In the old system, I modified login.pm (or .pg) and tested to see if sending the username in both the username and password fields would authenticate. If it did, I sent them straight to the change password script.
I'm not sure how to replicate that in the new version of WeBWorK. Any help would be greatly appreciated.
This sounds like something that you'd want to put into a Authen->site_checkPassword subroutine. I'm thinking of the following logical structure: put in a bogus password for the user, so that the standard checkPassword routine is guaranteed to fail. Then in site_checkPassword, check to see if the username and password fields are the same and the password in the database is whatever bogus value you set, and if so authenticate and redirect to the password change form.
If you look in webwork2/lib/WeBWorK/Authen.pm for the sub checkPassword you'll see an example there. Off the top of my head I don't remember where the redirect wants to go. I think it may be possible to reset the location or uri in the request object to get the dispatcher to redirect to the password page (which is $courseID/options/). Perhaps someone else can chime in on that.
I would also like to force students to change their password the first time they log in. Is there a good way to do this in Webwork 2.9?
I am new to Webwork, so any suggestions or assistance would be very much appreciated. I am currently setting up a small scale server for a single section.