The following code will force users to change their passwords on their next login attempt and will set the lifetime of a password to 365 days (only if it is currently set to zero).
These changes only apply to users who are NOT admin users with the “is_root” property == ‘Y’. I.e. the primary admin should be unaffected.
This same code will work on all versions but needs to be installed in different locations depending on whether you are V4 or earlier.
Follow the instructions in the comments.
It is reasonably well tested and should work in PRO, ULTIMATE and MVE environments.
<br />
<?php<br />
<br />
/*<br />
* For V4, copy this file to app/addons/my_changes/controllers/backend/my_changes.php<br />
* Make sure the My Changes addon is active<br />
* Then run this url: [your_domain_admin.php]?dispatch=my_changes.reset_user_passwords<br />
*<br />
* For V2/V3, copy this file to addons/my_changes/controllers/admin/my_changes.php<br />
* Make sure the My Changes addon is active<br />
* Then run this url: [your_domain_admin.php]?dispatch=my_changes.reset_user_passwords<br />
*<br />
* What will it do?<br />
* - Changes the last password change timestamp to 1969 for all "Non admin root" users.<br />
* - Changes the required password change time to 1 year if it is set to zero. If set to some other<br />
* value then it leaves this alone.<br />
* - Any user (admin, supplier, vendor or customer other than a root-admin-user) will be required to<br />
* change their password.<br />
* - You will see a yellow warning message after this completes.<br />
*<br />
* You might see a message indicating that you need to change your password. You can close that message<br />
* and ignore it if you are logged in as the root admin.<br />
*/<br />
<br />
if( !defined('PRODUCT_VERSION') ) die('Access denied');<br />
<br />
if( version_compare(PRODUCT_VERSION, '4.0.0', '<') )<br />
if( !defined('AREA') ) die('Access denied');<br />
else<br />
if( !defined('BOOTSTRAP') ) die('Access denied');<br />
<br />
switch($mode) {<br />
case 'reset_user_passwords':<br />
$user_ids = db_get_fields("SELECT user_id FROM ?:users WHERE is_root != 'Y'");<br />
$user_count = count($user_ids);<br />
db_query("UPDATE ?:users SET password_change_timestamp=1 WHERE is_root != 'Y'");<br />
db_query("UPDATE ?:users SET password_change_timestamp=?i WHERE is_root = 'Y'", TIME);<br />
$msg = "<br/>Your previous password expiration was set to zero. It has been reset to 365.";<br />
if( version_compare(PRODUCT_VERSION, '3.0.0', '<') ) {<br />
$cur_days = db_get_field("SELECT value FROM ?:settings WHERE option_name='admin_password_expiration_period'");<br />
if( !$cur_days ) {<br />
db_query("UPDATE ?:settings SET value = 365 WHERE option_name = 'admin_password_expiration_period' AND value = 0");<br />
} else {<br />
$msg = '';<br />
}<br />
} else {<br />
$cur_days = db_get_field("SELECT value FROM ?:settings_objects WHERE name='admin_password_expiration_period'");<br />
if( !$cur_days ) {<br />
db_query("UPDATE ?:settings_objects SET value = 365 WHERE name = 'admin_password_expiration_period' AND value = 0");<br />
} else {<br />
$msg = '';<br />
}<br />
}<br />
<br />
fn_set_notification('W', "Force password change", "'$user_count' users will be asked to change their passwords next time they login.$msg", true');<br />
fn_redirect(empty($index_script) ? "/" : $index_script);<br />
break;<br />
}<br />
return array(CONTROLLER_STATUS_OK);<br />
<br />
?><br />