/** * Validate the secret of a user to switch to the real thing * * @param string $secret the string to validate * @param ElggUser $user the user to validate for (default: current user) * * @return bool */ function admin_tools_validate_switch_admin_secret($secret, ElggUser $user = null) { if (empty($secret)) { return false; } // no param, check current logged in user if (empty($user)) { $user = elgg_get_logged_in_user_entity(); } // no user to check if (!$user instanceof ElggUser) { return false; } $correct_secret = admin_tools_make_switch_admin_secret($user); return $correct_secret === $secret; }
*/ $user_guid = (int) get_input('user_guid'); if (empty($user_guid) || $user_guid != elgg_get_logged_in_user_guid()) { register_error(elgg_echo('actionunauthorized')); forward(REFERER); } $user = get_user($user_guid); if (empty($user)) { forward(REFERER); } if (!admin_tools_is_admin_user($user)) { register_error(elgg_echo('actionunauthorized')); forward(REFERER); } if ($user->isAdmin()) { // make the user a normal user $secret = admin_tools_make_switch_admin_secret($user); if (!empty($secret)) { $user->removeAdmin(); elgg_set_plugin_user_setting('switched_admin', $secret, $user->getGUID(), 'admin_tools'); system_message(elgg_echo('admin_tools:action:toggle_admin:success:user')); } else { register_error(elgg_echo('save:fail')); } } else { // make the user an admin $user->makeAdmin(); elgg_unset_plugin_user_setting('switched_admin', $user->getGUID(), 'admin_tools'); system_message(elgg_echo('admin_tools:action:toggle_admin:success:admin')); } forward(REFERER);