}
/// do not use when in course login as
- if (!empty($USER->realuser) and $USER->loginascontext->contextlevel == CONTEXT_COURSE) {
+ if (is_loggedinas() and $USER->loginascontext->contextlevel == CONTEXT_COURSE) {
print_error('loginasnoenrol', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid);
}
/// Reset user back to their real self if needed
$return = optional_param('return', 0, PARAM_BOOL); // return to the page we came from
- if (!empty($USER->realuser)) {
+ if (is_loggedinas()) {
if (!confirm_sesskey()) {
print_error('confirmsesskeybad');
}
if ($user) {
$userid = $user;
} else {
- if (!empty($USER->realuser)) { // Don't log
+ if (is_loggedinas()) { // Don't log
return;
}
$userid = empty($USER->id) ? '0' : $USER->id;
function user_accesstime_log($courseid=0) {
global $USER, $CFG, $DB;
- if (!isloggedin() or !empty($USER->realuser)) {
+ if (!isloggedin() or is_loggedinas()) {
// no access tracking
return;
}
}
/// loginas as redirection if needed
- if ($COURSE->id != SITEID and !empty($USER->realuser)) {
+ if ($COURSE->id != SITEID and is_loggedinas()) {
if ($USER->loginascontext->contextlevel == CONTEXT_COURSE) {
if ($USER->loginascontext->instanceid != $COURSE->id) {
print_error('loginasonecourse', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid);
}
/// check whether the user should be changing password (but only if it is REALLY them)
- if (get_user_preferences('auth_forcepasswordchange') && empty($USER->realuser)) {
+ if (get_user_preferences('auth_forcepasswordchange') && !is_loggedinas()) {
$userauth = get_auth_plugin($USER->auth);
if ($userauth->can_change_password()) {
$SESSION->wantsurl = $FULLME;
/// For non-guests, check if they have course view access
} else if (has_capability('moodle/course:view', $COURSE->context)) {
- if (!empty($USER->realuser)) { // Make sure the REAL person can also access this course
+ if (is_loggedinas()) { // Make sure the REAL person can also access this course
if (!has_capability('moodle/course:view', $COURSE->context, $USER->realuser)) {
print_header_simple();
notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/');
<?php //$Id$
+/**
+ * Factory method returning moodle_session object.
+ * @return moodle_session
+ */
function get_session() {
static $session = null;
error_log('Can not terminate session properly - headers were already sent in file: '.$file.' on line '.$line);
} else {
// TODO: regenerate session ID here
-
+
}
@session_write_close();
}
}
+/**
+ * Is current $USER logged-in-as somebody else?
+ * @return bool
+ */
+function is_loggedinas() {
+ global $USER;
+
+ return !empty($USER->realuser);
+}
+
+/**
+ * Login as another user - no security checks here.
+ * @param int $userid
+ * @param object $context
+ * @return void
+ */
function session_loginas($userid, $context) {
global $USER, $SESSION;
- if (!empty($USER->realuser)) {
+ if (is_loggedinas()) {
return;
}
}
}
+/**
+ * Terminate login-as session
+ * @return void
+ */
function session_unloginas() {
global $USER, $SESSION;
- if (empty($USER->realuser)) {
+ if (!is_loggedinas()) {
return;
}
$apachelog_name = clean_filename($USER->firstname . " " .
$USER->lastname);
}
- if (isset($USER->realuser)) {
+ if (is_loggedinas()) {
if ($realuser = $DB->get_record('user', array('id'=>$USER->realuser))) {
$apachelog_username = clean_filename($realuser->username." as ".$apachelog_username);
$apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name);
global $DB,$CFG,$SESSION,$USER;
$this->realdb=$DB;
$this->realcfg=$CFG;
- $this->realuser=$USER;
+ $this->prevuser=$USER;
$DB=new mock_database();
$CFG=clone($this->realcfg);
$CFG->prefix='test_';
$DB=$this->realdb;
$CFG=$this->realcfg;
$SESSION=$this->realsession;
- $USER=$this->realuser;
+ $USER=$this->prevuser;
}
function test_is_enabled() {
$course = $SITE;
}
- if (!empty($user->realuser)) {
+ if (is_loggedinas()) {
if ($realuser = $DB->get_record('user', array('id'=>$user->realuser))) {
$fullname = fullname($realuser, true);
$realuserinfo = " [<a $CFG->frametarget
if (has_capability('moodle/role:assign', $context) and get_user_roles($context, $user->id, false)) { // I can unassing and user has some role
$output .= '<a href="'. $CFG->wwwroot .'/course/unenrol.php?id='. $course->id .'&user='. $user->id .'">'. $string->unenrol .'</a><br />';
}
- if ($USER->id != $user->id && empty($USER->realuser) && has_capability('moodle/user:loginas', $context) &&
+ if ($USER->id != $user->id && !is_loggedinas() && has_capability('moodle/user:loginas', $context) &&
! has_capability('moodle/site:doanything', $context, $user->id, false)) {
$output .= '<a href="'. $CFG->wwwroot .'/course/loginas.php?id='. $course->id .'&user='. $user->id .'&sesskey='. sesskey() .'">'. $string->loginas .'</a><br />';
}
}
// do not allow "Logged in as" users to change any passwords
- if (!empty($USER->realuser)) {
+ if (is_loggedinas()) {
print_error('cannotcallscript');
}
if ($passwordchangeurl) {
$params = array('id'=>$course->id);
- if (!empty($USER->realuser)) {
+ if (is_loggedinas()) {
$passwordchangeurl = ''; // do not use actual change password url - might contain sensitive data
} else {
$parts = explode('?', $passwordchangeurl);
foreach($params as $key=>$value) {
echo '<input type="hidden" name="'.$key.'" value="'.s($value).'" />';
}
- if (!empty($USER->realuser)) {
+ if (is_loggedinas()) {
// changing of password when "Logged in as" is not allowed
echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" disabled=\"disabled\" />";
} else {
}
}
- if (!$user->deleted and $USER->id != $user->id && empty($USER->realuser) && has_capability('moodle/user:loginas', $coursecontext) &&
+ if (!$user->deleted and $USER->id != $user->id && !is_loggedinas() && has_capability('moodle/user:loginas', $coursecontext) &&
! has_capability('moodle/site:doanything', $coursecontext, $user->id, false)) {
echo '<form action="'.$CFG->wwwroot.'/course/loginas.php" method="get">';
echo '<div>';
projects / moodle.git / commitdiff