I ran into this issue yesterday, and created a patch to address this for my environment.
At a high level, it modifies the manage_user_edit_page.php page to include "Password" and "Confirm Password" text boxes.
In more detail:
manage_user_edit_page.php
- Add a new "Password" and "Confirm Password" text boxes consistent with the way password is set on account_page.php (when a user sets their own password).
- If the administrator can now change the password directly from the GUI, then there is no reason for the previous "Reset Password" button to have dual functionality of either (a) triggering the 'password reset via e-mail' process or (b) resetting the password to an empty string... The administrator can just specifically change the password to an empty string. So:
a. Change the previous "Reset Password" button to "Trigger Password Reset via E-mail"
b. Disable the previous "Reset Password" button (now "Trigger Password Reset via E-mail") if notifications are not enabled
c. Get rid of the additional text displayed alternately as "Reset Password sends the confirmation URL via e-mail." or "Reset Password resets the password to be blank"
manage_user_update.php
- Gather "Password" and "Confirm Password" form field values.
- Change the password if:
a. The administrator made a change to the field values
b. The "Password" and "Confirm Password" field values match
c. Other updates were successfully applied (i.e., don't change the password when other updates fail).
- Include "password changed" information in notifications via e-mail and browser page.
manage_user_reset.php
No longer using alternate "reset password to blank" functionality when notifications are disabled, since the administrator can just directly set the password to an empty string if they so desire.
account_page.php; account_update.php
For consistency and UI enhancement, populate "Password" and "Confirm Password" fields with a dummy string so that bullets/asterisks/whatever are displayed on screen.
core/authentication_api.php
Added auth_gen_dummy_password() function, to generate the dummy string used in initial display of password fields.
core/user_api.php
In user_reset_password(), don't reset the password to blank when notifications are disabled; just return false.
lang/strings_english.txt
- Removed $s_reset_password_button: No longer need "Reset Password" button text.
- Removed $s_reset_password_msg and $s_reset_password_msg2: No longer using alternate text messages displayed on the page for whether the previous "Reset Password" button (a) sends confirmation URL via e-mail or (b) resets the password to be blank.
- Added $s_email_rest_password_button: Need additional text string to change the text of the previous "Reset Password" button to "Trigger Password Reset via E-mail".
- Added $s_password_update_not_requested and $s_password_not_updated: Needed additional notifications to administrator in manage_users.php regarding whether a password change was requested, and if so whether it was successful.
- Removed $s_account_reset_msg2: No longer using alternate "reset password to blank" functionality when notifications are disabled, since the administrator can just directly set the password to an empty string if they so desire.
NOTE: I made these changes only to strings_english.txt, and no other language files.
Code
I'd prefer to upload the replacement and/or diff files, but since I can't add attachments to a post, here are the individual diff's.
manage_user_edit_page.php
Code: Select all
--- \MantisBT.orig\manage_user_edit_page.php Wed Feb 24 11:44:00 2010
+++ \MantisBT.Updates\manage_user_edit_page.php Fri Feb 26 13:49:50 2010
@@ -14,6 +14,36 @@
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
+#----------
+# Modification: Allow Administrator to directly reset password
+#
+# Modification to allow the administrator to change the user's password
+# directly from the GUI.
+#
+# - Add a new "Password" and "Confirm Password" text boxes consistent
+# with the way password is set on account_page.php (when a user sets
+# their own password).
+#
+# - If the administrator can now change the password directly from the
+# GUI, then there is no reason for the previous "Reset Password"
+# button to have dual functionality of either (a) triggering the
+# 'password reset via e-mail' process or (b) resetting the password
+# to an empty string... The administrator can just specifically
+# change the password to an empty string. So:
+#
+# - Change the previous "Reset Password" button to "Trigger Password
+# Reset via E-mail"
+#
+# - Disable the previous "Reset Password" button (now
+# "Trigger Password Reset via E-mail") if notifications are not
+# enabled
+#
+# - Get rid of the additional text displayed alternately as "Reset
+# Password sends the confirmation URL via e-mail." or "Reset
+# Password resets the password to be blank"
+#
+# Greg Scheidel 2010.02.25
+
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
@@ -46,6 +76,18 @@
$t_ldap = ( LDAP == config_get( 'login_method' ) );
+ # Set a string that we can use to pre-populate password fields
+ # so that asterisks/bullets/whatever are displayed, but that
+ # the user will not enter themselves so that we can check after
+ # form submission to see if the user has changed the field
+ # contents.
