We are about to open a new LMS site with moodle for an organization here in Greece and we will manually register all the users, nearly 5000, with a txt file.
What we were wondering is this, is there a way to prompt all 5000 users simultaneously to change the password given to them the first time they login? Instead of doing it manually from their profiles.
Is this possible? Any ideas?
Thank you very much in advance
I've never done it, but I think that if you set their password to changeme that forces them to change their password as soon as they log on.
The downside of that, of course, is that until someone logs in and changes their password their account is wide open, because every one of your 5,000 users will know the password for the other 4,999! It would be handy if you could set passwords to something a bit more secure which few other people will know, like their date of birth, but I can't find any way of then automatically ticking the Force password change box. It would be useful if that could be incorporated into a future release - just adding that field as an option to the field list in the upload process, so it could be set to either 0 or 1 in the text file.
Thank you Chris,
I will try it and see what happens but yes it would be a handy tool that could be added in a future realease of moodle.
You are right with the password method you suggested. That method, as you have also acknowledged, has a big security loophole. I used this method in configuring our moodle site it was largely abused. Remember some users, been what they are, will never change their password no matter what you tell them.
I will suggest you use the in-built method "forgot password" to allow moodle to forward password to users on first attempt. This means, you will configure a password for all users and keep the password to yourself. This means, users email addresses must be rightly configured to allow the password to be forwarded rightly.
Using the "Forgot password" facility is a useful workaround - I hadn't thought of that! You'd need something to generate unique passwords when you created the accounts - random strings like "ytH7pL4r" would do, and something that hard to remember should encourage them to change their passwords to something more memorable!
Using 'changeme' as the password does have a huge security hole, but I think (though I've never tried it) that if Moodle sees 'changeme' as the password it forces the user to change it immediately whether they want to or not, so it would force them to close the loophole for their own account. It's still not entirely satisfactory though, because any accounts which haven't yet been used by the legitimate owner would still be at risk from being used by others.
Thank you all
i think changeme will not be a secure way because all user can think other users username and then get their account.
i want to attend all my users random passwords and then send these passwords to their e-mail addresses.After they get the mail address they'll login my moodle page and they'll change their passwords.
is there anyway to do it?
I do something similar using phpmyadmin. I set the password to a particular word for a given course. Perhaps the attached queries will help point you in the right direction for what you desire to do.
UPDATE mdl_user_students as mus, mdl_user as u
WHERE mus.userid=u.id and u.lastaccess=0 and mus.course=xxxx ;
INSERT INTO mdl_user_preferences
(userid, name, value)
SELECT u.id, 'auth_forcepasswordchange', 1
FROM mdl_user_students as mus, mdl_user as u
WHERE mus.userid=u.id and u.lastaccess=0 and u.password=md5('password') and mus.course=xxxx ;