masquerade.module

The masquerade module, which allows admin users to impersonate other users.

File

modules/masquerade/masquerade.module
View source
  1. <?php

  2. 

  3. /**

  4.  * @file

  5.  * The masquerade module, which allows admin users to impersonate other users.

  6.  */

  7. 

  8. 

  9. 

  10. 

  11. /**

  12.  * Implementation of hook_menu

  13.  *

  14.  */

  15. function masquerade_menu() {

  16.   

  17.   $items = array();

  18.   

  19.   $items["admin-tools/masquerade"] = array(

  20.     "title" => "Masquerade as another user",

  21.     "page_callback" => "fp_render_form",

  22.     "page_arguments" => array("masquerade_form"),

  23.     "access_arguments" => array("access_masquerade"),

  24.     "page_settings" => array(      

  25.       "menu_links" => array(          

  26.         0 => array(

  27.           "text" => t("Admin Tools"),

  28.           "path" => "admin-tools",

  29.           "query" => "de_catalog_year=%DE_CATALOG_YEAR%",

  30.         ),

  31.       ),    

  32.       "menu_icon" => fp_get_module_path('masquerade') . "/icons/mask.png",

  33.     ),        

  34.     "type" => MENU_TYPE_NORMAL_ITEM,

  35.     'weight' => 40,

  36.   );

  37.    

  38.   

  39.   $items["masquerade"] = array(

  40.     "page_callback" => "masquerade_perform_masquerade",

  41.     "access_arguments" => array("access_masquerade"),

  42.     "type" => MENU_TYPE_CALLBACK,  

  43.   ); 

  44.   

  45.   

  46.   return $items;

  47. }

  48. 

  49. 

  50. 

  51. /**

  52.  * Actually perform the switching of users to the selected user.

  53.  *

  54.  */

  55. function masquerade_perform_masquerade() {

  56.   global $user;

  57.   

  58.   $user_id = intval($_REQUEST["user_id"]);

  59.   

  60.   // Do not allow user_id 1

  61.   if ($user_id === 1) {

  62.     fp_add_message(t("Admin user is not allowed to be selected for masquerade."), "error");

  63.     fp_goto("<front>");

  64.     return;

  65.   }

  66.   

  67.   

  68.   // Set up a new $account object.

  69.   $account = new stdClass();

  70.   

  71.   $account = fp_load_user($user_id);

  72.   // Okay, let's look for all the modules who have implimented hook_user_login

  73.   $modules = modules_implement_hook("user_login");

  74.   foreach ($modules as $module) {

  75.     call_user_func_array($module . '_user_login', array(&$account));

  76.   }

  77.   

  78.   // Set the $account to the SESSION.

  79.   $_SESSION["fp_user_object"] = $account;

  80.   

  81.   watchdog("masquerade", "@user is now masquerading as @newuser. New CWID: @cwid", array("@user" => "$user->name ($user->id)", "@newuser" => "$account->name ($account->id)", "@cwid" => $account->cwid));

  82.   

  83.   $_SESSION["masquerade_active"] = TRUE;

  84.   $_SESSION["masquerade_original_user"] = $user;

  85.   fp_goto("<front>");

  86. }

  87. 

  88. 

  89. function masquerade_init() {

  90.   global $user;

  91.   

  92.   if (isset($_SESSION["masquerade_active"]) && $_SESSION["masquerade_active"]) {

  93.     fp_add_message(t("You are currently masquerading as %user (originally %ou).  To return to your previous

  94.                       account, log out, then log in normally.", 

  95.                       array("%user" => $user->name, "%ou"=>$_SESSION["masquerade_original_user"]->name)), 

  96.                    "status", TRUE);

  97. 

  98.   }

  99. }

  100. 

  101. 

  102. 

  103. 

  104. /**

  105.  * This form will let the user specify which user they wish to impersonate.

  106.  */

  107. function masquerade_form() {

  108.   $form = array();

  109.   

  110.   $form["mark" . $m++] = array(

  111.     "value" => "<p>" . t("Use this form to decide which user you wish to impersonate.  Once selected,

  112.                   you will experience FlightPath as that user would until you log out.") . "</p>",

  113.   );

  114.    

  115.   $form["username_or_cwid"] = array(

  116.     "label" => t("Last name, Email, Username, or CWID:"),

  117.     "type" => "textfield",

  118.     "value" => $_REQUEST["username_or_cwid"],

  119.     "description" => t("Enter the last name, email, username, or CWID of the person you wish to impersonate.  Will display the first 20 results only.

  120.                       <br>Ex:  peacocrj7  or  10022312."),

  121.   );

  122.   

  123.   $form["submit"] = array(

  124.     "type" => "submit", 

  125.     "spinner" => TRUE,

  126.     "value" => t("Look up"),

  127.   );

  128.   

