When I use the role "guest user" in a course, the one where the user actually has to log on with a user name and password, I'd like to be able to prevent someone using that role from being able to change the password (in "my profile"), or any of the other settings. This is because I'd like multiple people to be able to share the guest role using the same logon name and password. Is there a way to do this? I know I can use a general guest logon for all users, where they only need to enter a password, but I would actually like to create groups of guest users, which would require setting up separate logon names and passwords for each group. Thanks.
Prevent authenticated guest user role from changing password
by Dean Freedman -
Number of replies: 5
In reply to Dean Freedman
Re: Prevent authenticated guest user role from changing password
by Stefan Nychka -
Hi. Guest is a role, not a user. There could be a pswd. associated with it, but there's one and only one; best to think of it as a role to which you need a pswd.
But, do you need/want a password? Why not allow guest access sans pswd.?
So, what exactly are you trying to do?
Also, what version of Moodle are you using? If guest is the way to go, note for 2.0.x, x <= 2, it seems non-auto guest access (i.e., the guests have to click a login button, which may include a pswd.) is broken.
If you are providing this group of users access to ony 1 course, use a guest key instead.
If you want access to your site in general, or at least multiple courses comprising access to a subset of the courses, then create a role with the appropriate permissions, set up a means of authentication (e.g., LDAP, or, if you want less security but more convenience, just the standard, built-in, manual accounts), create a role with whatever special permissions you want (this is strongly implied in your message), and assign that role to all the users.
With more info, I'll be able to help you with all or at least some of what you want done, and it's more likely others will be able to fill in any gaps.
Cheers
P.S. I am leaving on holidays soon, fly-fishing in particular, so will be w/o net access and there will be a wait. Still, others may respond in the mean time.
In reply to Stefan Nychka
Re: Prevent authenticated guest user role from changing password
by Dean Freedman -
Thanks, Stefan. I would like to create an authenticated user role "guest" that has no access to make changes to their user profile settings -- like the password -- using Moodle 2.0. It seems from your posting here that there are some current issues with that. What I've been able to do is set up the guest role (the kind that uses both user name and password to log on), but I have not been able to prevent the guest from changing their user profile.
I would like to have that role handy for all courses, so I can easily set up groups of people within a course who have guest access, all using the same user name and password. If I can do this by limiting certain permissions for that role, that would be great, but I don't know which permissions to limit or where to find them.
-- Dean
In reply to Dean Freedman
Re: Prevent authenticated guest user role from changing password
by Stefan Nychka -
Hi.
I tried this in 2.0.2, and got it to work. Even though the following's long, I don't quite describe everything in detail, and can explain certain steps more if needed.:
- Go to
Home >> Site administration >> Plugins >> Authentication >> Manage authentication
and ensure Guest login button is set to Show
- I could not login as user 'guest' when this was hidden, even though I used the Login button, not the Login as a guest button ... this seems very odd.
- I could not login as user 'guest' when this was hidden, even though I used the Login button, not the Login as a guest button ... this seems very odd.
- Go to
Home ► Site administration ► Plugins ► Enrolments ► Manage enrol plugin
and ensure Guest access is set to enabled (i.e., the eye is open). - Go to
and ensure Auto-login guests is unchecked. - I then went to the mysql db--I use the Linux command prompt, and used the mysql command to get to the mysql command prompt--and noticed my guest password was something other than guest.
I changed it to a hashed form of a password for another user whose pswd I knew (otheruser below). I copied-and-pasted to do this, and used the two commands below (hashes have been altered)
mysql> select username,password from mdl_user where username="guest" or username="otheruser";
+----------+---------------------------------------+
| username | password |
+----------+---------------------------------------+
| guest | klmasd90fuamd908239d9081io4jcc0dfj |
| otheruser| as0d98c90fauqoj9falisdjcnd09jas90duf |
+----------+---------------------------------------+
2 rows in set (0.03 sec)
mysql> update mdl_user set password="as0d98c90fauqoj9falisdjcnd09jas90duf" where username="guest";- You shouldn't have to do this ... at some point, our guest password got changed, apparently.
- You should just be able to use Linux's md5 command to generate a hash for a given pswd. ... just remember to use echo -n, as newlines got me screwed up.
- You could also use http://www.md5.net/, although for all I know they may store the password and your ip, although I highly doubt it. They fairly easily could, though.
- Ensure courses these users should access are available to guests.
- Then, have your users login with username guest, and whatever password you chose.
They must use the Login button, not the Login as a guest button.
You don't need to worry about the Guest role, as guest is automatically given this role, and guest cannot change its profile (it probably doesn't have one like other users do) nor its password.
Related notes:
- See the avoid guest login in Moodle 2 (confused) thread and the Guest login problem thread for related information ... there could be other issues.
- You may need to set things appropriately in other areas
- Elsewhere at Home ► Site administration ► Users ► Permissions ► User policies
- Ensure your Guest role has the proper permissions, although I'd highly recommend not fiddling with this at all Home► Site administration► Users► Permissions► Define roles
- At Home► Site administration► Plugins► Enrolments► Guest access
- This'll change guest access for all guest access, though.
You could instead create a new role (let's call it SpecialGuest), have the Guest role as its archetype (assuming your Guest role is set to its defaults), create a new account and add that account to the target courses with role SpecialGuest.
Give the users the user name and pswd for this account. - If you want each user to have a separate account, create SpecialGuest as briefly described in the previous bullet, create each account with the same password, and add each account to the target courses.
- Note with the last 2 bullets
- you can speed things up using another auth method, likely, like LDAP (I can't help you with this), and/or can use the Home► Site administration► Users► Accounts► Upload users; and
- be aware of the Authenticated User role, as this may interfere with and override SpecialGuest permissions ... you may need to remove Authenticated User from the list of roles for the user/users.
In reply to Stefan Nychka
Re: Prevent authenticated guest user role from changing password
by Nisreen Ghorani -
Hi Stefan,
I have my moodle v 2.1.1 hosted on www.hft-dprs.com/moodle and I have the problem of Guest login, Pressing the login as guest button give the error "invalid login, please try again", I’m working on windows OS and I tried the steps have read in forum:
Database solution to change (mnethostid from 1 to 0). Now it’s 1.
Then I went through your steps mentioned above
- Site administration ► Plugins ► Authentication ►Manage authentication Set "Guest login button" is "Show.
- Site administration ► Plugins ► Enrolments ► Manage enrol plugin (Guest access is set to enabled)
- Then here I tried both check and uncheck Auto-login guests from Site administration ► Users ► Permissions ► User policies.
- Finally I changed the long password of the guest user in mysql to something else and tried to login with user name guest and my new password, even though nothing changed.
P.S: I also have the same moodle installed on the local machine with the default setting come with moodle installation and guest user work good!
Please advise.
In reply to Nisreen Ghorani
Re: Prevent authenticated guest user role from changing password
by Stefan Nychka -
Hi.
Basically, I don't know, and only have a few guesses that may help:
- What happened when you checked auto-login guest?
- You need to also, within a course, enable the guest enrollment option, and set it so the course is guest accessible (I or someone else can explain further if needed ... both are likely documented fairly well elsewhere on this site, too) ... especially with auto-login guest checked, users should be able to access the course.
- Ensure how you're changing the pswd. is correct: create a user, then change their pswd via mysql, and and ensure it works. (e.g., quoting if you're on Windows--I'm on Linux--may be different)
I've never been an admin for 2.1.x, so there may be differences.
Sorry for responding so late. I haven't been keeping tabs that closely on moodle.org posts over the last few months.