masquerade.module

  1. 7.x modules/masquerade/masquerade.module
  2. 6.x modules/masquerade/masquerade.module

The masquerade module, which allows admin users to impersonate other users.

File

modules/masquerade/masquerade.module
View source
  1. <?php

  2. 

  3. /**

  4.  * @file

  5.  * The masquerade module, which allows admin users to impersonate other users.

  6.  */

  7. 

  8. 

  9. 

  10. 

  11. /**

  12.  * Implementation of hook_menu

  13.  *

  14.  */

  15. function masquerade_menu() {

  16.   

  17.   $items = array();

  18.   

  19.   $items["admin-tools/masquerade"] = array(

  20.     "title" => "Masquerade as another user",

  21.     "page_callback" => "fp_render_form",

  22.     "page_arguments" => array("masquerade_form"),

  23.     "access_arguments" => array("access_masquerade"),

  24.     "page_settings" => array(      

  25.       "menu_links" => array(          

  26.         0 => array(

  27.           "text" => t("Admin Tools"),

  28.           "path" => "admin-tools",

  29.           "query" => "de_catalog_year=%DE_CATALOG_YEAR%",

  30.         ),

  31.       ),    

  32.       "menu_icon" => fp_get_module_path('masquerade') . "/icons/mask.png",

  33.     ),        

  34.     "type" => MENU_TYPE_NORMAL_ITEM,

  35.     'weight' => 40,

  36.   );

  37.    

  38.   

  39.   $items["masquerade"] = array(

  40.     "page_callback" => "masquerade_perform_masquerade",

  41.     "access_arguments" => array("access_masquerade"),

  42.     "type" => MENU_TYPE_CALLBACK,  

  43.   ); 

  44.   

  45.   

  46.   return $items;

  47. }

  48. 

  49. 

  50. 

  51. /**

  52.  * Actually perform the switching of users to the selected user.

  53.  *

  54.  */

  55. function masquerade_perform_masquerade() {

  56.   global $user;

  57.   

  58.   $user_id = intval($_REQUEST["user_id"]);

  59.   

  60.   // Do not allow user_id 1

  61.   if ($user_id === 1) {

  62.     fp_add_message(t("Admin user is not allowed to be selected for masquerade."), "error");

  63.     fp_goto("<front>");

  64.     return;

  65.   }

  66.   

  67.   

  68.   // Set up a new $account object.

  69.   $account = new stdClass();

  70.   

  71.   $account = fp_load_user($user_id);

  72.   // Okay, let's look for all the modules who have implimented hook_user_login

  73.   $modules = modules_implement_hook("user_login");

  74.   foreach ($modules as $module) {

  75.     call_user_func_array($module . '_user_login', array(&$account));

  76.   }

  77.   

  78.   // Set the $account to the SESSION.

  79.   $_SESSION["fp_user_object"] = $account;

  80.   

  81.   watchdog("masquerade", "@user is now masquerading as @newuser. New CWID: @cwid", array("@user" => "$user->name ($user->id)", "@newuser" => "$account->name ($account->id)", "@cwid" => $account->cwid));

  82.   

  83.   $_SESSION["masquerade_active"] = TRUE;

  84.   $_SESSION["masquerade_original_user"] = $user;

  85.   fp_goto("<front>");

  86. }

  87. 

  88. 

  89. function masquerade_init() {

  90.   global $user;

  91.   

  92.   if (isset($_SESSION["masquerade_active"]) && $_SESSION["masquerade_active"]) {

  93.     fp_add_message(t("You are currently masquerading as %user (originally %ou).  To return to your previous

  94.                       account, log out, then log in normally.", 

  95.                       array("%user" => $user->name, "%ou"=>$_SESSION["masquerade_original_user"]->name)), 

  96.                    "status", TRUE);

  97. 

  98.   }

  99. }

  100. 

  101. 

  102. 

  103. 

  104. /**

  105.  * This form will let the user specify which user they wish to impersonate.

  106.  */

  107. function masquerade_form() {

  108.   $form = array();

  109.   

  110.   $m = 1;

  111.   

  112.   $form["mark" . $m++] = array(

  113.     "value" => "<p>" . t("Use this form to decide which user you wish to impersonate.  Once selected,

  114.                   you will experience FlightPath as that user would until you log out.") . "</p>",

  115.   );

  116.    

  117.   $form["username_or_cwid"] = array(

  118.     "label" => t("Last name, Email, Username, or CWID:"),

  119.     "type" => "textfield",

  120.     "value" => (string) @$_REQUEST["username_or_cwid"],

  121.     "description" => t("Enter the last name, email, username, or CWID of the person you wish to impersonate.  Will display the first 20 results only.

  122.                       <br>Ex:  peacocrj7  or  10022312."),

  123.   );

  124.   

