/**
* Validate the secret of a user to switch to the real thing
*
* @param string $secret the string to validate
* @param ElggUser $user the user to validate for (default: current user)
*
* @return bool
*/
function admin_tools_validate_switch_admin_secret($secret, ElggUser $user = null)
{
if (empty($secret)) {
return false;
}
// no param, check current logged in user
if (empty($user)) {
$user = elgg_get_logged_in_user_entity();
}
// no user to check
if (!$user instanceof ElggUser) {
return false;
}
$correct_secret = admin_tools_make_switch_admin_secret($user);
return $correct_secret === $secret;
}
*/
$user_guid = (int) get_input('user_guid');
if (empty($user_guid) || $user_guid != elgg_get_logged_in_user_guid()) {
register_error(elgg_echo('actionunauthorized'));
forward(REFERER);
}
$user = get_user($user_guid);
if (empty($user)) {
forward(REFERER);
}
if (!admin_tools_is_admin_user($user)) {
register_error(elgg_echo('actionunauthorized'));
forward(REFERER);
}
if ($user->isAdmin()) {
// make the user a normal user
$secret = admin_tools_make_switch_admin_secret($user);
if (!empty($secret)) {
$user->removeAdmin();
elgg_set_plugin_user_setting('switched_admin', $secret, $user->getGUID(), 'admin_tools');
system_message(elgg_echo('admin_tools:action:toggle_admin:success:user'));
} else {
register_error(elgg_echo('save:fail'));
}
} else {
// make the user an admin
$user->makeAdmin();
elgg_unset_plugin_user_setting('switched_admin', $user->getGUID(), 'admin_tools');
system_message(elgg_echo('admin_tools:action:toggle_admin:success:admin'));
}
forward(REFERER);
