/** * assumeUser Assume the identity of anothre user - Only admins may do this * * @param numeric $pUserId User ID of the user you want to hijack * @access public * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure */ function assumeUser($pUserId) { global $gBitUser; $ret = FALSE; // make double sure the current logged in user has permission, check for p_users_admin, not admin, as that is all you need for assuming another user. // this enables creating of a non technical site adminstrators group, eg customer support representatives. if ($gBitUser->hasPermission('p_users_admin')) { $assumeUser = new BitPermUser($pUserId); $assumeUser->loadPermissions(); if ($assumeUser->isAdmin()) { $this->mErrors['assume_user'] = tra("User administrators cannot be assumed."); } else { $this->mDb->query("UPDATE `" . BIT_DB_PREFIX . "users_cnxn` SET `user_id`=?, `assume_user_id`=? WHERE `cookie`=?", array($pUserId, $gBitUser->mUserId, $_COOKIE[$this->getSiteCookieName()])); $ret = TRUE; } } return $ret; }