From 614244af2b4763e3b7ee451d8a1c3b2a19047c8f Mon Sep 17 00:00:00 2001
From: westi <westi@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sun, 3 May 2009 17:06:29 +0000
Subject: [PATCH] Add a nag message if the user is still using an
 auto-generated password. See #9710 props DD32.

git-svn-id: http://svn.automattic.com/wordpress/trunk@11162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/upgrade.php |  1 +
 wp-admin/includes/user.php    | 20 ++++++++++++++++++++
 wp-admin/js/common.dev.js     |  5 +++++
 wp-admin/user-edit.php        |  2 +-
 wp-login.php                  |  1 +
 5 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php
index 8b76c7d34..16897759e 100644
--- a/wp-admin/includes/upgrade.php
+++ b/wp-admin/includes/upgrade.php
@@ -60,6 +60,7 @@ function wp_install($blog_title, $user_name, $user_email, $public, $deprecated='
 	if ( !$user_id ) {
 		$random_password = wp_generate_password();
 		$user_id = wp_create_user($user_name, $random_password, $user_email);
+		update_usermeta($user_id, 'default_password_nag', true);
 	} else {
 		$random_password = __('User already exists.  Password inherited.');
 	}
diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php
index 577bfe559..652b70ce4 100644
--- a/wp-admin/includes/user.php
+++ b/wp-admin/includes/user.php
@@ -791,4 +791,24 @@ class WP_User_Search {
 }
 endif;
 
+add_action('admin_init', 'default_password_nag_handler');
+function default_password_nag_handler() {
+	if ( 'hide' == get_user_setting('default_password_nag') || isset($_GET['default_password_nag']) && '0' == $_GET['default_password_nag'] ) {		
+		global $user_ID;
+		delete_user_setting('default_password_nag');
+		update_usermeta($user_ID, 'default_password_nag', false);
+	}
+}
+add_action('admin_notices', 'default_password_nag');
+function default_password_nag() {
+	global $user_ID;
+	if ( ! get_usermeta($user_ID, 'default_password_nag') )
+		return;
+
+	echo '<div class="error default-password-nag"><p>';
+	printf(__("Howdy, you're still using the auto-generated password for your account. We recommend that you change it to something you'll remember easier.  Would you like to do this now?<br />
+			  <a href='%s'>Yes, Take me to my profile page</a> | <a href='%s' id='default-password-nag-no'>No Thanks, Do not remind me again.</a>"), admin_url('profile.php') . '#password', '?default_password_nag=0');
+	echo '</p></div>';
+}
+
 ?>
diff --git a/wp-admin/js/common.dev.js b/wp-admin/js/common.dev.js
index cb6112263..19405fc27 100644
--- a/wp-admin/js/common.dev.js
+++ b/wp-admin/js/common.dev.js
@@ -232,6 +232,11 @@ jQuery(document).ready( function($) {
 			return '';
 		});
 	});
+	$('#default-password-nag-no').click( function() {
+		setUserSetting('default_password_nag', 'hide');
+		$('div.default-password-nag').hide();
+		return false;
+	});
 });
 
 (function(){
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index 524ba31e7..a64a9f178 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -353,7 +353,7 @@ else
 $show_password_fields = apply_filters('show_password_fields', true);
 if ( $show_password_fields ) :
 ?>
-<tr>
+<tr id="password">
 	<th><label for="pass1"><?php _e('New Password'); ?></label></th>
 	<td><input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <?php _e("If you would like to change the password type a new one. Otherwise leave this blank."); ?><br />
 		<input type="password" name="pass2" id="pass2" size="16" value="" autocomplete="off" /> <?php _e("Type your new password again."); ?><br />
diff --git a/wp-login.php b/wp-login.php
index c0ad46189..6fda9bf1a 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -179,6 +179,7 @@ function reset_password($key) {
 	// Generate something random for a password...
 	$new_pass = wp_generate_password();
 	wp_set_password($new_pass, $user->ID);
+	update_usermeta($user->ID, 'default_password_nag', true); //Set up the Password change nag.
 	$message  = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
 	$message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
 	$message .= site_url('wp-login.php', 'login') . "\r\n";