+ #
+ # Note that this will pre-populate the fields even if the
+ # actual password is an empty string. The administrator should
+ # not have any clue as to the user's actual password (including
+ # whether it is currently empty) from the page rendering.
+ $s_dummy_password = auth_gen_dummy_password();
+
html_page_top();
print_manage_menu();
@@ -95,6 +137,33 @@
</td>
</tr>
+<!-- Password -->
+<tr <?php echo helper_alternate_class() ?>>
+ <td class="category">
+ <?php echo lang_get( 'password' ) ?>
+ </td>
+ <td>
+<?php if ( $t_ldap ) { ?> <!-- With LDAP -->
+ <?php echo lang_get( 'no_password_change' ) ?>
+<!-- Without LDAP -->
+<?php } else { ?>
+ <input type="password" size="32" maxlength="<?php echo PASSLEN;?>" name="password" value="<?php echo $s_dummy_password ?>" />
+<?php } ?> <!-- End LDAP conditional -->
+ </td>
+</tr>
+
+<!-- Password Confirmation -->
+<?php if ( !$t_ldap ) { ?> <!-- Without LDAP -->
+<tr <?php echo helper_alternate_class() ?>>
+ <td class="category">
+ <?php echo lang_get( 'confirm_password' ) ?>
+ </td>
+ <td>
+ <input type="password" size="32" maxlength="<?php echo PASSLEN;?>" name="password_confirm" value="<?php echo $s_dummy_password ?>" />
+ </td>
+</tr>
+<?php } ?> <!-- End LDAP conditional -->
+
<!-- Email -->
<tr <?php echo helper_alternate_class() ?>>
<td class="category">
@@ -161,11 +230,20 @@
<!-- RESET AND DELETE -->
<div class="border center">
-<!-- Reset Button -->
- <form method="post" action="manage_user_reset.php">
+<!-- Trigger Reset via E-mail Button -->
+ <form
+
+<?php
+ if ( !( ( ON == config_get( 'send_reset_password' ) ) && ( ON == config_get( 'enable_email_notification' ) ) ) ) {
+ echo 'disabled';
+ }
+?>
+ method="post" action="manage_user_reset.php">
+
+
<?php echo form_security_field( 'manage_user_reset' ) ?>
<input type="hidden" name="user_id" value="<?php echo $t_user['id'] ?>" />
- <input type="submit" class="button" value="<?php echo lang_get( 'reset_password_button' ) ?>" />
+ <input type="submit" class="button" value="<?php echo lang_get( 'email_reset_password_button' ) ?>" />
</form>
<!-- Delete Button -->
@@ -179,7 +257,8 @@
<?php } ?>
</div>
<br />
-<div align="center">
+
+<!-- <div align="center">
<?php
if ( ( ON == config_get( 'send_reset_password' ) ) && ( ON == config_get( 'enable_email_notification' ) ) ) {
echo lang_get( 'reset_password_msg' );
@@ -188,7 +267,7 @@
}
?>
</div>
-
+-->
<!-- PROJECT ACCESS (if permissions allow) and user is not ADMINISTRATOR -->
<?php if ( access_has_global_level( config_get( 'manage_user_threshold' ) ) &&
@@ -244,7 +323,7 @@
</td>
</tr>
-<!-- Submit Buttom -->
+<!-- Submit Button -->
<tr>
<td class="center" colspan="2">
<input type="submit" class="button" value="<?php echo lang_get( 'add_user_button' ) ?>" />
manage_user_update.php
Code: Select all
--- \MantisBT.orig\manage_user_update.php Wed Feb 24 11:44:00 2010
+++ \MantisBT.Updates\manage_user_update.php Fri Feb 26 13:27:47 2010
@@ -14,6 +14,28 @@
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
+#----------
+# Modification: Allow Administrator to directly reset password
+#
+# Modification to allow the administrator to change the user's password
+# directly from the GUI.
+#
+# - Gather "Password" and "Confirm Password" form field values.
