['password_temp'] = NULL;
+      $userdata['force_password_change'] = NULL;
     }
     // E-mail address related fields can only be updated from the email panel.
     if ($panel == 'email') {

include/admin/users.php

@@ -104,12 +104,17 @@
             phorum_admin_okmsg("$count User(s) deleted.");
         }
 
-    //process new user data
+    // process force password change
+    } elseif (isset($_POST['forcePasswordChange'])) {
+        phorum_api_user_force_password_change($PHORUM['user']['user_id']);
+        phorum_admin_okmsg('Forced password change for all users (except you).');
+
+    // process new user data
     } elseif (isset($_POST["addUser"])) {
 
         $user_data = $_POST;
 
-        //check for pre-existing username
+        // check for pre-existing username
         if (!empty($_POST["username"])) {
             $existing_user = phorum_api_user_search("username", $_POST["username"]);
             if (!empty($existing_user))
@@ -118,7 +123,7 @@
             $error = "You must provide a user name!";
         }
 
-        //check for a valid email
+        // check for a valid email
         if (!empty($_POST["email"])) {
             include('./include/email_functions.php');
             $valid_email = phorum_valid_email($_POST["email"]);
@@ -129,7 +134,7 @@
         }
 
 
-        //check for password and password confirmation
+        // check for password and password confirmation
         if(isset($_POST['password1']) && !empty($_POST['password1']) && !empty($_POST['password2']) && $_POST['password1'] != $_POST['password2']) {
             $error="Passwords don't match!";
         } elseif(!empty($_POST['password1']) && !empty($_POST['password2'])) {
@@ -240,6 +245,7 @@
         } elseif(!empty($_POST['password1']) && !empty($_POST['password2'])) {
             $user_data['password']=$_POST['password1'];
             $user_data['password_temp']=$_POST['password1'];
+            $user_data['force_password_change']=0;
         }
 
         // clean up
@@ -277,12 +283,17 @@
     return;
 }
 
-if (!isset($_GET["edit"]) && !isset($_GET["add"]) && !isset($addUser_error) && !isset($_POST['section']))
+if (    !isset($_GET['edit'])
+     && !isset($_GET['add']) && !isset($addUser_error)
+     && !isset($_POST['section'])
+     && !isset($_REQUEST['forcePasswordChange']) )
 {
     $users_url = phorum_admin_build_url(array('module=users'));
     $users_add_url = phorum_admin_build_url(array('module=users','add=1'));
-    print "<a href=\"$users_url\">" .
-          "Show all users</a> | <a href=\"$users_add_url\">Add User</a><br />";
+    $users_force_password_change_url = phorum_admin_build_url(array('module=users','forcePasswordChange=1'));
+    print "<a href=\"$users_url\">Show all users</a> "
+              ."| <a href=\"$users_add_url\">Add User</a> "
+              ."| <a href=\"$users_force_password_change_url\">Force password change for all users</a><br />";
 
     if (empty($_REQUEST["user_id"]))
     {
@@ -899,16 +910,20 @@ class="PhorumAdminTable" width="100%">
 
         $frm->addrow("Active", $frm->select_tag("active", array("No", "Yes"), $user["active"]));
 
+        $row=$frm->addrow("Force password change", $frm->select_tag("force_password_change", array("No", "Yes"), $user["force_password_change"]));
+
+        $frm->addhelp($row, "Force password change", "This option forces the user to change his password on his next page load or login.");
+
         $frm->addrow("Forum posts",$user["posts"]);
 
         $frm->addrow("Registration Date", phorum_date($PHORUM['short_date_time'], $user['date_added']));
 
         $row=$frm->addrow("Date last active", phorum_date($PHORUM['short_date_time'], $user['date_last_active']));
 
-        $frm->addrow("Administrator", $frm->select_tag("admin", array("No", "Yes"), $user["admin"]));
-
         $frm->addhelp($row, "Date last active", "This shows the date, when the user was last seen in the forum. Check your setting on \"Track user usage\" in the \"General Settings\". As long as this setting is not enabled, the activity will not be tracked.");
 
+        $frm->addrow("Administrator", $frm->select_tag("admin", array("No", "Yes"), $user["admin"]));
+
         $cf_header_shown=0;
         foreach($PHORUM["PROFILE_FIELDS"] as $key => $item){
             if ($key === 'num_rows' || !empty($item['deleted'])) continue;
@@ -1073,5 +1088,18 @@ class="PhorumAdminTable" width="100%">
     $frm->addrow("Administrator", $frm->select_tag("admin", array("No", "Yes"), $admin));
 
     $frm->show();
+
+//display force password change form
+} elseif (isset($_REQUEST['forcePasswordChange'])) {
+    print '<a href="'.htmlspecialchars($referrer).'">Back to the user overview</a><br />';
+    $frm = new PhorumInputForm ('', 'post', 'Force Password Change');
+
+    $frm->hidden('module', 'users');
+    $frm->hidden('referrer', $referrer);
+    $frm->hidden('forcePasswordChange', '1');
+
+    $frm->addbreak('Force Password Change');
+    $frm->addmessage('ATTENTION!<br /><br />This option forces ALL users (except you as executing administrator) to change their password on their next page load or login.<br /><br />The process is irreversible!');
+    $frm->show();
 }
 ?>

include/api/user.php

@@ -317,6 +317,7 @@
   'moderation_email'        => 'bool',
   'moderator_data'          => 'array',
   'settings_data'           => 'array',
+  'force_password_change'   => 'bool',
 
