The other user is always able to revert back to his permission set.
This function does not check for lower/higher permissions, it is possible for the user to gain
"more" permissions by this.
Admin permissions will not be copied.
| public ghost_permissions ( $from_user_id, $to_user_id ) |
redirect(append_sid("{$phpbb_root_path}index.{$phpEx}"));
break;
case 'switch_perm':
$user_id = request_var('u', 0);
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . (int) $user_id;
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id'] || !check_link_hash(request_var('hash', ''), 'switchperm')) {
redirect(append_sid("{$phpbb_root_path}index.{$phpEx}"));
}
include $phpbb_root_path . 'includes/acp/auth.' . $phpEx;
$auth_admin = new auth_admin();
if (!$auth_admin->ghost_permissions($user_id, $user->data['user_id'])) {
redirect(append_sid("{$phpbb_root_path}index.{$phpEx}"));
}
add_log('admin', 'LOG_ACL_TRANSFER_PERMISSIONS', $user_row['username']);
$message = sprintf($user->lang['PERMISSIONS_TRANSFERRED'], $user_row['username']) . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>');
trigger_error($message);
break;
case 'restore_perm':
if (!$user->data['user_perm_from'] || !$auth->acl_get('a_switchperm')) {
redirect(append_sid("{$phpbb_root_path}index.{$phpEx}"));
}
$auth->acl_cache($user->data);
$sql = 'SELECT username
FROM ' . USERS_TABLE . '
WHERE user_id = ' . $user->data['user_perm_from'];
$result = $db->sql_query($sql);
