masquerade.module

  1. 7.x modules/masquerade/masquerade.module
  2. 6.x modules/masquerade/masquerade.module

The masquerade module, which allows admin users to impersonate other users.

File

modules/masquerade/masquerade.module
View source
  1. <?php
  2. /**
  3. * @file
  4. * The masquerade module, which allows admin users to impersonate other users.
  5. */
  6. /**
  7. * Implementation of hook_menu
  8. *
  9. */
  10. function masquerade_menu() {
  11. $items = array();
  12. $items["admin-tools/masquerade"] = array(
  13. "title" => "Masquerade as another user",
  14. "page_callback" => "fp_render_form",
  15. "page_arguments" => array("masquerade_form"),
  16. "access_arguments" => array("access_masquerade"),
  17. "page_settings" => array(
  18. "menu_links" => array(
  19. 0 => array(
  20. "text" => t("Admin Tools"),
  21. "path" => "admin-tools",
  22. "query" => "de_catalog_year=%DE_CATALOG_YEAR%",
  23. ),
  24. ),
  25. "menu_icon" => fp_get_module_path('masquerade') . "/icons/mask.png",
  26. ),
  27. "type" => MENU_TYPE_NORMAL_ITEM,
  28. 'weight' => 40,
  29. );
  30. $items["masquerade"] = array(
  31. "page_callback" => "masquerade_perform_masquerade",
  32. "access_arguments" => array("access_masquerade"),
  33. "type" => MENU_TYPE_CALLBACK,
  34. );
  35. return $items;
  36. }
  37. /**
  38. * Actually perform the switching of users to the selected user.
  39. *
  40. */
  41. function masquerade_perform_masquerade() {
  42. global $user;
  43. $user_id = intval($_REQUEST["user_id"]);
  44. // Do not allow user_id 1
  45. if ($user_id === 1) {
  46. fp_add_message(t("Admin user is not allowed to be selected for masquerade."), "error");
  47. fp_goto("<front>");
  48. return;
  49. }
  50. // Set up a new $account object.
  51. $account = new stdClass();
  52. $account = fp_load_user($user_id);
  53. // Okay, let's look for all the modules who have implimented hook_user_login
  54. $modules = modules_implement_hook("user_login");
  55. foreach ($modules as $module) {
  56. call_user_func_array($module . '_user_login', array(&$account));
  57. }
  58. // Set the $account to the SESSION.
  59. $_SESSION["fp_user_object"] = $account;
  60. watchdog("masquerade", "@user is now masquerading as @newuser. New CWID: @cwid", array("@user" => "$user->name ($user->id)", "@newuser" => "$account->name ($account->id)", "@cwid" => $account->cwid));
  61. $_SESSION["masquerade_active"] = TRUE;
  62. $_SESSION["masquerade_original_user"] = $user;
  63. fp_goto("<front>");
  64. }
  65. function masquerade_init() {
  66. global $user;
  67. if (isset($_SESSION["masquerade_active"]) && $_SESSION["masquerade_active"]) {
  68. fp_add_message(t("You are currently masquerading as %user (originally %ou). To return to your previous
  69. account, log out, then log in normally.",
  70. array("%user" => $user->name, "%ou"=>$_SESSION["masquerade_original_user"]->name)),
  71. "status", TRUE);
  72. }
  73. }
  74. /**
  75. * This form will let the user specify which user they wish to impersonate.
  76. */
  77. function masquerade_form() {
  78. $form = array();
  79. $form["mark" . $m++] = array(
  80. "value" => "<p>" . t("Use this form to decide which user you wish to impersonate. Once selected,
  81. you will experience FlightPath as that user would until you log out.") . "</p>",
  82. );
  83. $form["username_or_cwid"] = array(
  84. "label" => t("Last name, Email, Username, or CWID:"),
  85. "type" => "textfield",
  86. "value" => $_REQUEST["username_or_cwid"],
  87. "description" => t("Enter the last name, email, username, or CWID of the person you wish to impersonate. Will display the first 20 results only.
  88. <br>Ex: peacocrj7 or 10022312."),
  89. );
  90. $form["submit"] = array(
  91. "type" => "submit",
  92. "spinner" => TRUE,
