Allow admins to log in as user

2022-02-23 09:36:54 +01:00 · 2022-02-23 09:36:54 +01:00 · 1abe9c3e5f
commit 1abe9c3e5f
parent 3686966f19
4 changed files with 73 additions and 10 deletions
--- a/src/classes/page.php
+++ b/src/classes/page.php
@ -219,8 +219,13 @@ class Page
                        <?php
                        $user = isset($_SESSION['user']) ? new User() : null;

-                        if ($user && $user->isLoggedIn()) {
-                            ?>
+                        if ($user && $user->isLoggedIn()) { ?>
+                            <?php if ($user && 100 === $user->power) { ?>
+                                <a class="item" href="/?page=login-as">
+                                    <i class="sign out alternate icon"></i>
+                                    Login as
+                                </a>
+                            <?php } ?>
                            <a class="item" href="/?page=logout">
                                <i class="sign out alternate icon"></i>
                                Logout
--- a/src/classes/user.php
+++ b/src/classes/user.php
@ -31,7 +31,8 @@ class User

        global $database;

-        $user = $database->query('SELECT * FROM `users`
+        $user = $database
+        ->query('SELECT * FROM `users`
                  WHERE `id` = ' . $this->id . ';')
        ->fetch();

--- a/src/pages/login-as.php
+++ b/src/pages/login-as.php
@ -0,0 +1,58 @@
+<?php
+
+/**
+ * Allows administrators to login as a user. For debugging purposes.
+ *
+ * @author Jay Trees <github.jay@grandel.anonaddy.me>
+ */
+
+use wishthis\Page;
+
+$page = new Page(__FILE__, 'Login as');
+
+if (isset($_POST['email'])) {
+    $email = $_POST['email'];
+
+    $user = $database->query('SELECT * FROM `users`
+                               WHERE `email`    = "' . $email . '";')
+                     ->fetch();
+
+    $success = false !== $user;
+
+    if ($success) {
+        $_SESSION['user'] = $user;
+
+        echo '<pre>';
+        var_dump($user);
+        echo '<pre>';
+    }
+}
+
+$page->header();
+$page->navigation();
+?>
+<main>
+    <div class="ui container">
+        <h1 class="ui header"><?= $page->title ?></h1>
+
+        <?php
+        if (isset($success) && !$success) {
+            echo Page::error('User not found!', 'Error');
+        }
+        ?>
+
+        <div class="ui segment">
+            <form class="ui form" method="post">
+                <div class="field">
+                    <label>Email</label>
+                    <input type="email" name="email" placeholder="john.doe@domain.tld" />
+                </div>
+
+                <input class="ui primary button" type="submit" value="Login" />
+            </form>
+        </div>
+    </div>
+</main>
+
+<?php
+$page->footer();
--- a/src/pages/login.php
+++ b/src/pages/login.php
@ -19,11 +19,10 @@ if (isset($_POST['email'], $_POST['password'])) {
                       WHERE `email` = "' . $email . '"
                         AND `password` = "' . $password . '"
    ;');
-    $user = $database->query(
-        'SELECT * FROM `users`
+    $user = $database->query('SELECT * FROM `users`
                               WHERE `email`    = "' . $email . '"
-         AND `password` = "' . $password . '";'
-    )->fetch();
+                                 AND `password` = "' . $password . '";')
+                     ->fetch();

    $success = false !== $user;