do not force password change if in substitute user mode

2024-11-26 07:22:11 +00:00 · 2023-03-29 20:48:07 +02:00 · 2023-03-29 20:48:07 +02:00 · 382e78855d
commit 382e78855d
parent 0280a8adc0
2 changed files with 4 additions and 3 deletions
--- a/1
+++ b/1
@ -7,6 +7,7 @@
 - color category (use first 6 chars of md5(category name) as hex color)
 - create missing preview images in category or attribute manager
 - support README of extension in different languages
+- do not force password change if in substitute user mode

 --------------------------------------------------------------------------------
                     Changes in version 5.1.29
--- a/inc/inc.Authentication.php
+++ b/inc/inc.Authentication.php
@ -103,11 +103,11 @@ if(file_exists($settings->_rootDir . "view/".$theme."/languages/" . $lang . "/la
 /* Check if password needs to be changed because it expired. If it needs
 * to be changed redirect to out/out.ForcePasswordChange.php. Do this
 * check only if password expiration is turned on, we are not on the
- * page to change the password or the page that changes the password, and
- * it is not admin */
+ * page to change the password or the page that changes the password,
+ * it is not admin, and there is currently no user substitution */

 if (!$user->isAdmin()) {
-	if($settings->_passwordExpiration > 0) {
+	if(!$resArr['su'] && $settings->_passwordExpiration > 0) {
 		if(basename($_SERVER['SCRIPT_NAME']) != 'out.ForcePasswordChange.php' && basename($_SERVER['SCRIPT_NAME']) != 'op.EditUserData.php' && basename($_SERVER['SCRIPT_NAME']) != 'op.Logout.php') {
 			$pwdexp = $user->getPwdExpiration();
 			if(substr($pwdexp, 0, 10) != '0000-00-00') {