Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-4627

password change not disabled for restricted users in block_admin.php

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.5.3
    • Fix Version/s: None
    • Component/s: Blocks
    • Labels:
      None
    • Environment:
      All
    • Affected Branches:
      MOODLE_15_STABLE

      Description

      Suppose I have an account for a student called student and I want to make it impossible for him to change his password.

      1. In config.php, add the line $CFG->restrictusers = 'student';

      2. In \moodle\user\view.php, there is a condition which will prevent the display of the Change Password button on the View/Profile page, and this is just what I want:

      if ($currentuser and !isguest() and !is_restricted_user($USER->username)) {

      3. Unfortunately, a similar condition is absent from \moodle\blocks\admin\block_admin.php. So, if that block is displayed in my course, then the student user will see a link to Change Password page and will be able to change their password.angry

      Hack to prevent this: in \moodle\blocks\admin\block_admin.php, around line 185, change:

      $this->content->items[]='<a href='.$CFG->wwwroot.'/login/change_password.php?id='.$this->instance->pageid.'>'.get_string('changepassword').'</a>';

      to

      if (!is_restricted_user($USER->username))

      { $this->content->items[]='<a href='.$CFG->wwwroot.'/login/change_password.php?id='.$this->instance->pageid.'>'.get_string('changepassword').'</a>'; }

      Joseph

        Gliffy Diagrams

          Activity

          Hide
          dougiamas Martin Dougiamas added a comment -

          From Joseph R?zeau (joseph.rezeau at uhb.fr) Thursday, 26 January 2006, 01:28 AM:

          Actually, a more radical solution would consist in not displaying the Administration block at all for restricted users!

          Hack to achieve this: in \moodle\blocks\admin\block_admin.php, around line 160, change:

          } else if (!isguest() )

          { // Students menu to }

          else if (!isguest() and !is_restricted_user($USER->username)) { // Students menu

          From Jon Papaioannou (pj at moodle.org) Sunday, 29 January 2006, 03:32 AM:

          This is mainly cosmetic and not a serious issue, as hiding the link is of course no security at all. The change password page does not allow you to change your password if you 're restricted (try submitting the form).

          Of course it's good to be consistent across Moodle, so I 've just implemented your suggestion for hiding the change password link. Thanks!

          From Joseph R?zeau (joseph.rezeau at uhb.fr) Sunday, 29 January 2006, 05:54 AM:

          Thanks!

          Joseph

          Show
          dougiamas Martin Dougiamas added a comment - From Joseph R?zeau (joseph.rezeau at uhb.fr) Thursday, 26 January 2006, 01:28 AM: Actually, a more radical solution would consist in not displaying the Administration block at all for restricted users! Hack to achieve this: in \moodle\blocks\admin\block_admin.php, around line 160, change: } else if (!isguest() ) { // Students menu to } else if (!isguest() and !is_restricted_user($USER->username)) { // Students menu From Jon Papaioannou (pj at moodle.org) Sunday, 29 January 2006, 03:32 AM: This is mainly cosmetic and not a serious issue, as hiding the link is of course no security at all. The change password page does not allow you to change your password if you 're restricted (try submitting the form). Of course it's good to be consistent across Moodle, so I 've just implemented your suggestion for hiding the change password link. Thanks! From Joseph R?zeau (joseph.rezeau at uhb.fr) Sunday, 29 January 2006, 05:54 AM: Thanks! Joseph
          Hide
          mblake Michael Blake added a comment -

          Temporary transition to reassign bug to "pj".

          Show
          mblake Michael Blake added a comment - Temporary transition to reassign bug to "pj".
          Hide
          mblake Michael Blake added a comment -

          Re-closing bugs after re-assigning to "pj".

          Show
          mblake Michael Blake added a comment - Re-closing bugs after re-assigning to "pj".

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: