public function indexAction()
{
if (isset($_COOKIE['user_inject'])) {
setcookie("user_inject", '', time() - 60 * 60 * 24, "/", $_SERVER['HTTP_HOST']);
BTAuth::require_user();
if (BTAuth::authUser()->isAdmin()) {
if (BTAuth::user()->id() != BTAuth::authUser()->id()) {
//if in a "view as" session
header('Location: /admin/accounts');
BTApp::end();
}
}
}
$redir_url = '/';
BTAuth::set_auth_cookie('', time() - 3600);
header('location: ' . $redir_url);
}
public function ViewAsAction()
{
BTAuth::require_user();
if (!BTAuth::authUser()->isAdmin()) {
//normal user
error404();
}
$id = $_GET['id'];
$user = UserModel::model()->getRowFromPk($id);
$inject = false;
if ($user) {
if (BTAuth::authUser()->isAdmin()) {
//allow super admin to view anyone
$inject = true;
}
}
if ($inject) {
setcookie("user_inject", $id, time() + 60 * 60 * 24, "/", $_SERVER['HTTP_HOST']);
header("Location: /overview");
} else {
setcookie("user_inject", '', time() - 60 * 60 * 24, "/", $_SERVER['HTTP_HOST']);
header("Location: /overview");
}
}