Merge branch 'login-as-user' into develop

2022-02-23 10:12:35 +01:00 · 2022-02-23 10:12:35 +01:00 · fc266ce81c
commit fc266ce81c
parent eed1f5844a 80fc577ca4
8 changed files with 79 additions and 13 deletions
--- a/src/api/products.php
+++ b/src/api/products.php
@ -42,6 +42,6 @@ switch ($_SERVER['REQUEST_METHOD']) {
        break;
 }

-echo json_encode($response);
 header('Content-type: application/json; charset=utf-8');
+echo json_encode($response);
 die();
--- a/src/api/wishlists.php
+++ b/src/api/wishlists.php
@ -47,6 +47,6 @@ switch ($_SERVER['REQUEST_METHOD']) {
        break;
 }

-echo json_encode($response);
 header('Content-type: application/json; charset=utf-8');
+echo json_encode($response);
 die();
--- a/src/assets/js/wishlist-view.js
+++ b/src/assets/js/wishlist-view.js
@ -10,6 +10,7 @@ $(function() {
        on:        'now',
        onSuccess: function(response, element, xhr) {
            wishlists = response.results;
+            console.log(wishlists);

            element.dropdown({
                values: wishlists,
--- a/src/classes/page.php
+++ b/src/classes/page.php
@ -219,8 +219,13 @@ class Page
                        <?php
                        $user = isset($_SESSION['user']) ? new User() : null;

-                        if ($user && $user->isLoggedIn()) {
-                            ?>
+                        if ($user && $user->isLoggedIn()) { ?>
+                            <?php if ($user && 100 === $user->power) { ?>
+                                <a class="item" href="/?page=login-as">
+                                    <i class="sign out alternate icon"></i>
+                                    Login as
+                                </a>
+                            <?php } ?>
                            <a class="item" href="/?page=logout">
                                <i class="sign out alternate icon"></i>
                                Logout
--- a/src/classes/user.php
+++ b/src/classes/user.php
@ -31,9 +31,10 @@ class User

        global $database;

-        $user = $database->query('SELECT * FROM `users`
-                                   WHERE `id` = ' . $this->id . ';')
-                         ->fetch();
+        $user = $database
+        ->query('SELECT * FROM `users`
+                  WHERE `id` = ' . $this->id . ';')
+        ->fetch();

        $this->power = $user['power'];
    }
--- a/src/classes/wishlist.php
+++ b/src/classes/wishlist.php
@ -149,6 +149,8 @@ class Wishlist
            <?php
        }

-        return ob_get_clean();
+        $html = ob_get_clean();
+
+        return $html;
    }
 }
--- a/src/pages/login-as.php
+++ b/src/pages/login-as.php
@ -0,0 +1,58 @@
+<?php
+
+/**
+ * Allows administrators to login as a user. For debugging purposes.
+ *
+ * @author Jay Trees <github.jay@grandel.anonaddy.me>
+ */
+
+use wishthis\Page;
+
+$page = new Page(__FILE__, 'Login as');
+
+if (isset($_POST['email'])) {
+    $email = $_POST['email'];
+
+    $user = $database->query('SELECT * FROM `users`
+                               WHERE `email`    = "' . $email . '";')
+                     ->fetch();
+
+    $success = false !== $user;
+
+    if ($success) {
+        $_SESSION['user'] = $user;
+
+        echo '<pre>';
+        var_dump($user);
+        echo '<pre>';
+    }
+}
+
+$page->header();
+$page->navigation();
+?>
+<main>
+    <div class="ui container">
+        <h1 class="ui header"><?= $page->title ?></h1>
+
+        <?php
+        if (isset($success) && !$success) {
+            echo Page::error('User not found!', 'Error');
+        }
+        ?>
+
+        <div class="ui segment">
+            <form class="ui form" method="post">
+                <div class="field">
+                    <label>Email</label>
+                    <input type="email" name="email" placeholder="john.doe@domain.tld" />
+                </div>
+
+                <input class="ui primary button" type="submit" value="Login" />
+            </form>
+        </div>
+    </div>
+</main>
+
+<?php
+$page->footer();
--- a/src/pages/login.php
+++ b/src/pages/login.php
@ -19,11 +19,10 @@ if (isset($_POST['email'], $_POST['password'])) {
                       WHERE `email` = "' . $email . '"
                         AND `password` = "' . $password . '"
    ;');
-    $user = $database->query(
-        'SELECT * FROM `users`
-         WHERE `email` = "' . $email . '"
-         AND `password` = "' . $password . '";'
-    )->fetch();
+    $user = $database->query('SELECT * FROM `users`
+                               WHERE `email`    = "' . $email . '"
+                                 AND `password` = "' . $password . '";')
+                     ->fetch();

    $success = false !== $user;