I am in the process of developing a plugin for WP 2.7.1 that would make it so the WP administrator can restrict user levels from being able to reset their password from the login screen. The functions will include letting admin decide if a user level should or should not be allowed to use the password reset feature, including locking out all but the primary admin from doing so.
This is actually something that is fairly easy to do for all user levels simply by changing true to false in wp-login.php and looking for this line:
$allow = apply_filters('allow_password_reset', true, $user_data->ID);
and chaging it to:
$allow = apply_filters('allow_password_reset', false, $user_data->ID);
but that would mean having to update wp-login.php after each and every upgrade whereas a plugin would only require that the plugin be deactivated during upgrade and then re-activated once the upgrade is complete.
Why such a plugin? Well I have a few clients that handle all password changes from admin only. I also restrict a user's ability to change their profile data so that only admin has the ability to make these changes. See this post on how to do this: See Here )
So my question is, anyone else think they could use this type of plugin? I of course would make it freely available - just wondering if it is something that 1.) anyone else could use and 2.) wondering if anyone has already begun work on such a plugin (I was unable to find any Googling or here in the forums.)
All the best,