+#
+# - Change the password if:
+#
+# - The administrator made a change to the field values
+#
+# - The "Password" and "Confirm Password" field values match
+#
+# - Other updates were successfully applied (i.e., don't change
+# the password when other updates fail).
+#
+# - Include "password changed" in notifications via e-mail and
+# browser page.
+#
+# Greg Scheidel 2010.02.25
+
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
@@ -32,13 +54,32 @@
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
- $f_protected = gpc_get_bool( 'protected' );
- $f_enabled = gpc_get_bool( 'enabled' );
- $f_email = gpc_get_string( 'email', '' );
- $f_username = gpc_get_string( 'username', '' );
- $f_realname = gpc_get_string( 'realname', '' );
- $f_access_level = gpc_get_int( 'access_level' );
- $f_user_id = gpc_get_int( 'user_id' );
+ $f_protected = gpc_get_bool( 'protected' );
+ $f_enabled = gpc_get_bool( 'enabled' );
+ $f_email = gpc_get_string( 'email', '' );
+ $f_username = gpc_get_string( 'username', '' );
+ $f_realname = gpc_get_string( 'realname', '' );
+ $f_access_level = gpc_get_int( 'access_level' );
+ $f_user_id = gpc_get_int( 'user_id' );
+ $f_password = gpc_get_string( 'password', '' );
+ $f_password_confirm = gpc_get_string( 'password_confirm', '' );
+
+ # initial value of flags on whether a password update was
+ # requested, and whether it was successful..
+ $t_password_updated = false;
+ $t_password_update_requested = false;
+
+ # Set a string that we can use to pre-populate password fields
+ # so that asterisks/bullets/whatever are displayed, but that
+ # the user will not enter themselves so that we can check after
+ # form submission to see if the user has changed the field
+ # contents.
+ #
+ # Note that this will pre-populate the fields even if the
+ # actual password is an empty string. The administrator should
+ # not have any clue as to the user's actual password (including
+ # whether it is currently empty) from the page rendering.
+ $s_dummy_password = auth_gen_dummy_password();
if ( config_get( 'enable_email_notification' ) == ON ) {
$f_send_email_notification = gpc_get_bool( 'send_email_notification' );
@@ -102,6 +143,36 @@
user_delete_project_specific_access_levels( $f_user_id );
}
+ # If:
+ #
+ # - The user changed either the password or confirm_password
+ # field values
+ #
+ # - The password or confirm_password field values match
+ #
+ # ...then set a flag to indicate that the user requested a
+ # password change.
+ #
+ # Note:
+ #
+ # - We're not checking for an empty string password. If the
+ # administrator wants to set the password to an empty string, then
+ # we let them.
+ #
+ # - We don't check to see if the new password matches the current
+ # password. This should not open a method for the administrator
+ # to guess the current password (even as a single attempt).
+ if ( ( $f_password != $s_dummy_password ) || ( $f_password_confirm != $s_dummy_password ) ) {
+ # Error out if the password and confirm_password fields do not match
+ if ( $f_password != $f_password_confirm ) {
+ trigger_error( ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR );
+
+ # set the flag
+ } else {
+ $t_password_update_requested = true;
+ }
+ }
+
# if the user is already protected and the admin is not removing the
# protected flag then don't update the access level and enabled flag.
# If the user was unprotected or the protected flag is being turned off
@@ -124,6 +195,13 @@
$result = db_query_bound( $query, $query_params );
+ # Update the password if an update was requested and the rest of the
+ # account updates were successful.
+ if ( $result && $t_password_update_requested ) {
+ user_set_password( $f_user_id, $f_password );
+ $t_password_updated = true;
+ }
+
if ( $f_send_email_notification ) {
lang_push( user_pref_get_language( $f_user_id ) );
$t_changes = "";
@@ -136,6 +214,9 @@
if ( strcmp( $f_email, $t_old_email ) ) {
$t_changes .= lang_get( 'email' ) . ': ' . $t_old_email . ' => ' . $f_email . "\n";
}
+ if ( $t_password_updated ) {
+ $t_changes .= lang_get( 'password_updated' ) . "\n";
+ }
if ( strcmp( $f_access_level, $t_old_access_level ) ) {
$t_old_access_string = get_enum_element( 'access_levels', $t_old_access_level );
$t_new_access_string = get_enum_element( 'access_levels', $f_access_level );
@@ -164,6 +245,18 @@
<br />
<div align="center">
<?php
+ # display message identifying whether a password update was requested,
+ # and if so was it successful.
