private function get_user_info() { $switch_to_user = ''; if (!is_multisite() || current_user_can('manage_network_users')) { $anchor_start = '<a href="' . wp_nonce_url("user-edit.php?user_id={$this->user_to_edit->ID}", "ure_user_{$this->user_to_edit->ID}") . '" >'; $anchor_end = '</a>'; if (class_exists('user_switching') && current_user_can('switch_to_user', $this->user_to_edit->ID)) { $switch_to_user_link = user_switching::switch_to_url($this->user_to_edit); $switch_to_user = '******' . esc_url($switch_to_user_link) . '">' . esc_html__('Switch To', 'user-switching') . '</a>'; } } else { $anchor_start = ''; $anchor_end = ''; } $user_info = ' <span style="font-weight: bold;">' . $anchor_start . $this->user_to_edit->user_login; if ($this->user_to_edit->display_name !== $this->user_to_edit->user_login) { $user_info .= ' (' . $this->user_to_edit->display_name . ')'; } $user_info .= $anchor_end . '</span>'; if (is_multisite() && is_super_admin($this->user_to_edit->ID)) { $user_info .= ' <span style="font-weight: bold; color:red;">' . esc_html__('Network Super Admin', 'user-role-editor') . '</span>'; } if (!empty($switch_to_user)) { $user_info .= ' ' . $switch_to_user; } return $user_info; }
/** * Prepare user row actions * * @param WP_User $user * * @return array * * @access protected */ protected function prepareRowActions(WP_User $user) { $max = AAM_Core_API::maxLevel(wp_get_current_user()->allcaps); if ($max < AAM_Core_API::maxLevel($user->allcaps)) { $actions = array('no-manage', 'no-lock', 'no-edit'); } else { $actions = array('manage'); $prefix = $user->ID == get_current_user_id() ? 'no-' : ''; $actions[] = $prefix . ($user->user_status ? 'unlock' : 'lock'); $actions[] = 'edit'; } if (class_exists('user_switching')) { $url = user_switching::maybe_switch_url($user); if (!in_array('edit', $actions) || empty($url)) { $actions[] = 'no-switch'; } else { $actions[] = 'switch|' . $url; } } return $actions; }
function testOldUserCookieAuthentication() { $admin = $this->testers['admin']; $editor = $this->testers['editor']; $expiry = time() + 172800; // A valid authentication cookie should pass authentication: $auth_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'auth'); $_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($auth_cookie)); $this->assertTrue(user_switching::authenticate_old_user($editor)); $this->assertFalse(user_switching::authenticate_old_user($admin)); // An expired but otherwise valid authentication cookie should not pass authentication: $auth_cookie = wp_generate_auth_cookie($editor->ID, time() - 1000, 'auth'); $_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($auth_cookie)); $this->assertFalse(user_switching::authenticate_old_user($editor)); $this->assertFalse(user_switching::authenticate_old_user($admin)); // A valid authentication cookie with the incorrect scheme should not pass authentication: $logged_in_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'logged_in'); $_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($logged_in_cookie)); $this->assertFalse(user_switching::authenticate_old_user($editor)); $this->assertFalse(user_switching::authenticate_old_user($admin)); $logged_in_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'secure_auth'); $_COOKIE[USER_SWITCHING_COOKIE] = json_encode(array($logged_in_cookie)); $this->assertFalse(user_switching::authenticate_old_user($editor)); $this->assertFalse(user_switching::authenticate_old_user($admin)); // A malformed cookie should not pass authentication and not trigger any PHP errors: $_COOKIE[USER_SWITCHING_COOKIE] = 'hello'; $this->assertFalse(user_switching::authenticate_old_user($editor)); $this->assertFalse(user_switching::authenticate_old_user($admin)); // A non-JSON-encoded cookie should not pass authentication and not trigger any PHP errors: $auth_cookie = wp_generate_auth_cookie($editor->ID, $expiry, 'auth'); $_COOKIE[USER_SWITCHING_COOKIE] = $auth_cookie; $this->assertFalse(user_switching::authenticate_old_user($editor)); $this->assertFalse(user_switching::authenticate_old_user($admin)); // No cookie should not pass authentication and not trigger any PHP errors: unset($_COOKIE[USER_SWITCHING_COOKIE]); $this->assertFalse(user_switching::authenticate_old_user($editor)); $this->assertFalse(user_switching::authenticate_old_user($admin)); }
