May I know how to setup a user who is not allowed to change neither the password nor username?Like the non-editing teacher in the demo course here.
Thank you very much
I found it, just adding the restricted username in config.php and remove the leading "//". Sorry for rising a question without reading carefully.
in line 145
// $CFG->restrictusers = 'teacher,fred,jim';
in line 145
// $CFG->restrictusers = 'teacher,fred,jim';
Hi Axel,
I want the same but cannot get this to work.
I just want nobody to be able to change their passwords, it the line 145 thing works than I will have to add all my users there, is this really the only way?
Thanks in advance
What if you want to create a student account like this? I've tested it and it doesn't seem to work for that purpose.
Did anyone ever find an easier way to not allow students to change their passwords in moodle?
Bump
Joseph
Joseph
Got it!
Using latest version of Moodle 1.5.3 stable.
Recipe to prevent a user from changing their password.
On my test site I want to give access to a test course for people to test out some quizzes. It is not good enough to give them guest access, since guests are not allowed to take quizzes (there are workarounds which entail hacking the php code, but I want to avoid them). So I create a student account: Username = "student", Password = "student". And I make this Username and Password known to potential visitors. However, I want to avoid the possibility for visitors logged in as student to change the password, because this would prevent other potential visitors to use the account or I, as admin, would have to reset the password every now and then.
What I really want is to make it impossible for student "student" to change their password.
1. In config.php, add the line $CFG->restrictusers = 'student';
2. In \moodle\user\view.php, there is a condition which will prevent the display of the Change Password button on the View|Profile page, and this is just what I want:
if ($currentuser and !isguest() and !is_restricted_user($USER->username)) {
3. Unfortunately, a similar condition is absent from \moodle\blocks\admin\block_admin.php. So, if that block is displayed in my course, then the "student" user will see a link to Change Password page and will be able to change their password.
Hack to prevent this: in \moodle\blocks\admin\block_admin.php, around line 185, change:
$this->content->items[]='<a href="'.$CFG->wwwroot.'/login/change_password.php?id='.$this->instance->pageid.'">'.get_string('changepassword').'</a>';
to
if (!is_restricted_user($USER->username)) {
$this->content->items[]='<a href="'.$CFG->wwwroot.'/login/change_password.php?id='.$this->instance->pageid.'">'.get_string('changepassword').'</a>';
}
Joseph
PS Posted as bug report #4627
Actually, a more radical solution would consist in not displaying the Administration block at all for restricted users!
Hack to achieve this: in \moodle\blocks\admin\block_admin.php, around line 160, change:
} else if (!isguest() ) { // Students menu
to
} else if (!isguest() and !is_restricted_user($USER->username)) { // Students menu
Tried and tested on Moodle 1.5.3 stable.
Joseph
Joseph - This was on one of my to-lists
thanks
OOOps... forgot password button on user view page...
thanks
OOOps... forgot password button on user view page...
Hi Sue,
You wrote "OOOps... forgot password button on user view page..."
See my message above:
2. In \moodle\user\view.php, there is a condition which will prevent the display of the Change Password button on the View|Profile page, and this is just what I want:
You wrote "OOOps... forgot password button on user view page..."
See my message above:
2. In \moodle\user\view.php, there is a condition which will prevent the display of the Change Password button on the View|Profile page, and this is just what I want:
if ($currentuser and !isguest() and !is_restricted_user($USER->username)) {
no problem: password button is not displayed on user view page
Joseph
Thanks again Joseph, I have them all now this was a good hack.
sue
sue
Hi Joseph,
I followed your advice and successfully configured. I made a list of restricted users ---- i.e. every students are restricted users. They are not allowed to change their passwords. Thanks and it works for 5 months. But now, .... this year, when we try not to enrol students manually (as such we did in the past) and let them enrol in some selective courses, all of them failed to do so.
I found out that courses (eg. Course A) that do not need a password to enrol refuse to accept the "restricted users" to enter. Moreover, even I gave the "restricted users" the enrollment keys to some other courses (e.g. Course B), the restricted users are not given a screen to key in password or "key". They are simply refused. I double check the situation by removing one student from the restricted user list, and he could then successfully enrol in Courses A and B. But at the same time, he could change his password.
Any ideas ?
