MODX Community

Login - Force password change on first login

Is there a way that Webuser must change their passwort, when they login the first time?

Revo 2.7.2
Login 1.9.7

1 Like

Here’s an extra that looks useful, but might be outdated

https://modx.com/extras/package/forcedpasswdchange

In Modx its easy enough to guide a user through a password change (just have login page send to pw change page), but it would not require that to happen and the user could click out of it.

To force the change, I think you will need to tell Modx that the pw must be changed. Right now that’s on user creation, so I am thinking the best way is to put a token in your create user routine, we could assign a flag to the user upon creation, if this is the only function you need.

Then, you could have a checker in your template that would replace content with reset pw page if the flag is set, for all users, then they couldn’t run away and would have to reset to remove the flag…oh yeah and reset must remove the flag obvs

Will think about this.

Hi @mediengaarage,

I am also interested about this, as I don’t know how to do that.

Hi,

Easiest would be writing a plugin and attach it to onWebLogin and onModxInit.
You check if it is the first login, and if it is then redirect user to password change page.
To check if it is the first login you could define user attribute “first_login” = 1 on registration, and change it only if password has been changed and activated (afair its useExtended option in Register snippet)
Not too much of coding… and the user can’t click out.

I’ve done something similar but for manager, where password expires after X days, password has to meet certain criteria (impossible with default modx validation) and the session expires after X minutes of inactivity (keyboard, ajax etc). User is able to login but can’t do anything (connectors included) unless password is changed and activated. It is certainly doable without hacking core, and works just fine.

1 Like