  93. "value" => t("Look up"),
  94. );
  95. $users = $_SESSION["masquerade_lookup_users"];
  96. if (is_array($users) && count($users) > 0) {
  97. $form["mark" . $m++] = array(
  98. "value" => "<hr><p>" . t("Please click on the user you wish to impersonate:") . "</p>
  99. <ul>",
  100. );
  101. $c = 0;
  102. foreach($users as $uid) {
  103. $account = fp_load_user($uid);
  104. $type = "";
  105. if ($account->is_student) $type .= t("student");
  106. if ($account->is_faculty) $type .= t("faculty");
  107. $form["mark" . $m++] = array(
  108. "value" => "<li>" . l("$account->name - $account->f_name $account->l_name ($account->cwid) - $type", "masquerade", "user_id=$account->id") . "</li>",
  109. );
  110. $c++;
  111. if ($c >= 20) break;
  112. }
  113. $form["mark" . $m++] = array(
  114. "value" => "</ul>",
  115. );
  116. unset($_SESSION["masquerade_lookup_users"]);
  117. }
  118. else if (is_array($users)) {
  119. $form["mark" . $m++] = array(
  120. "value" => "<hr><p>" . t("Sorry, no results.") . "</p>
  121. <ul>",
  122. );
  123. unset($_SESSION["masquerade_lookup_users"]);
  124. }
  125. return $form;
  126. }
  127. /**
  128. * The submit handler for masquerade_form.
  129. *
  130. * We want to look up the user(s) for the username or CWID entered, placing that
  131. * information in the SESSION. When we return to the form, it will display these
  132. * results for the user to select.
  133. *
  134. * @param unknown_type $form
  135. * @param unknown_type $form_state
  136. */
  137. function masquerade_form_submit($form, &$form_state) {
  138. $username_or_cwid = trim($form_state["values"]["username_or_cwid"]);
  139. if ($username_or_cwid == "") return;
  140. $users = array();
  141. $res = db_query("SELECT user_id FROM users WHERE cwid LIKE ?
  142. LIMIT 20", array("%$username_or_cwid%"));
  143. while ($cur = db_fetch_array($res)) {
  144. $users[intval($cur['user_id'])] = $cur['user_id'];
  145. }
  146. $res = db_query("SELECT user_id FROM users WHERE user_name LIKE ?
  147. LIMIT 20", array("%$username_or_cwid%"));
  148. while ($cur = db_fetch_array($res)) {
  149. $users[intval($cur['user_id'])] = $cur['user_id'];
  150. }
  151. $res = db_query("SELECT user_id FROM users WHERE email LIKE ?
  152. LIMIT 20", array("%$username_or_cwid%"));
  153. while ($cur = db_fetch_array($res)) {
  154. $users[intval($cur['user_id'])] = $cur['user_id'];
  155. }
  156. $res = db_query("SELECT user_id FROM users WHERE l_name LIKE ?
  157. LIMIT 20", array("%$username_or_cwid%"));
  158. while ($cur = db_fetch_array($res)) {
  159. $users[intval($cur['user_id'])] = $cur['user_id'];
  160. }
  161. if (isset($users[1])) {
  162. unset($users[1]); // do not allow admin user to be selected.
  163. }
  164. // Okay, let's add the users we found to the SESSION.
  165. $_SESSION["masquerade_lookup_users"] = $users;
  166. }
  167. /**
  168. * Implementation of hook_perm
  169. */
  170. function masquerade_perm() {
  171. return array(
  172. "access_masquerade" => array(
  173. "title" => t("Access masquerade"),
  174. "description" => t("This is a VERY powerful permission! It will allow
  175. a user to become any other user (except admin), without
  176. knowing their password. Only give it to very trusted users."),
  177. "admin_restricted" => TRUE, // means only appears for admin (user_id == 1)
  178. ),
  179. );
  180. }

Functions

Namesort descending Description
masquerade_form This form will let the user specify which user they wish to impersonate.
masquerade_form_submit The submit handler for masquerade_form.
masquerade_init
masquerade_menu Implementation of hook_menu
masquerade_perform_masquerade Actually perform the switching of users to the selected user.
masquerade_perm Implementation of hook_perm