James
James -
I am working this through for my test site before I change my production site, but I wanted to ask (as some one has above), did you really have to add each and every student username to the list in config.php? Yikes!
- Sherry
I am working this through for my test site before I change my production site, but I wanted to ask (as some one has above), did you really have to add each and every student username to the list in config.php? Yikes!
- Sherry
Hi, Sherry
Thanks for your reply and ...it's a good question. As a matter of fact, I always ask myself the same question: is there a simpler way to configure the user on the page of admin/auth.php.
For example,
A. if there are some options for us to tick and select, like: (P.S. the "role" down here is NOT intended to mean the one now we have in Moodle 1.7, it's only a suggested term to use because I think some users of Moodle 1.6+ or even 1.5+ would like to solve the same problem)
1. What role(s) of users do you want them to see other user's information including ....?
- option 1: names on "Message Search"
- option 2: email
- option 3: phone number
- ...etc
- role 1: admin
- role 2: teachers
- role 3: students
- role 4: specific restricted users
- ...etc
2. What role(s) of users do you want them NOT to change their own information including ...?
- option 1: password
- ...etc (however, now we can hack the file, user/edit.php and add whatever item we want to lock/unlock except "passwords"? I 'm not sure about this, sorry I haven't tried!)
- role 1: teachers
- role 2: students
- ...etc
Or,
B. how about adding another types of users, e.g. $CFG->restrictpasswords = students, true (or false); ....something like that.... only a suggestion!
I'm not sure if any one of the above sounds reasonable. But I'm sure my teachers and I keep adding student names under "restrictusers" is a boring job and ... quite a burden. Still, we have to follow the school policy.
Any suggestions? I hope I can help.
Cheers
James
Hi, ive found you recipe very handy, bu i´ve realized it doesn work with my 1.7, is there a way to achieve this again with a new hack becasue roles doesnt seem to offer the prevention of password change.
Greetings
Michael
Greetings
Michael
Hi all,
The easiest way is deleting file change_password.php from login directory or renaming it to a desired filename. in this way nobody can change password but you can do it by means of the renamed file.
It is clear that admin can do this from profile of users.
Bye.
Do you still have to edit the config.php in version 1.8 and if so doesn't this make this change global for every student in every course?
I want to be certain before I make this change for a user who has requested it.
Thanks
Running Version 1.7
Need to turn off the Change Password option/button within profile.
Am not a coder (don't 'do' .php) so am a little confused by all that has gone before (plus I noticed a lot of it related to V1.5.
Anyhoo, can someone please direct me to the relevant pages and give clear directions as to what I need to do to disable Change Password (or can I just set a page to display in the authentication settings that direct them to a html page that tells them to contact our Help Desk for assistance - which is what we want them to do!).
Thanks
Need to turn off the Change Password option/button within profile.
Am not a coder (don't 'do' .php) so am a little confused by all that has gone before (plus I noticed a lot of it related to V1.5.
Anyhoo, can someone please direct me to the relevant pages and give clear directions as to what I need to do to disable Change Password (or can I just set a page to display in the authentication settings that direct them to a html page that tells them to contact our Help Desk for assistance - which is what we want them to do!).
Thanks
You may want to check out
http://docs.moodle.org/en/Capabilities/moodle/user:changeownpassword
and not allow students or teachers to have this capability
Peace - Anthony
http://docs.moodle.org/en/Capabilities/moodle/user:changeownpassword
and not allow students or teachers to have this capability
Peace - Anthony
Unfortunately, the "disable password change" is bypassed when the student clicks login, then clicks on "forgotten your username and password" link
On bulk upload users, the user login forcing to change the password. How to disable this user password change in admin interface itself. Suggest on this.
I went to
Admin > Users > Permissions > Define Roles > Authenticated user
and set changeownpassword to Prohibit
Scroll down and Save
As well as doing what Khalil Amar says, you can remove the possibility of changing the password if they forget it on the login screen.
To do so, you have to edit the following file: login/index_form.html
and remove the following line (about line 57):
<div class="forgetpass"><a href="forgot_password.php"><?php print_string("forgotten") ?></a></div>Or comment it out:
<!-- <div class="forgetpass"><a href="forgot_password.php"><?php print_string("forgotten") ?></a></div> -->