Improvements (& a little bug fix) on renewal password
During my personal experience in installing and customizing the platform in order to satisfy my customers's requests, I often realize that the renewal password mechanism implemented in the LMS lacks an important (from my point of view) feature: the possibility to configure the renewal procedure in such a manner that it is blocking. As a matter of fact the current version of FormaLms (and the older ones) has a few parameter used for customize this behaviour: you can enable it, disable it, set a password expiration date, etc. In any case, when a certain user logged in and has its password expired the platform firts of all shows the renewal password section: despite of the need of renewal password the user can completely ignore the request and bypass the procedure by perform some other action, such as going to the Certificate Page.
So, what if the you need to impose the password renewal on the user?
Here comes my (little) effort to implement this feature. This patch add one new configuration parameter by which administators can decide to transform the renewal password procedure in a blocking or a non blocking one.
So, please find my patch in the zip file in attachment. Here is the structure of the archive:
Follow these steps to "install" it:
1. Unzip the archive
2. Import the file renewalpassword-blocking.sql on the database of your FormaLms installation
3. Copy and paste the entire content of the folder formaLms that you find in the unzipped archive inside the root directory of your formalms project.
4. Enjoy it, configuring properly in the administration panel (Main > Configurations > Configurations > User).
As you can see only a few files are changed. You can easily find the changes inside the code looking for my name inside the code.
Hope this can be helpful to the community!
p.s. The little bug fix mentioned in the subject refers to a very little adjustment inside lib.aclmanager.php: without it the function responsible for fetching some important user fields from the DB would fetch less fields than required. In particular the original query doesn't fetch "force_change" field from the user's record, making the renewal procedure completely unreachuble by the system (no one could even simply see the password renewal section).