+ if ( $t_password_update_requested ) {
+ if ( $t_password_updated ) {
+ echo lang_get( 'password_updated' ) . '<br />';
+ } else {
+ echo lang_get( 'password_not_updated' ) . '<br />';
+ }
+ } else {
+ echo lang_get( 'password_update_not_requested' ) . '<br />';
+ }
+
if ( $f_protected && $t_old_protected ) { # PROTECTED
echo lang_get( 'manage_user_protected_msg' ) . '<br />';
} else if ( $result ) { # SUCCESS
manage_user_reset.php
Code: Select all
--- \MantisBT.orig\manage_user_reset.php Wed Feb 24 11:44:00 2010
+++ \MantisBT.Updates\manage_user_reset.php Fri Feb 26 14:04:45 2010
@@ -14,6 +14,14 @@
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
+# Modification: Allow Administrator to directly reset password
+#
+# - No longer using alternate "reset password to blank" functionality when
+# notifications are disabled, since the administrator can just directly
+# set the password to an empty string if they so desire.
+#
+# Greg Scheidel 2010.02.25
+
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
@@ -50,12 +58,12 @@
} else {
# SUCCESS
if ( ( ON == config_get( 'send_reset_password' ) ) && ( ON == config_get( 'enable_email_notification' ) ) ) {
- # send the new random password via email
+ # sent the new random password via email
echo lang_get( 'account_reset_msg' ) . '<br />';
- } else {
- # email notification disabled, then set the password to blank
- echo lang_get( 'account_reset_msg2' ) . '<br />';
- }
+ } #else {
+ # # email notification disabled, then set the password to blank
+ # echo lang_get( 'account_reset_msg2' ) . '<br />';
+ #}
}
print_bracket_link( $t_redirect_url, lang_get( 'proceed' ) );
account_page.php
Code: Select all
--- \MantisBT.orig\account_page.php Wed Feb 24 11:44:00 2010
+++ \MantisBT.Updates\account_page.php Fri Feb 26 12:27:07 2010
@@ -14,6 +14,18 @@
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
+#----------
+# Modification: Allow Administrator to directly reset password
+#
+# Modification to allow the administrator to change the user's password
+# directly from the GUI.
+#
+# - For consistency and UI enhancement, populate "Password" and
+# "Confirm Password" fields with a dummy string so that
+# bullets/asterisks/whatever are displayed on screen.
+#
+# Greg Scheidel 2010.02.25
+
/**
* CALLERS
* This page is called from:
@@ -57,6 +69,16 @@
current_user_ensure_unprotected();
+ # Set a string that we can use to pre-populate password fields
+ # so that asterisks/bullets/whatever are displayed, but that
+ # the user will not enter themselves so that we can check after
+ # form submission to see if the user has changed the field
+ # contents.
+ #
+ # Note that this will pre-populate the fields even if the
+ # actual password is an empty string.
+ $s_dummy_password = auth_gen_dummy_password();
+
# extracts the user information for the currently logged in user
# and prefixes it with u_
$row = user_get_row( auth_get_current_user_id() );
@@ -154,7 +176,7 @@
<?php } ?>
</td>
<td>
- <input type="password" size="32" maxlength="<?php echo PASSLEN;?>" name="password" />
+ <input type="password" size="32" maxlength="<?php echo PASSLEN;?>" name="password" value="<?php echo $s_dummy_password ?>" />
</td>
</tr>
@@ -169,7 +191,7 @@
<?php } ?>
</td>
<td>
- <input type="password" size="32" maxlength="<?php echo PASSLEN;?>" name="password_confirm" />
+ <input type="password" size="32" maxlength="<?php echo PASSLEN;?>" name="password_confirm" value="<?php echo $s_dummy_password ?>" />
</td>
</tr>
account_update.php
Code: Select all
--- \MantisBT.orig\account_update.php Wed Feb 24 11:44:00 2010
+++ \MantisBT.Updates\account_update.php Fri Feb 26 12:32:50 2010
@@ -14,6 +14,18 @@
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
+#----------
+# Modification: Allow Administrator to directly reset password
+#
+# Modification to allow the administrator to change the user's password
+# directly from the GUI.
