The other user is always able to revert back to his permission set.
This function does not check for lower/higher permissions, it is possible for the user to gain
"more" permissions by this.
Admin permissions will not be copied.
public ghost_permissions ( $from_user_id, $to_user_id ) |
redirect(append_sid("{$phpbb_root_path}index.{$phpEx}")); break; case 'switch_perm': $user_id = request_var('u', 0); $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . (int) $user_id; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id'] || !check_link_hash(request_var('hash', ''), 'switchperm')) { redirect(append_sid("{$phpbb_root_path}index.{$phpEx}")); } include $phpbb_root_path . 'includes/acp/auth.' . $phpEx; $auth_admin = new auth_admin(); if (!$auth_admin->ghost_permissions($user_id, $user->data['user_id'])) { redirect(append_sid("{$phpbb_root_path}index.{$phpEx}")); } add_log('admin', 'LOG_ACL_TRANSFER_PERMISSIONS', $user_row['username']); $message = sprintf($user->lang['PERMISSIONS_TRANSFERRED'], $user_row['username']) . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>'); trigger_error($message); break; case 'restore_perm': if (!$user->data['user_perm_from'] || !$auth->acl_get('a_switchperm')) { redirect(append_sid("{$phpbb_root_path}index.{$phpEx}")); } $auth->acl_cache($user->data); $sql = 'SELECT username FROM ' . USERS_TABLE . ' WHERE user_id = ' . $user->data['user_perm_from']; $result = $db->sql_query($sql);