MDL-19608 do not force changing of passwords if users may not actuall…

…y change them
moodle · Nov 17, 2009 · 46697d1 · 46697d1
1 parent 9d4b366
commit 46697d1
Showing 1 changed file with 17 additions and 2 deletions.
diff --git a/admin/user/user_bulk_forcepasswordchange.php b/admin/user/user_bulk_forcepasswordchange.php
@@ -22,14 +22,29 @@
 admin_externalpage_print_header();
 
 if ($confirm and confirm_sesskey()) {
-    $primaryadmin = get_admin();
+    // only force password change if user may actually change the password
+    $authsavailable = get_list_of_plugins('auth');
+    $changeable = array();
+    foreach($authsavailable as $authname) {
+        if (!$auth = get_auth_plugin($authname)) {
+            continue;
+        }
+        if (@$auth->can_change_password()) { // plugins may not be configured yet, not nice :-(
+            $changeable[$authname] = true;
+        }
+    }
 
     $parts = array_chunk($SESSION->bulk_users, 300);
     foreach ($parts as $users) {
         $in = implode(',', $users);
         if ($rs = get_recordset_select('user', "id IN ($in)")) {
             while ($user = rs_fetch_next_record($rs)) {
-                set_user_preference('auth_forcepasswordchange', 1, $user->id);
+                if (!empty($changeable[$user->auth])) {
+                    set_user_preference('auth_forcepasswordchange', 1, $user->id);
+                    unset($SESSION->bulk_users[$user->id]);
+                } else {
+                    notify(get_string('forcepasswordchangenot', '', fullname($user, true)));
+                }
             }
             rs_close($rs);
         }