chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r10815] Fixing "login as" function

Browse Source 
http://www.dokeos.com/forum/viewtopic.php?t=8313
skala
Bart Mollet 19 years ago
parent 28d0a106ac
commit 8a17ba0aa9
1 changed files with 22 additions and 19 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 29
      main/admin/user_list.php

29
main/admin/user_list.php
Unescape View File

@ -1,6 +1,6 @@
<?php <?php
// $Id: user_list.php 10811 2007-01-22 08:26:40Z elixir_julian $ // $Id: user_list.php 10815 2007-01-22 13:07:40Z bmol $
/* /*
============================================================================== ==============================================================================
Dokeos - elearning and course management software Dokeos - elearning and course management software
@ -49,8 +49,7 @@ api_protect_admin_script();
function login_user($user_id) function login_user($user_id)
{ {
//init --------------------------------------------------------------------- //init ---------------------------------------------------------------------
global $uidReset, $loginFailed, $uidReset, $_configuration, $_user; global $uidReset, $loginFailed, $_configuration;
global $is_platformAdmin, $is_allowedCreateCourse;
$main_user_table = Database :: get_main_table(TABLE_MAIN_USER); $main_user_table = Database :: get_main_table(TABLE_MAIN_USER);
$main_admin_table = Database :: get_main_table(TABLE_MAIN_ADMIN); $main_admin_table = Database :: get_main_table(TABLE_MAIN_ADMIN);
@ -58,7 +57,6 @@ function login_user($user_id)
//logic -------------------------------------------------------------------- //logic --------------------------------------------------------------------
//unset($_user['user_id']); // uid not in session ? prevent any hacking //unset($_user['user_id']); // uid not in session ? prevent any hacking
if (!isset ($user_id)) if (!isset ($user_id))
{ {
$uidReset = true; $uidReset = true;
@ -75,9 +73,6 @@ function login_user($user_id)
$message = "Attempting to login as ".$firstname." ".$lastname." (id ".$user_id.")"; $message = "Attempting to login as ".$firstname." ".$lastname." (id ".$user_id.")";
//bug: this only works if $_uid is global
api_session_register('_uid');
$loginFailed = false; $loginFailed = false;
$uidReset = false; $uidReset = false;
@ -92,7 +87,7 @@ function login_user($user_id)
ON user.user_id = a.user_id ON user.user_id = a.user_id
LEFT JOIN $track_e_login_table login LEFT JOIN $track_e_login_table login
ON user.user_id = login.login_user_id ON user.user_id = login.login_user_id
WHERE user.user_id = '".$_user['user_id']."' WHERE user.user_id = '".$user_id."'
ORDER BY login.login_date DESC LIMIT 1"; ORDER BY login.login_date DESC LIMIT 1";
} }
else else
@ -101,7 +96,7 @@ function login_user($user_id)
FROM $main_user_table FROM $main_user_table
LEFT JOIN $main_admin_table a LEFT JOIN $main_admin_table a
ON user.user_id = a.user_id ON user.user_id = a.user_id
WHERE user.user_id = '".$_user['user_id']."'"; WHERE user.user_id = '".$user_id."'";
} }
$sql_result = api_sql_query($sql_query, __FILE__, __LINE__); $sql_result = api_sql_query($sql_query, __FILE__, __LINE__);
@ -112,6 +107,13 @@ function login_user($user_id)
$user_data = mysql_fetch_array($sql_result); $user_data = mysql_fetch_array($sql_result);
// Cleaning session variables
unset($_SESSION['_user']);
unset($_SESSION['is_platformAdmin']);
unset($_SESSION['is_allowedCreateCourse']);
unset($_SESSION['_uid']);
$_user['firstName'] = $user_data['firstname']; $_user['firstName'] = $user_data['firstname'];
$_user['lastName'] = $user_data['lastname']; $_user['lastName'] = $user_data['lastname'];
$_user['mail'] = $user_data['email']; $_user['mail'] = $user_data['email'];
@ -125,10 +127,11 @@ function login_user($user_id)
LoginDelete($_SESSION["_user"]["user_id"], $_configuration['statistics_database']); LoginDelete($_SESSION["_user"]["user_id"], $_configuration['statistics_database']);
//bug: this only works if $_user is global // Filling session variables with new data
api_session_register('_user'); $_SESSION['_uid'] = $user_id;
api_session_register('is_platformAdmin'); $_SESSION['_user'] = $_user;
api_session_register('is_allowedCreateCourse'); $_SESSION['is_platformAdmin'] = $is_platformAdmin;
$_SESSION['is_allowedCreateCourse'] = $is_allowedCreateCourse;
$target_url = api_get_path(WEB_PATH)."user_portal.php"; $target_url = api_get_path(WEB_PATH)."user_portal.php";
$message .= "<br/>Login successful. Go to <a href=\"$target_url\">$target_url</a>"; $message .= "<br/>Login successful. Go to <a href=\"$target_url\">$target_url</a>";

Write Preview
Loading…
Cancel
Save