+#
+# - For consistency and UI enhancement, populate "Password" and
+# "Confirm Password" fields with a dummy string so that
+# bullets/asterisks/whatever are displayed on screen.
+#
+# Greg Scheidel 2010.02.25
+
/**
* This page updates a user's information
* If an account is protected then changes are forbidden
@@ -37,6 +49,16 @@
current_user_ensure_unprotected();
+ # Set a string that we can use to pre-populate password fields
+ # so that asterisks/bullets/whatever are displayed, but that
+ # the user will not enter themselves so that we can check after
+ # form submission to see if the user has changed the field
+ # contents.
+ #
+ # Note that this will pre-populate the fields even if the
+ # actual password is an empty string.
+ $s_dummy_password = auth_gen_dummy_password();
+
$f_email = gpc_get_string( 'email', '' );
$f_realname = gpc_get_string( 'realname', '' );
$f_password = gpc_get_string( 'password', '' );
@@ -76,8 +98,9 @@
$t_realname_updated = true;
}
- # Update password if the two match and are not empty
- if ( !is_blank( $f_password ) ) {
+ # Update password if the two match, are not the dummy password, and
+ # new password is not the same as the current password.
+ if ( ( $f_password != $s_dummy_password ) || ( $f_password_confirm != $s_dummy_password ) ) {
if ( $f_password != $f_password_confirm ) {
trigger_error( ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR );
} else {
core/authentication_api.php
Code: Select all
--- \MantisBT.orig\core\authentication_api.php Wed Feb 24 11:44:00 2010
+++ \MantisBT.Updates\core\authentication_api.php Fri Feb 26 10:14:51 2010
@@ -14,6 +14,12 @@
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
+# Modification: Allow Administrator to directly reset password
+#
+# Added auth_gen_dummy_password() function.
+#
+# Greg Scheidel 2010.02.25
+
/**
* Authentication API
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
@@ -853,4 +859,22 @@
$t_cookie = gpc_get_cookie( $t_cookie_name, '' );
return( $t_cookie > '' );
+}
+
+/**
+ * Generate a string to use in pre-populating password fields so
+ * that asterisks/bullets/whatever are displayed, but that the user
+ * will not enter themselves so that we can check after form
+ * submission to see if the user has changed the field contents.
+ *
+ * Use this to pre-populate the fields even if the actual password
+ * is an empty string. The administrator should not have any clue
+ * as to the user's actual password (including whether it is
+ * currently empty) from the page rendering.
+ *
+ * @return bool
+ * @access public
+ */
+function auth_gen_dummy_password() {
+ return (str_repeat( chr(127), 10 ));
}
core/user_api.php
Code: Select all
--- \MantisBT.orig\core\user_api.php Wed Feb 24 11:44:00 2010
+++ \MantisBT.Updates\core\user_api.php Fri Feb 26 14:08:48 2010
@@ -14,6 +14,13 @@
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
+# Modification: Allow Administrator to directly reset password
+#
+# - In user_reset_password(), don't reset the password to blank when
+# notifications are disabled; just return false.
+#
+# Greg Scheidel 2010.02.25
+
/**
* User API
* @package CoreAPI
@@ -1320,7 +1327,7 @@
# Take into account the 'send_reset_password' setting
# - if it is ON, generate a random password and send an email
# (unless the second parameter is false)
-# - if it is OFF, set the password to blank
+# - if it is OFF, return false
# Return false if the user is protected, true if the password was
# successfully reset
function user_reset_password( $p_user_id, $p_send_email = true ) {
@@ -1351,13 +1358,7 @@
email_send_confirm_hash_url( $p_user_id, $t_confirm_hash );
}
} else {
-
- # use blank password, no emailing
- $t_password = auth_process_plain_password( '' );
- user_set_field( $p_user_id, 'password', $t_password );
-
- # reset the failed login count because in this mode there is no emailing
- user_reset_failed_login_count_to_zero( $p_user_id );
+ return false;
}
return true;
lang/strings_english.txt
Code: Select all
--- \MantisBT.orig\lang\strings_english.txt Wed Feb 24 11:44:00 2010
+++ \MantisBT.Updates\lang\strings_english.txt Fri Feb 26 14:00:51 2010
@@ -18,6 +18,41 @@
* along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
*/
+# Modification: Allow Administrator to directly reset password
+#
+# - Removed $s_reset_password_button
+#
+# No longer need "Reset Password" button text.