  129.   $users = $_SESSION["masquerade_lookup_users"];

  130.   if (is_array($users) && count($users) > 0) {

  131.     $form["mark" . $m++] = array(

  132.       "value" => "<hr><p>" . t("Please click on the user you wish to impersonate:") . "</p>

  133.         <ul>",

  134.     );

  135.     

  136.     $c = 0;

  137.     foreach($users as $uid) {

  138.       $account = fp_load_user($uid);

  139.              

  140.       $type = "";

  141.       if ($account->is_student) $type .= t("student");

  142.       if ($account->is_faculty) $type .= t("faculty");

  143.       

  144.       $form["mark" . $m++] = array(        

  145.         "value" => "<li>" . l("$account->name - $account->f_name $account->l_name ($account->cwid) - $type", "masquerade", "user_id=$account->id") . "</li>",        

  146.       );

  147.       

  148.       $c++;

  149.       if ($c >= 20) break;

  150.       

  151.     }

  152.     

  153.     $form["mark" . $m++] = array(

  154.       "value" => "</ul>",

  155.     );

  156.     

  157.     unset($_SESSION["masquerade_lookup_users"]);

  158.     

  159.   }

  160.   else if (is_array($users)) {

  161.     $form["mark" . $m++] = array(

  162.       "value" => "<hr><p>" . t("Sorry, no results.") . "</p>

  163.         <ul>",

  164.     );

  165.     unset($_SESSION["masquerade_lookup_users"]);    

  166.   }

  167.   

  168.   

  169.   return $form;

  170. }

  171. 

  172. 

  173. 

  174. /**

  175.  * The submit handler for masquerade_form.

  176.  * 

  177.  * We want to look up the user(s) for the username or CWID entered, placing that

  178.  * information in the SESSION.  When we return to the form, it will display these

  179.  * results for the user to select.

  180.  *

  181.  * @param unknown_type $form

  182.  * @param unknown_type $form_state

  183.  */

  184. function masquerade_form_submit($form, &$form_state) {

  185.   

  186.   $username_or_cwid = trim($form_state["values"]["username_or_cwid"]);

  187. 

  188.   

  189.   if ($username_or_cwid == "") return;

  190.   

  191.   $users = array();

  192.   

  193.   $res = db_query("SELECT user_id FROM users WHERE cwid LIKE ?

  194.                     LIMIT 20", array("%$username_or_cwid%"));

  195.   while ($cur = db_fetch_array($res)) {

  196.     $users[intval($cur['user_id'])] = $cur['user_id'];

  197.   }

  198.   

  199.   $res = db_query("SELECT user_id FROM users WHERE user_name LIKE ?

  200.                     LIMIT 20", array("%$username_or_cwid%"));

  201.   while ($cur = db_fetch_array($res)) {

  202.     $users[intval($cur['user_id'])] = $cur['user_id'];

  203.   }

  204. 

  205.   

  206.   $res = db_query("SELECT user_id FROM users WHERE email LIKE ?

  207.                     LIMIT 20", array("%$username_or_cwid%"));

  208.   while ($cur = db_fetch_array($res)) {

  209.     $users[intval($cur['user_id'])] = $cur['user_id'];

  210.   }

  211.   

  212.   $res = db_query("SELECT user_id FROM users WHERE l_name LIKE ?

  213.                     LIMIT 20", array("%$username_or_cwid%"));

  214.   while ($cur = db_fetch_array($res)) {

  215.     $users[intval($cur['user_id'])] = $cur['user_id'];

  216.   }

  217.     

  218.   if (isset($users[1])) {

  219.     unset($users[1]); // do not allow admin user to be selected.

  220.   }

  221.   

  222.   

  223.   // Okay, let's add the users we found to the SESSION.

  224.   $_SESSION["masquerade_lookup_users"] = $users;

  225.    

  226.   

  227. }

  228. 

  229. 

  230. 

  231. 

  232. 

  233. /**

  234.  * Implementation of hook_perm

  235.  */

  236. function masquerade_perm() {

  237.   return array(

  238.     "access_masquerade" => array(

  239.       "title" => t("Access masquerade"),

  240.       "description" => t("This is a VERY powerful permission!  It will allow 

  241.                            a user to become any other user (except admin), without

  242.                            knowing their password.  Only give it to very trusted users."),

  243.       "admin_restricted" => TRUE, // means only appears for admin (user_id == 1)

  244.     ),

  245.   );

  246. }

Functions

Namesort descending Description
masquerade_form This form will let the user specify which user they wish to impersonate.
masquerade_form_submit The submit handler for masquerade_form.
masquerade_init
masquerade_menu Implementation of hook_menu
masquerade_perform_masquerade Actually perform the switching of users to the selected user.
masquerade_perm Implementation of hook_perm