Editing (v7+)

Prevent users from chaning passwords

Permalink June 11, 2019 at 9:00 AM

Dear community

I'm wondering if there is a way to prevent a useraccount from chaning password. I created one generic user for some documentation files on protected site. This user is shared with some club members all using the same login. But I don't want to give them the permissions to change this user, just use it as it is..

Hope somebody can help

mnakalay replied on Jun 12, 2019 at 6:54 pm Permalink Best Answer Reply

There are several ways of doing it. Here's one that is simple.
Let's say that account is using the email myemail@email.com

Create a file edit_profile.php inside application\controllers\single_page\account

Application\controllers already exists you will have to create the 2 folders single_page and account and the file edit_profile.php inside it.

Then edit the file and add this code to it

<?php
namespace Application\Controller\SinglePage\Account;
use Concrete\Controller\SinglePage\Account\EditProfile as CoreEditProfile;
use User;
class EditProfile extends CoreEditProfile
{
    public function view()
    {
        $u = new user();
        $ui = $u->getUserInfoObject();
        if ($u->isLoggedIn() && $ui->getUserEmail() === "myemail@email.com") {
            $this->redirect('/');
        } else {
            parent::view();
        }

Viewing 15 lines of 17 lines. View entire code block.

 
<?php
namespace Application\Controller\SinglePage\Account;
 
use Concrete\Controller\SinglePage\Account\EditProfile as CoreEditProfile;
use User;
 
class EditProfile extends CoreEditProfile
{
    public function view()
    {
        $u = new user();
        $ui = $u->getUserInfoObject();
        if ($u->isLoggedIn() && $ui->getUserEmail() === "myemail@email.com") {
            $this->redirect('/');
        } else {
            parent::view();
        }
    }
}

Very simply, when you will try to access the page to edit your profile, the code will check if you are logged in and if your email is myemail@email.com. if it is it will redirect you to the home page so you can't access the profile editing page.

There are other more flexible ways of doing it but this one is as simple as it gets.

maraxus replied on Jun 14, 2019 at 10:20 am Permalink Reply

Just tried it and looks like it is not working for me unfortunately still able to open the profile page.

mnakalay replied on Jun 14, 2019 at 10:28 am Permalink Reply

This code is tested and working in 8.5.1 so let's see what could go wrong.
1- what version of Concrete5 are you using?
2- did you replace "myemail@email.com" in the code with the email of the user you want to block?

maraxus replied on Jun 14, 2019 at 11:31 am Permalink Reply

1. I'm on the Version 8.4.5 (and not able to upgrade it further at the moment - concret gives me the feedback that it is up-to-date)
2. yes I replaced it with my user account

mnakalay replied on Jun 14, 2019 at 5:05 pm Permalink Reply

It also works on 8.4.5 on my server.

Maybe you didn't put the file where it was supposed to be?

If you want I can have a quick look for you. Just reach out by private message.

Otherwise, as I said, it's tested and working.

Forums

Editing (v7+)

Prevent users from chaning passwords

Code

Post Reply

Delete Post

Mark Post as Spam

Destroy Spammer

Sign In?