+#
+# - Removed $s_reset_password_msg and $s_reset_password_msg2
+#
+# No longer using alternate text messages displayed on the page
+# for whether the previous "Reset Password" button (a) sends
+# confirmation URL via e-mail or (b) resets the password to be
+# blank.
+#
+# - Added $s_email_rest_password_button
+#
+# Need additional text string to change the text of the previous
+# "Reset Password" button to "Trigger Password Reset via E-mail".
+#
+# - Added $s_password_update_not_requested and $s_password_not_updated
+#
+# Needed additional notifications to administrator in manage_users.php
+# regarding whether a password change was requested, and if so whether
+# it was successful.
+#
+# - Removed $s_account_reset_msg2
+#
+# No longer using alternate "reset password to blank" functionality
+# when notifications are disabled, since the administrator can just
+# directly set the password to an empty string if they so desire.
+#
+# NOTE: I made these changes only to strings_english.txt, and no
+# other language files.
+#
+# Greg Scheidel 2010.02.25
+
/** English (English)
*
* See the qqq 'language' for message documentation incl. usage of parameters
@@ -409,6 +444,14 @@
$s_delete_account_button = 'Delete Account';
# account_page.php
+#
+# Also used by manage_user_edit_page.php:
+#
+# - s_password
+# - s_no_password_change
+# - s_confirm_password
+#
+# Greg Scheidel 2010.02.25
$s_manage_profiles_link = 'Profiles';
$s_change_preferences_link = 'Preferences';
$s_edit_account_title = 'Edit Account';
@@ -503,6 +546,10 @@
$s_payment_updated = 'Payment information updated.';
# account_update.php
+#
+# Also used by manage_user_update.php: s_password_updated
+#
+# Greg Scheidel 2010.02.25
$s_account_updated_msg = 'Your account has been successfully updated...';
$s_email_updated = 'E-mail address successfully updated';
$s_realname_duplicated = 'Real name is used by another user';
@@ -971,10 +1018,11 @@
# manage_user_page.php
$s_edit_user_title = 'Edit User';
-$s_reset_password_button = 'Reset Password';
+#$s_reset_password_button = 'Reset Password';
+$s_email_reset_password_button = 'Trigger Password Reset via E-mail';
$s_delete_user_button = 'Delete User';
-$s_reset_password_msg = 'Reset Password sends the confirmation URL via e-mail.';
-$s_reset_password_msg2 = 'Reset Password resets the password to be blank.';
+#$s_reset_password_msg = 'Reset Password sends the confirmation URL via e-mail.';
+#$s_reset_password_msg2 = 'Reset Password resets the password to be blank.';
$s_show_all_users = 'All';
$s_users_unused = 'Unused';
$s_users_new = 'New';
@@ -982,13 +1030,15 @@
# manage_user_reset.php
$s_account_reset_protected_msg = 'Account protected. Cannot reset the password.';
$s_account_reset_msg = 'A confirmation request has been sent to the selected user\'s e-mail address. Using this, the user will be able to change their password.';
-$s_account_reset_msg2 = 'Account password has been set to blank...';
+#$s_account_reset_msg2 = 'Account password has been set to blank...';
# manage_user_update.php
$s_manage_user_protected_msg = 'Account protected. Access level and enabled protected. Otherwise, account has been updated...';
$s_manage_user_updated_msg = 'Account successfully updated...';
$s_email_user_updated_subject = 'Account updated';
$s_email_user_updated_msg = 'Your account has been updated by an administrator. A list of these changes is provided below. You can update your account details and preferences at any time by visiting the following URL:';
+$s_password_update_not_requested = 'Password update was not requested';
+$s_password_not_updated = 'Password was NOT updated';
# menu_inc.php
$s_main_link = 'Main';