  125.   $form["submit"] = array(

  126.     "type" => "submit", 

  127.     "spinner" => TRUE,

  128.     "value" => t("Look up"),

  129.   );

  130.   

  131.   $users = @$_SESSION["masquerade_lookup_users"];

  132.   if (is_array($users) && count($users) > 0) {

  133.     $form["mark" . $m++] = array(

  134.       "value" => "<hr><p>" . t("Please click on the user you wish to impersonate:") . "</p>

  135.         <ul>",

  136.     );

  137.     

  138.     $c = 0;

  139.     foreach($users as $uid) {

  140.       $account = fp_load_user($uid);

  141.              

  142.       $type = "";

  143.       if ($account->is_student) $type .= t("student");

  144.       if ($account->is_faculty) $type .= t("faculty");

  145.       

  146.       $form["mark" . $m++] = array(        

  147.         "value" => "<li>" . l("$account->name - $account->f_name $account->l_name ($account->cwid) - $type", "masquerade", "user_id=$account->id") . "</li>",        

  148.       );

  149.       

  150.       $c++;

  151.       if ($c >= 20) break;

  152.       

  153.     }

  154.     

  155.     $form["mark" . $m++] = array(

  156.       "value" => "</ul>",

  157.     );

  158.     

  159.     unset($_SESSION["masquerade_lookup_users"]);

  160.     

  161.   }

  162.   else if (is_array($users)) {

  163.     $form["mark" . $m++] = array(

  164.       "value" => "<hr><p>" . t("Sorry, no results.") . "</p>

  165.         <ul>",

  166.     );

  167.     unset($_SESSION["masquerade_lookup_users"]);    

  168.   }

  169.   

  170.   

  171.   return $form;

  172. }

  173. 

  174. 

  175. 

  176. /**

  177.  * The submit handler for masquerade_form.

  178.  * 

  179.  * We want to look up the user(s) for the username or CWID entered, placing that

  180.  * information in the SESSION.  When we return to the form, it will display these

  181.  * results for the user to select.

  182.  *

  183.  * @param unknown_type $form

  184.  * @param unknown_type $form_state

  185.  */

  186. function masquerade_form_submit($form, &$form_state) {

  187.   

  188.   $username_or_cwid = trim($form_state["values"]["username_or_cwid"]);

  189. 

  190.   

  191.   if ($username_or_cwid == "") return;

  192.   

  193.   $users = array();

  194.   

  195.   $res = db_query("SELECT user_id FROM users WHERE cwid LIKE ?

  196.                     LIMIT 20", array("%$username_or_cwid%"));

  197.   while ($cur = db_fetch_array($res)) {

  198.     $users[intval($cur['user_id'])] = $cur['user_id'];

  199.   }

  200.   

  201.   $res = db_query("SELECT user_id FROM users WHERE user_name LIKE ?

  202.                     LIMIT 20", array("%$username_or_cwid%"));

  203.   while ($cur = db_fetch_array($res)) {

  204.     $users[intval($cur['user_id'])] = $cur['user_id'];

  205.   }

  206. 

  207.   

  208.   $res = db_query("SELECT user_id FROM users WHERE email LIKE ?

  209.                     LIMIT 20", array("%$username_or_cwid%"));

  210.   while ($cur = db_fetch_array($res)) {

  211.     $users[intval($cur['user_id'])] = $cur['user_id'];

  212.   }

  213.   

  214.   $res = db_query("SELECT user_id FROM users WHERE l_name LIKE ?

  215.                     LIMIT 20", array("%$username_or_cwid%"));

  216.   while ($cur = db_fetch_array($res)) {

  217.     $users[intval($cur['user_id'])] = $cur['user_id'];

  218.   }

  219.     

  220.   if (isset($users[1])) {

  221.     unset($users[1]); // do not allow admin user to be selected.

  222.   }

  223.   

  224.   

  225.   // Okay, let's add the users we found to the SESSION.

  226.   $_SESSION["masquerade_lookup_users"] = $users;

  227.    

  228.   

  229. }

  230. 

  231. 

  232. 

  233. 

  234. 

  235. /**

  236.  * Implementation of hook_perm

  237.  */

  238. function masquerade_perm() {

  239.   return array(

  240.     "access_masquerade" => array(

  241.       "title" => t("Access masquerade"),

  242.       "description" => t("This is a VERY powerful permission!  It will allow 

  243.                            a user to become any other user (except admin), without

  244.                            knowing their password.  Only give it to very trusted users."),

  245.       "admin_restricted" => TRUE, // means only appears for admin (user_id == 1)

  246.     ),

  247.   );

  248. }

Functions

Namesort descending Description
masquerade_form This form will let the user specify which user they wish to impersonate.
masquerade_form_submit The submit handler for masquerade_form.
masquerade_init
masquerade_menu Implementation of hook_menu
masquerade_perform_masquerade Actually perform the switching of users to the selected user.
masquerade_perm Implementation of hook_perm