diff --git a/database-update.sql b/database-update.sql
index e69de29bb..42c8261db 100644
--- a/database-update.sql
+++ b/database-update.sql
@@ -0,0 +1 @@
+ALTER TABLE users ADD can_modify_passwd TINYINT NOT NULL DEFAULT 1;
diff --git a/html/includes/authentication/mysql.inc.php b/html/includes/authentication/mysql.inc.php
index 08b379b8c..d605fac92 100644
--- a/html/includes/authentication/mysql.inc.php
+++ b/html/includes/authentication/mysql.inc.php
@@ -27,9 +27,20 @@ function authenticate($username,$password)
return 0;
}
-function passwordscanchange()
+function passwordscanchange($username="")
{
- return 1;
+
+
+ /*
+ * By default allow the password to be modified, unless the existing
+ * user is explicitly prohibited to do so.
+ */
+
+ if (empty($username) || !user_exists($username)) {
+ return 1;
+ } else {
+ return @mysql_result(mysql_query("SELECT can_modify_passwd FROM users WHERE username = '".mres($username)."'"),0);
+ }
}
/**
@@ -65,12 +76,12 @@ function auth_usermanagement()
return 1;
}
-function adduser($username, $password, $level, $email = "", $realname = "")
+function adduser($username, $password, $level, $email = "", $realname = "", $can_modify_passwd='1')
{
if (!user_exists($username))
{
$encrypted = crypt($password,'$1$' . generateSalt(8).'$');
- mysql_query("INSERT INTO `users` (`username`,`password`,`level`, `email`, `realname`) VALUES ('".mres($username)."','".mres($encrypted)."','".mres($level)."','".mres($email)."','".mres($realname)."')");
+ mysql_query("INSERT INTO `users` (`username`,`password`,`level`, `email`, `realname`, `can_modify_passwd`) VALUES ('".mres($username)."','".mres($encrypted)."','".mres($level)."','".mres($email)."','".mres($realname)."','".mres($can_modify_passwd)."')");
}
return mysql_affected_rows();
diff --git a/html/pages/adduser.inc.php b/html/pages/adduser.inc.php
index 67f605a64..cb3128d23 100644
--- a/html/pages/adduser.inc.php
+++ b/html/pages/adduser.inc.php
@@ -18,8 +18,15 @@ else
{
if (!user_exists($_POST['new_username']))
{
+
+ if (isset($_POST['can_modify_passwd'])) {
+ $_POST['can_modify_passwd'] = 1;
+ } else {
+ $_POST['can_modify_passwd'] = 0;
+ }
+
# FIXME: missing email field here on the form
- if (adduser($_POST['new_username'], $_POST['new_password'], $_POST['new_level'], '', $_POST['realname']))
+ if (adduser($_POST['new_username'], $_POST['new_password'], $_POST['new_level'], '', $_POST['realname'], $_POST['can_modify_passwd']))
{
echo("User " . $_POST['username'] . " added!");
}
@@ -45,14 +52,12 @@ else
echo("Please enter a password!
");
}
echo("Realname
");
- ?>
-
-
");
-
+
");
+ echo(" Allow the user to change his password.
");
echo(" ");
echo("");
}
diff --git a/html/pages/preferences.inc.php b/html/pages/preferences.inc.php
index 553a815fe..99bdbd371 100644
--- a/html/pages/preferences.inc.php
+++ b/html/pages/preferences.inc.php
@@ -32,7 +32,7 @@ echo("");
echo("