I'm installing WeBWorK 2.5 to replace a very old and very customized WeBWorK 1.9 system. The new system, like the old, will be used exclusively to give quizzes to students in a controlled environment. Since it's easy to set up a course where the username and password are the same initially, that's what we do. I have been asked to force the student's to change their password at their first login and prevent them from using their username as the password, since their usernames will be their student id numbers.
In the old system, I modified login.pm (or .pg) and tested to see if sending the username in both the username and password fields would authenticate. If it did, I sent them straight to the change password script.
I'm not sure how to replicate that in the new version of WeBWorK. Any help would be greatly appreciated.
Thanks.
Mark
Hi Mark,
Bill Wheeler has recently been working on authentication a lot but from a different viewpoint (see the previous post http://webwork.maa.org/moodle/mod/forum/discuss.php?d=2719 ). Still he might have some ideas on how best to accomplish what you want. Also Gavin LaRose looked at various login issues when he added the Gateway Quiz modules quite a while ago now. You might want to contact either or both of them directly.
Arnie
Hi Mark,
This sounds like something that you'd want to put into a Authen->site_checkPassword subroutine. I'm thinking of the following logical structure: put in a bogus password for the user, so that the standard checkPassword routine is guaranteed to fail. Then in site_checkPassword, check to see if the username and password fields are the same and the password in the database is whatever bogus value you set, and if so authenticate and redirect to the password change form.
If you look in webwork2/lib/WeBWorK/Authen.pm for the sub checkPassword you'll see an example there. Off the top of my head I don't remember where the redirect wants to go. I think it may be possible to reset the location or uri in the request object to get the dispatcher to redirect to the password page (which is $courseID/options/). Perhaps someone else can chime in on that.
Gavin
This sounds like something that you'd want to put into a Authen->site_checkPassword subroutine. I'm thinking of the following logical structure: put in a bogus password for the user, so that the standard checkPassword routine is guaranteed to fail. Then in site_checkPassword, check to see if the username and password fields are the same and the password in the database is whatever bogus value you set, and if so authenticate and redirect to the password change form.
If you look in webwork2/lib/WeBWorK/Authen.pm for the sub checkPassword you'll see an example there. Off the top of my head I don't remember where the redirect wants to go. I think it may be possible to reset the location or uri in the request object to get the dispatcher to redirect to the password page (which is $courseID/options/). Perhaps someone else can chime in on that.
Gavin
I would also like to force students to change their password the first time they log in. Is there a good way to do this in Webwork 2.9?
I am new to Webwork, so any suggestions or assistance would be very much appreciated. I am currently setting up a small scale server for a single section.
What is the status of this in WeBWorK 2.10?
Is there a config. setting to force password change from default on first login?
Is there a config. setting to force password change from default on first login?