From 1abe9c3e5f0cc95b90acbe518a30c116d3a5c2ef Mon Sep 17 00:00:00 2001
From: Jay Trees <github.hybridsupply@grandel.anonaddy.me>
Date: Wed, 23 Feb 2022 09:36:54 +0100
Subject: [PATCH] Allow admins to log in as user

---
 src/classes/page.php   |  9 +++++--
 src/classes/user.php   |  7 ++---
 src/pages/login-as.php | 58 ++++++++++++++++++++++++++++++++++++++++++
 src/pages/login.php    |  9 +++----
 4 files changed, 73 insertions(+), 10 deletions(-)
 create mode 100644 src/pages/login-as.php

diff --git a/src/classes/page.php b/src/classes/page.php
index 618e1467..8bd164c5 100644
--- a/src/classes/page.php
+++ b/src/classes/page.php
@@ -219,8 +219,13 @@ class Page
                         <?php
                         $user = isset($_SESSION['user']) ? new User() : null;
 
-                        if ($user && $user->isLoggedIn()) {
-                            ?>
+                        if ($user && $user->isLoggedIn()) { ?>
+                            <?php if ($user && 100 === $user->power) { ?>
+                                <a class="item" href="/?page=login-as">
+                                    <i class="sign out alternate icon"></i>
+                                    Login as
+                                </a>
+                            <?php } ?>
                             <a class="item" href="/?page=logout">
                                 <i class="sign out alternate icon"></i>
                                 Logout
diff --git a/src/classes/user.php b/src/classes/user.php
index 567d1758..21f8957f 100644
--- a/src/classes/user.php
+++ b/src/classes/user.php
@@ -31,9 +31,10 @@ class User
 
         global $database;
 
-        $user = $database->query('SELECT * FROM `users`
-                                   WHERE `id` = ' . $this->id . ';')
-                         ->fetch();
+        $user = $database
+        ->query('SELECT * FROM `users`
+                  WHERE `id` = ' . $this->id . ';')
+        ->fetch();
 
         $this->power = $user['power'];
     }
diff --git a/src/pages/login-as.php b/src/pages/login-as.php
new file mode 100644
index 00000000..e8e90c00
--- /dev/null
+++ b/src/pages/login-as.php
@@ -0,0 +1,58 @@
+<?php
+
+/**
+ * Allows administrators to login as a user. For debugging purposes.
+ *
+ * @author Jay Trees <github.jay@grandel.anonaddy.me>
+ */
+
+use wishthis\Page;
+
+$page = new Page(__FILE__, 'Login as');
+
+if (isset($_POST['email'])) {
+    $email = $_POST['email'];
+
+    $user = $database->query('SELECT * FROM `users`
+                               WHERE `email`    = "' . $email . '";')
+                     ->fetch();
+
+    $success = false !== $user;
+
+    if ($success) {
+        $_SESSION['user'] = $user;
+
+        echo '<pre>';
+        var_dump($user);
+        echo '<pre>';
+    }
+}
+
+$page->header();
+$page->navigation();
+?>
+<main>
+    <div class="ui container">
+        <h1 class="ui header"><?= $page->title ?></h1>
+
+        <?php
+        if (isset($success) && !$success) {
+            echo Page::error('User not found!', 'Error');
+        }
+        ?>
+
+        <div class="ui segment">
+            <form class="ui form" method="post">
+                <div class="field">
+                    <label>Email</label>
+                    <input type="email" name="email" placeholder="john.doe@domain.tld" />
+                </div>
+
+                <input class="ui primary button" type="submit" value="Login" />
+            </form>
+        </div>
+    </div>
+</main>
+
+<?php
+$page->footer();
diff --git a/src/pages/login.php b/src/pages/login.php
index 24023789..71c9adf1 100644
--- a/src/pages/login.php
+++ b/src/pages/login.php
@@ -19,11 +19,10 @@ if (isset($_POST['email'], $_POST['password'])) {
                        WHERE `email` = "' . $email . '"
                          AND `password` = "' . $password . '"
     ;');
-    $user = $database->query(
-        'SELECT * FROM `users`
-         WHERE `email` = "' . $email . '"
-         AND `password` = "' . $password . '";'
-    )->fetch();
+    $user = $database->query('SELECT * FROM `users`
+                               WHERE `email`    = "' . $email . '"
+                                 AND `password` = "' . $password . '";')
+                     ->fetch();
 
     $success = false !== $user;