<fieldset> <input type="hidden" name="user_id" value="<?php echo $f_user_id; ?> " /> <span><input type="submit" class="button" value="<?php echo lang_get('manage_user'); ?> " /></span> </fieldset> </form> <?php } ?> <?php if (auth_can_impersonate($f_user_id)) { ?> <form id="manage-user-impersonate-form" method="post" action="manage_user_impersonate.php" class="action-button"> <fieldset> <?php echo form_security_field('manage_user_impersonate'); ?> <input type="hidden" name="user_id" value="<?php echo $f_user_id; ?> " /> <span><input type="submit" class="button" value="<?php echo lang_get('impersonate_user_button'); ?> " /></span> </fieldset>
/** * Ensure that the logged in user can impersonate the specified user. If not, * then an error page will be generated. * * @param int $p_user_id The user id to be impersonated. * @return void. */ function auth_ensure_can_impersonate($p_user_id) { if (!auth_can_impersonate($p_user_id)) { access_denied(); } }
<!-- Submit Button --> <span class="submit-button"><input type="submit" class="button" value="<?php echo lang_get('update_user_button'); ?> " /></span> </fieldset> </form> </div> <?php # User action buttons: RESET/UNLOCK and DELETE $t_reset = $t_user['id'] != auth_get_current_user_id() && helper_call_custom_function('auth_can_change_password', array()); $t_unlock = OFF != config_get('max_failed_login_count') && $t_user['failed_login_count'] > 0; $t_delete = !(user_is_administrator($t_user_id) && user_count_level(config_get_global('admin_site_threshold')) <= 1); $t_impersonate = auth_can_impersonate($t_user['id']); if ($t_reset || $t_unlock || $t_delete || $t_impersonate) { ?> <div id="manage-user-actions-div" class="form-container"> <!-- Impersonate Button --> <?php if ($t_impersonate) { ?> <form id="manage-user-impersonate-form" method="post" action="manage_user_impersonate.php" class="action-button"> <fieldset> <?php echo form_security_field('manage_user_impersonate'); ?> <input type="hidden" name="user_id" value="<?php echo $t_user['id'];