/** * Gets the URL to switch to the user * if the User Switching plugin is active * * @access public * @since 2.1 */ public function get_switch_to_url() { if (!class_exists('user_switching')) { return false; } $link = user_switching::maybe_switch_url($this); if ($link) { $link = add_query_arg('redirect_to', urlencode(home_url()), $link); return $link; } else { return false; } }
/** * Authenticate an old user by verifying the latest entry in the auth cookie. * * @param WP_User $user A WP_User object (usually from the logged_in cookie). * @return bool Whether verification with the auth cookie passed. */ public static function authenticate_old_user(WP_User $user) { $cookie = user_switching_get_auth_cookie(); if (!empty($cookie)) { if (user_switching::secure_auth_cookie()) { $scheme = 'secure_auth'; } else { $scheme = 'auth'; } if ($old_user_id = wp_validate_auth_cookie(end($cookie), $scheme)) { return $user->ID === $old_user_id; } } return false; }
function testCurrentUrl() { $url = add_query_arg('foo', 'bar', home_url('baz')); $this->go_to($url); $this->assertSame(user_switching::current_url(), $url); }
function current_user_switched() { if (!is_user_logged_in()) { return false; } return user_switching::get_old_user(); }
*/ if (!defined('URE_PLUGIN_URL')) { die; // Silence is golden, direct call is prohibited } $edit_user_caps_mode = $this->get_edit_user_caps_mode(); ?> <div class="has-sidebar-content"> <?php $switch_to_user = ''; if (!is_multisite() || current_user_can('manage_network_users')) { $anchor_start = '<a href="' . wp_nonce_url("user-edit.php?user_id={$this->user_to_edit->ID}", "ure_user_{$this->user_to_edit->ID}") . '" >'; $anchor_end = '</a>'; if (class_exists('user_switching') && current_user_can('switch_to_user', $this->user_to_edit->ID)) { $switch_to_user_link = user_switching::switch_to_url($this->user_to_edit); $switch_to_user = '******' . esc_url($switch_to_user_link) . '">' . esc_html__('Switch To', 'user-switching') . '</a>'; } } else { $anchor_start = ''; $anchor_end = ''; } $user_info = ' <span style="font-weight: bold;">' . $anchor_start . $this->user_to_edit->user_login; if ($this->user_to_edit->display_name !== $this->user_to_edit->user_login) { $user_info .= ' (' . $this->user_to_edit->display_name . ')'; } $user_info .= $anchor_end . '</span>'; if (is_multisite() && is_super_admin($this->user_to_edit->ID)) { $user_info .= ' <span style="font-weight: bold; color:red;">' . esc_html__('Network Super Admin', 'user-role-editor') . '</span>'; } if (!empty($switch_to_user)) {
/** * function abus_user_search() * searches for the required user depending what was entered into the search box * in the admin bar */ function abus_user_search() { global $user_switching; /* get the posted query search, current url and nonce */ $q = $_POST['query']; $url = $_POST['currenturl']; $nonce = $_POST['nonce']; /* check nonce passes for intent */ if (!wp_verify_nonce($nonce, 'abus_nonce')) { exit; } $args = array('search' => $q, 'search_columns' => array('user_login')); /* query the users */ $user_query = new WP_User_Query($args); echo '<div class="abus_user_results">'; /* check we have results returned */ if (!empty($user_query->results)) { /* loop through each returned user */ foreach ($user_query->results as $user) { /* if this user is the current user - skip to next user */ if ($user->ID == get_current_user_id()) { continue; } $link = user_switching::maybe_switch_url($user); if ($link) { $link = add_query_arg('redirect_to', apply_filters('abus_switch_to_url', $url), $link); echo '<p class="result"><a href="' . esc_url($link, $user) . '">' . $user->display_name . '</a></p>'; } } /* no users match search */ } else { echo '<p class="result">No users found.</p>'; } echo '</div>'; die; }