/**
* assumeUser Assume the identity of anothre user - Only admins may do this
*
* @param numeric $pUserId User ID of the user you want to hijack
* @access public
* @return TRUE on success, FALSE on failure - mErrors will contain reason for failure
*/
function assumeUser($pUserId)
{
global $gBitUser;
$ret = FALSE;
// make double sure the current logged in user has permission, check for p_users_admin, not admin, as that is all you need for assuming another user.
// this enables creating of a non technical site adminstrators role, eg customer support representatives.
if ($gBitUser->hasPermission('p_users_admin')) {
$assumeUser = new RolePermUser($pUserId);
$assumeUser->loadPermissions();
if ($assumeUser->isAdmin()) {
$this->mErrors['assume_user'] = tra("User administrators cannot be assumed.");
} else {
$this->mDb->query("UPDATE `" . BIT_DB_PREFIX . "users_cnxn` SET `user_id`=?, `assume_user_id`=? WHERE `cookie`=?", array($pUserId, $gBitUser->mUserId, $_COOKIE[$this->getSiteCookieName()]));
$ret = TRUE;
}
}
return $ret;
}
// $Header$
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See below for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See http://www.gnu.org/copyleft/lesser.html for details.
// This script is used to assign roles to a particular user
// ASSIGN USER TO ROLES
// Initialization
require_once '../../kernel/setup_inc.php';
$gBitSystem->verifyPermission('p_users_admin');
if (!$gBitUser->userExists(array('user_id' => $_REQUEST["assign_user"]))) {
$gBitSystem->fatalError(tra("User doesnt exist"));
}
$assignUser = new RolePermUser($_REQUEST["assign_user"]);
$assignUser->load(TRUE);
if ($assignUser->isAdmin() && !$gBitUser->isAdmin()) {
$gBitSystem->fatalError(tra('You cannot modify a system administrator.'));
}
if (isset($_REQUEST["action"])) {
$gBitUser->verifyTicket();
if ($_REQUEST["action"] == 'assign') {
$assignUser->addUserToRole($assignUser->mUserId, $_REQUEST["role_id"]);
} elseif ($_REQUEST["action"] == 'removerole') {
$assignUser->removeUserFromRole($_REQUEST["assign_user"], $_REQUEST["role_id"]);
}
bit_redirect('assign_role_user.php?assign_user='******'set_default'])) {
$gBitUser->verifyTicket();
$assignUser->storeUserDefaultRole($assignUser->mUserId, $_REQUEST['default_role']);
$assignUser->load();
}