Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-4627

password change not disabled for restricted users in block_admin.php

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.5.3
    • Fix Version/s: None
    • Component/s: Blocks
    • Labels:
      None
    • Environment:
      All
    • Affected Branches:
      MOODLE_15_STABLE

      Description

      Suppose I have an account for a student called student and I want to make it impossible for him to change his password.

      1. In config.php, add the line $CFG->restrictusers = 'student';

      2. In \moodle\user\view.php, there is a condition which will prevent the display of the Change Password button on the View/Profile page, and this is just what I want:

      if ($currentuser and !isguest() and !is_restricted_user($USER->username)) {

      3. Unfortunately, a similar condition is absent from \moodle\blocks\admin\block_admin.php. So, if that block is displayed in my course, then the student user will see a link to Change Password page and will be able to change their password.angry

      Hack to prevent this: in \moodle\blocks\admin\block_admin.php, around line 185, change:

      $this->content->items[]='<a href='.$CFG->wwwroot.'/login/change_password.php?id='.$this->instance->pageid.'>'.get_string('changepassword').'</a>';

      to

      if (!is_restricted_user($USER->username))

      { $this->content->items[]='<a href='.$CFG->wwwroot.'/login/change_password.php?id='.$this->instance->pageid.'>'.get_string('changepassword').'</a>'; }

      Joseph

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: