/** * assumeUser Assume the identity of anothre user - Only admins may do this * * @param numeric $pUserId User ID of the user you want to hijack * @access public * @return TRUE on success, FALSE on failure - mErrors will contain reason for failure */ function assumeUser($pUserId) { global $gBitUser; $ret = FALSE; // make double sure the current logged in user has permission, check for p_users_admin, not admin, as that is all you need for assuming another user. // this enables creating of a non technical site adminstrators role, eg customer support representatives. if ($gBitUser->hasPermission('p_users_admin')) { $assumeUser = new RolePermUser($pUserId); $assumeUser->loadPermissions(); if ($assumeUser->isAdmin()) { $this->mErrors['assume_user'] = tra("User administrators cannot be assumed."); } else { $this->mDb->query("UPDATE `" . BIT_DB_PREFIX . "users_cnxn` SET `user_id`=?, `assume_user_id`=? WHERE `cookie`=?", array($pUserId, $gBitUser->mUserId, $_COOKIE[$this->getSiteCookieName()])); $ret = TRUE; } } return $ret; }
// $Header$ // Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al. // All Rights Reserved. See below for details and a complete list of authors. // Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See http://www.gnu.org/copyleft/lesser.html for details. // This script is used to assign roles to a particular user // ASSIGN USER TO ROLES // Initialization require_once '../../kernel/setup_inc.php'; $gBitSystem->verifyPermission('p_users_admin'); if (!$gBitUser->userExists(array('user_id' => $_REQUEST["assign_user"]))) { $gBitSystem->fatalError(tra("User doesnt exist")); } $assignUser = new RolePermUser($_REQUEST["assign_user"]); $assignUser->load(TRUE); if ($assignUser->isAdmin() && !$gBitUser->isAdmin()) { $gBitSystem->fatalError(tra('You cannot modify a system administrator.')); } if (isset($_REQUEST["action"])) { $gBitUser->verifyTicket(); if ($_REQUEST["action"] == 'assign') { $assignUser->addUserToRole($assignUser->mUserId, $_REQUEST["role_id"]); } elseif ($_REQUEST["action"] == 'removerole') { $assignUser->removeUserFromRole($_REQUEST["assign_user"], $_REQUEST["role_id"]); } bit_redirect('assign_role_user.php?assign_user='******'set_default'])) { $gBitUser->verifyTicket(); $assignUser->storeUserDefaultRole($assignUser->mUserId, $_REQUEST['default_role']); $assignUser->load(); }