PHPackages                             tlokuus/oc-disablepassword-plugin - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. tlokuus/oc-disablepassword-plugin

ActiveOctober-plugin[Authentication &amp; Authorization](/categories/authentication)

tlokuus/oc-disablepassword-plugin
=================================

October CMS plugin for disabling user passwords

13651PHP

Since Apr 8Pushed 6y ago1 watchersCompare

[ Source](https://github.com/aurelien-roy/oc-disablepassword-plugin)[ Packagist](https://packagist.org/packages/tlokuus/oc-disablepassword-plugin)[ RSS](/packages/tlokuus-oc-disablepassword-plugin/feed)WikiDiscussions master Synced today

READMEChangelogDependenciesVersions (1)Used By (0)

Disable login with password
===========================

[](#disable-login-with-password)

This plugin for OctoberCMS allows to mark user passwords "disabled". Users with an disabled password won't be able to login until they set a new password (through the reset password form or the "Change password" page for instance).

This is useful for websites offering third-party authentification methods. For instance, when a user is registering on your website with Google, you may want to create a new account, but without a password. Thus, the user won't be able to user the login/password form, and will only be able to log in with Google, until he decides to set a password.

Also, these user won't be asked for their current password when editing their account details.

Requirements
------------

[](#requirements)

This plugin requires the [RainLab User](https://octobercms.com/plugin/rainlab-user) plugin. For this plugin to be useful, you should also have other authentification methods available on your website.

Set up
------

[](#set-up)

This plugin adds the attribute `tlokuus_disablepassword_is_disabled` to the User model. You can check the value of this attribute to check if a user doesn't have a password.

Whenever you're registering a new user via a third-party auth method, you should set this attribute to `true`.

```
$new_user = Auth::register([
    'email' => 'john@example.com',
    'tlokuus_disablepassword_is_disabled' => true
]);
```

The `tlokuus_disablepassword_is_disabled` property can also be triggered manually in the backend. Beware, when enabled on a existing user, **the old user password is erased.**

When a new password is set, the `tlokuus_disablepassword_is_disabled` property is automatically turned off.

Customize error message
-----------------------

[](#customize-error-message)

When a user with a disabled password attempts to login using a login/password combo, the `auth.user_without_password_login_attempt` event is fired and an error message is displayed. You can customize the error message to guide the user on how they should log in.

```
Event::listen('auth.user_without_password_login_attempt', function($user, &$message){
    if(/* User has linked its Google account */){
        $message = 'A matching user has been found, but the account has been created with Google. Please use your Google account to login.';
    }else{
        $message = 'No password has been set for this user. Please use the Forgot password feature.';
    }
});
```

Account edition page
--------------------

[](#account-edition-page)

This plugin overrides the Account component from RainLab User plugin to allow edition of account details for users with no password, even if the `requirePassword` property has been enabled.

If you edited the default template of the Account component from the RainLab User plugin, make sure you still check the `updateRequiresPassword` attribute.

This attribute will be automatically set to `false` for users without password, so that they are able to edit their account details (including setting a password).

###  Health Score

21

—

LowBetter than 18% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity14

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity34

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/1875998?v=4)[Aurélien Roy](/maintainers/aurelien-roy)[@aurelien-roy](https://github.com/aurelien-roy)

---

Top Contributors

[![aurelien-roy](https://avatars.githubusercontent.com/u/1875998?v=4)](https://github.com/aurelien-roy "aurelien-roy (10 commits)")

### Embed Badge

![Health badge](/badges/tlokuus-oc-disablepassword-plugin/health.svg)

```
[![Health](https://phpackages.com/badges/tlokuus-oc-disablepassword-plugin/health.svg)](https://phpackages.com/packages/tlokuus-oc-disablepassword-plugin)
```

###  Alternatives

[kartik-v/yii2-password

Useful password strength validation utilities for Yii Framework 2.0

761.3M17](/packages/kartik-v-yii2-password)[vitalybaev/laravel5-dkim

Laravel 5/6 package for signing outgoing messages with DKIM.

3163.1k](/packages/vitalybaev-laravel5-dkim)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
