Prevent users from chaning passwords

Permalink
Dear community

I'm wondering if there is a way to prevent a useraccount from chaning password. I created one generic user for some documentation files on protected site. This user is shared with some club members all using the same login. But I don't want to give them the permissions to change this user, just use it as it is..

Hope somebody can help

View Replies: View Best Answer
mnakalay replied on at Permalink Best Answer Reply
mnakalay
There are several ways of doing it. Here's one that is simple.
Let's say that account is using the email [email protected]

Create a file edit_profile.php inside application\controllers\single_page\account

Application\controllers already exists you will have to create the 2 folders single_page and account and the file edit_profile.php inside it.

Then edit the file and add this code to it
<?php
namespace Application\Controller\SinglePage\Account;
use Concrete\Controller\SinglePage\Account\EditProfile as CoreEditProfile;
use User;
class EditProfile extends CoreEditProfile
{
    public function view()
    {
        $u = new user();
        $ui = $u->getUserInfoObject();
        if ($u->isLoggedIn() && $ui->getUserEmail() === "[email protected]") {
            $this->redirect('/');
        } else {
            parent::view();
        }

Very simply, when you will try to access the page to edit your profile, the code will check if you are logged in and if your email is [email protected] if it is it will redirect you to the home page so you can't access the profile editing page.

There are other more flexible ways of doing it but this one is as simple as it gets.
maraxus replied on at Permalink Reply
Just tried it and looks like it is not working for me unfortunately still able to open the profile page.
mnakalay replied on at Permalink Reply
mnakalay
This code is tested and working in 8.5.1 so let's see what could go wrong.
1- what version of Concrete5 are you using?
2- did you replace "[email protected]" in the code with the email of the user you want to block?
maraxus replied on at Permalink Reply
1. I'm on the Version 8.4.5 (and not able to upgrade it further at the moment - concret gives me the feedback that it is up-to-date)
2. yes I replaced it with my user account
mnakalay replied on at Permalink Reply
mnakalay
It also works on 8.4.5 on my server.

Maybe you didn't put the file where it was supposed to be?

If you want I can have a quick look for you. Just reach out by private message.

Otherwise, as I said, it's tested and working.