petersplugins/pp-wp-snippet-force-new-password.php

## pp-wp-snippet-force-new-password.php
<?php
// This code snippet forces a new created user to change his password on first login

// To identify if a user changed his password we'll add an user meta key named password-changed when a user changes his password

// A new created user does not have this meta - so we know, he has to changed his password yet
// To force an user again to change his password we'd only have to delete the meta key

// Add a custom function to current_screen which is an admin hook triggered after the necessary elements to identify a screen are set up
add_action( 'current_screen', 'check_password_changed' );

// This custom function checks if the currently logged in user has changed his passowrd at least once
// If not we redirect him to his profile page - it is not possible to access anything else inside the admin area
function check_password_changed( $current_screen ) {

  if ( 'YES' !== get_user_meta( get_current_user_id(), 'password-changed', true ) ) {

    // The user has to be forced to change his password, so we redirect him
    // But first we have to change if we are not on the profile screen to avoid an endless loop
    // Thanfully the current_screen hook provides a WP_Screen object as parameter
    if ( 'profile' !== $current_screen->base ) {
      wp_redirect( admin_url( 'profile.php' ) );
	    exit;
    }

  }

}

// Add a custom function to inform the user, that he has to change his password
add_action( 'admin_notices', 'notice_password_change' );

// This custom function informs the user that he has to change his password
function notice_password_change() {

  if ( 'YES' !== get_user_meta( get_current_user_id(), 'password-changed', true ) ) {

    // The user has not changed his password yet
    // So we show him a message
    // We don't have to check which screen we are on because we know that he only can access the profile
    echo '<div class="error"><p><strong>You must change your password to get access to the admin area!</strong></p></div>';

  }

}

// Add a custom function to add meta data when a user changes his password
add_action( 'personal_options_update', 'update_password' );

// This function adds the meta data on password change
function update_password( $user_id ) {

  // Check if we have two matching passwords
  // Newer WP version automatically set the second one via JavaScript - we dont' have to care about
  if ( isset( $_POST['pass1'] ) && isset( $_POST['pass2'] ) && !empty( $_POST['pass1'] ) && ! empty( $_POST['pass1'] ) && $_POST['pass1'] == $_POST['pass2'] ) {

    // Two passwords where posted and they match - this means the password was changed successfully
    // The current user ID is provided as parameter
    // We use update_user_meta() instead of add_user_meta(), so we don't have to care if the key already exists or not
    update_user_meta( $user_id, 'password-changed', 'YES' );

  }

}
?>
	<?php
	// This code snippet forces a new created user to change his password on first login

	// To identify if a user changed his password we'll add an user meta key named password-changed when a user changes his password

	// A new created user does not have this meta - so we know, he has to changed his password yet
	// To force an user again to change his password we'd only have to delete the meta key

	// Add a custom function to current_screen which is an admin hook triggered after the necessary elements to identify a screen are set up
	add_action( 'current_screen', 'check_password_changed' );

	// This custom function checks if the currently logged in user has changed his passowrd at least once
	// If not we redirect him to his profile page - it is not possible to access anything else inside the admin area
	function check_password_changed( $current_screen ) {

	if ( 'YES' !== get_user_meta( get_current_user_id(), 'password-changed', true ) ) {

	// The user has to be forced to change his password, so we redirect him
	// But first we have to change if we are not on the profile screen to avoid an endless loop
	// Thanfully the current_screen hook provides a WP_Screen object as parameter
	if ( 'profile' !== $current_screen->base ) {
	wp_redirect( admin_url( 'profile.php' ) );
	exit;
	}

	}

	}

	// Add a custom function to inform the user, that he has to change his password
	add_action( 'admin_notices', 'notice_password_change' );

	// This custom function informs the user that he has to change his password
	function notice_password_change() {

	if ( 'YES' !== get_user_meta( get_current_user_id(), 'password-changed', true ) ) {

	// The user has not changed his password yet
	// So we show him a message
	// We don't have to check which screen we are on because we know that he only can access the profile
	echo '<div class="error"><p><strong>You must change your password to get access to the admin area!</strong></p></div>';

	}

	}

	// Add a custom function to add meta data when a user changes his password
	add_action( 'personal_options_update', 'update_password' );

	// This function adds the meta data on password change
	function update_password( $user_id ) {

	// Check if we have two matching passwords
	// Newer WP version automatically set the second one via JavaScript - we dont' have to care about
	if ( isset( $_POST['pass1'] ) && isset( $_POST['pass2'] ) && !empty( $_POST['pass1'] ) && ! empty( $_POST['pass1'] ) && $_POST['pass1'] == $_POST['pass2'] ) {

	// Two passwords where posted and they match - this means the password was changed successfully
	// The current user ID is provided as parameter
	// We use update_user_meta() instead of add_user_meta(), so we don't have to care if the key already exists or not
	update_user_meta( $user_id, 'password-changed', 'YES' );

	}

	}
	?>