do not force password change if in substitute user mode

CHANGELOG

@@ -7,6 +7,7 @@
 - color category (use first 6 chars of md5(category name) as hex color)
 - create missing preview images in category or attribute manager
 - support README of extension in different languages
+- do not force password change if in substitute user mode
 
 --------------------------------------------------------------------------------
                      Changes in version 5.1.29

inc/inc.Authentication.php

@@ -103,11 +103,11 @@ if(file_exists($settings->_rootDir . "view/".$theme."/languages/" . $lang . "/la
 /* Check if password needs to be changed because it expired. If it needs
  * to be changed redirect to out/out.ForcePasswordChange.php. Do this
  * check only if password expiration is turned on, we are not on the
- * page to change the password or the page that changes the password, and
- * it is not admin */
+ * page to change the password or the page that changes the password,
+ * it is not admin, and there is currently no user substitution */
 
 if (!$user->isAdmin()) {
-	if($settings->_passwordExpiration > 0) {
+	if(!$resArr['su'] && $settings->_passwordExpiration > 0) {
 		if(basename($_SERVER['SCRIPT_NAME']) != 'out.ForcePasswordChange.php' && basename($_SERVER['SCRIPT_NAME']) != 'op.EditUserData.php' && basename($_SERVER['SCRIPT_NAME']) != 'op.Logout.php') {
 			$pwdexp = $user->getPwdExpiration();
 			if(substr($pwdexp, 0, 10) != '0000-00-00') {