Hello,

You could try adjust the setting in the web.config file and change enablePasswordReset to False - but I don't know if this will prevent them from completely being able to chaneg their profile:
< add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="SiteSqlServer" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0" requiresUniqueEmail="false" passwordFormat="Encrypted" applicationName="DotNetNuke" description="Stores and retrieves membership data from the local Microsoft SQL Server database" />
   

Your other option will be to edit the core code and remove the links for editing the password (You maybe able to set visible=false in the code rather than deleteing it, I don't know without having a look through the code)

OR

In your skin just put the login token and don't put the register token in the skin - it's the register token which changes and allows you to click on your name when logged in to edit your profile.

Thanks,

Here's what I ended up doing.

I created a SQL stored procedure to change everyone's password to a randomly generated one that no one in their right mind could cipher. Then I set the enableEmailPassword=false in the web.config. Now even though they can still get to the page to change their password, they have no idea what the old one was and the option for emailing the current password is disabled. Kind of awkward way of doing it but it seems to work.

Thanks for putting me down that path and keep the issues flowing. You keep getting better and better with every tutorial.

Thanks,
Tom