I am building a WP site that acts as a CMS in which the client wants the entire site password protected. One issue is that a select number of users are going to be registered (by me) prior to launching - meaning that everyone is given a default password.
The client then wants the users to change their password upon their initial login. After the password has been changed, they'll never be asked - or have the opportunity - to change their password ever again, and thus they will be dumped into the site.
My question is: 1) How do I achieve this? 2) How do I create a bypass so that they only see this 'new password' page once? and never again after they have changed the password?
I've hacked up the user-info.php file to basically strip everything except the password fields (and re-named these files to new-password.php so as not to overwrite the originals). My only question now is how I get the system to check if this user has changed their password, so that they bypass this page and go directly into the site if they have done so?
I realize this is a bit complicated, and probably outside the norm of the softball issues that most often appear on the forums, but I am a designer who is trying to create a hack that doesn't require a wholesale change to the system...if this is possible.
Thanks in advance ~