2010-08-28, 02:11 PM
This is my first MyBB plugin so I'm not expecting everything to be done properly or fully working.
This plugin allows an admin to force a certain user to change their password. From the ACP the admin types in the username of the user and then the next time that user is logged in and accesses a page they will be forcefully re-directed to the MyBB change password form until they change their password. It's compatible with 1.6 only.
There shouldn't be any security issues because this plugin never actually handles a password, it just hooks into the existing system for changing a password.
The only issue I can think of is that if someone is in the middle of typing a post and then before they hit Post the admin forces them to change password, that post will be lost. I'd be grateful if people tested this scenario. The work-arounds for this issue are only redirect users from index.php and hope they eventually land on it, or detect when a user is in the middle of posting something and don't redirect them at that point. Both are possible, but I'd like to hear what you guys think would be best.
I'd like a few people to test it for me before I submit it to the mods site. Please don't test on a live forum, or at least only do it on a user that you created. I also wouldn't do it to the super-admin account while it's in beta, just in case.
Attached is the ZIP file with instructions for installation and stuff, it's fairly self-explanatory.
UPDATED: I've just fixed a bug which would've caused the plugin to fail on forums not installed in a sub-directory. I have also added detection for $mybb->request_method == post as suggested by Aquilez. So it shouldn't redirect the user if they are submitting data anywhere.
This plugin allows an admin to force a certain user to change their password. From the ACP the admin types in the username of the user and then the next time that user is logged in and accesses a page they will be forcefully re-directed to the MyBB change password form until they change their password. It's compatible with 1.6 only.
There shouldn't be any security issues because this plugin never actually handles a password, it just hooks into the existing system for changing a password.
The only issue I can think of is that if someone is in the middle of typing a post and then before they hit Post the admin forces them to change password, that post will be lost. I'd be grateful if people tested this scenario. The work-arounds for this issue are only redirect users from index.php and hope they eventually land on it, or detect when a user is in the middle of posting something and don't redirect them at that point. Both are possible, but I'd like to hear what you guys think would be best.
I'd like a few people to test it for me before I submit it to the mods site. Please don't test on a live forum, or at least only do it on a user that you created. I also wouldn't do it to the super-admin account while it's in beta, just in case.
Attached is the ZIP file with instructions for installation and stuff, it's fairly self-explanatory.
UPDATED: I've just fixed a bug which would've caused the plugin to fail on forums not installed in a sub-directory. I have also added detection for $mybb->request_method == post as suggested by Aquilez. So it shouldn't redirect the user if they are submitting data anywhere.