    // Fields that are used for passing on information about user related,
    // data, which is not stored in a standard user table field.
@@ -1462,6 +1463,20 @@ function phorum_api_user_delete($user_id)
 }
 // }}}
 
+// {{{ Function: phorum_api_user_force_password_change()
+/**
+ * Set the "force password change" marker for all users except executing admin.
+ *
+ * @param integer $user_id
+ *     The administrators user_id.
+ */
+function phorum_api_user_force_password_change($user_id)
+{
+    settype($user_id, "int");
+    phorum_db_user_force_password_change($user_id);
+}
+// }}}
+
 // {{{ Function: phorum_api_user_format()
 /*
  * This function handles preparing user data * for use in the templates.

include/controlcenter/password.php

@@ -17,11 +17,11 @@
 //   along with this program.                                                 //
 ////////////////////////////////////////////////////////////////////////////////
 
-if(!defined("PHORUM_CONTROL_CENTER")) return;
+if(!defined('PHORUM_CONTROL_CENTER')) return;
 
 if(count($_POST)) {
 
-    $old_password = trim($_POST["password_old"]);
+    $old_password = trim($_POST['password_old']);
     $new_password = trim($_POST['password_new']);
 
     // attempt to authenticate the user
@@ -30,32 +30,39 @@
                                 $PHORUM['user']['username'],
                                 $old_password) ) {
 
-        $error = $PHORUM["DATA"]["LANG"]["ErrOriginalPassword"];
+        $error = $PHORUM['DATA']['LANG']['ErrOriginalPassword'];
 
     } elseif(empty($new_password) || empty($_POST['password_new2']) ||
             $_POST['password_new'] !== $_POST['password_new2']) {
 
-        $error = $PHORUM["DATA"]["LANG"]["ErrPassword"];
+        $error = $PHORUM['DATA']['LANG']['ErrPassword'];
 
     } else {
 
         // everything's good, save
         $_POST['password_temp'] = $_POST['password'] = $new_password;
+        $_POST['force_password_change'] = 0;
         list($error,$okmsg) = phorum_controlcenter_user_save($panel);
 
         // Redirect to the password page, to make sure that the
         // CSRF token is refreshed. This token is partly based on the
         // session id and this session id changed along with the password.
         phorum_redirect_by_url(phorum_get_url(
             PHORUM_CONTROLCENTER_URL,
-            "panel=" . PHORUM_CC_PASSWORD,
-            "okmsg=" . urlencode($okmsg)
+            'panel=' . PHORUM_CC_PASSWORD,
+            'okmsg=' . urlencode($okmsg)
         ));
     }
+} else {
+    // Check if user is forced to change his password and show message
+    if (    isset($PHORUM['user']['force_password_change'])
+         && $PHORUM['user']['force_password_change'] ) {
+        $error = $PHORUM['DATA']['LANG']['PasswordChange'];
+    }
 }
 
-$PHORUM["DATA"]["HEADING"] = $PHORUM["DATA"]["LANG"]["ChangePassword"];
+$PHORUM['DATA']['HEADING'] = $PHORUM['DATA']['LANG']['ChangePassword'];
 $PHORUM['DATA']['PROFILE']['CHANGEPASSWORD'] = 1;
-$template = "cc_usersettings";
+$template = 'cc_usersettings';
 
 ?>

include/db/mysql.php

@@ -4352,6 +4352,31 @@ function phorum_db_user_delete($user_id)
 }
 // }}}
 
+// {{{ Function: phorum_db_user_force_password_change()
+/**
+ * Set the "force password change" marker for all users except executing admin.
+ *
+ * @param integer $user_id
+ *     The administrators user_id.
+ */
+function phorum_db_user_force_password_change($user_id)
+{
+    settype($user_id, 'int');
+
+    if (!empty($user_id)) {
+        phorum_db_interact(
+            DB_RETURN_RES,
+            "UPDATE {$GLOBALS['PHORUM']['user_table']}
+             SET    force_password_change = 1
+             WHERE  force_password_change = 0
+             AND    user_id != $user_id",
+            NULL,
+            DB_MASTERQUERY
+        );
+    }
+}
+// }}}
+
 // {{{ Function: phorum_db_get_file_list()
 /**
  * Retrieve a list of files from the database.

include/db/upgrade/mysql-patches/2016101000.php

@@ -0,0 +1,6 @@
+<?php
+if (!defined('PHORUM_ADMIN')) return;
+
+$upgrade_queries[]="alter table {$PHORUM['user_table']} add column force_password_change tinyint(1) not null default '0';";
+
+?>

include/lang/english.php

@@ -341,6 +341,7 @@
         "Page"                  =>      "Page",
         "Pages"                 =>      "Pages",
         "Password"              =>      "Password",
+        "PasswordChange"        =>      "For security reasons, you are required to change your password.",
         "PeriodicLogin"         =>      "For your protection, you are required to confirm your login information when you have been away from the site.",
         "PermAdministrator"     =>      "You are an Administrator.",
         "PermAllowPost"         =>      "post-permission",