<?php // $Id$
// Allows a teacher/admin to login as another user (in stealth mode)
- require_once("../config.php");
- require_once("lib.php");
+ require_once('../config.php');
+ require_once('lib.php');
/// Reset user back to their real self if needed
- $return = optional_param('return', 0, PARAM_BOOL); // return to the page we came from
+ $return = optional_param('return', 0, PARAM_BOOL); // return to the page we came from
if (!empty($USER->realuser)) {
+ if (!confirm_sesskey()) {
+ print_error('confirmsesskeybad');
+ }
+
$USER = get_complete_user_data('id', $USER->realuser);
load_all_capabilities(); // load all this user's normal capabilities
}
}
-
///-------------------------------------
/// We are trying to log in as this user in the first place
- $id = required_param('id', PARAM_INT); // course id
- $userid = required_param('user', PARAM_INT); // login as this user
+ $id = optional_param('id', SITEID, PARAM_INT); // course id
+ $userid = required_param('user', PARAM_INT); // login as this user
- if (!$site = get_site()) {
- error("Site isn't defined!");
+ if (!confirm_sesskey()) {
+ print_error('confirmsesskeybad');
}
-
- if (! $course = get_record("course", "id", $id)) {
+
+ if (! $course = get_record('course', 'id', $id)) {
error("Course ID was incorrect");
}
/// User must be logged in
- if ($course->id == SITEID) {
- require_login();
- $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
- } else {
- require_login($course->id);
- $context = get_context_instance(CONTEXT_COURSE, $course->id);
- if (!has_capability('moodle/course:view', $context, $userid, false)) {
+ $systemcontext = get_context_instance(CONTEXT_SYSTEM);
+ $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
+
+ require_login();
+
+ if (has_capability('moodle/user:loginas', $systemcontext)) {
+ if (has_capability('moodle/site:doanything', $systemcontext, $userid, false)) {
+ print_error('nologinas');
+ }
+ $context = $systemcontext;
+ } else if (has_capability('moodle/user:loginas', $coursecontext)) {
+ require_login($course);
+ if (!has_capability('moodle/course:view', $coursecontext, $userid, false)) {
error('This user is not in this course!');
}
- if (has_capability('moodle/site:doanything', $context, $userid, false)) {
+ if (has_capability('moodle/site:doanything', $coursecontext, $userid, false)) {
print_error('nologinas');
}
+ $context = $coursecontext;
}
-/// User must have permissions
-
- require_capability('moodle/user:loginas', $context);
-
-
/// Remember current timeaccess settings for later
if (isset($USER->timeaccess)) {
$oldfullname = fullname($USER, true);
$olduserid = $USER->id;
- $USER = get_complete_user_data('id', $userid); // Create the new USER object with all details
+/// Create the new USER object with all details and reload needed capabilitites
+ $USER = get_complete_user_data('id', $userid);
$USER->realuser = $olduserid;
-
- load_user_capability('', $context); // load this user's capabilities for this context only
+ $USER->loginascontext = $context;
+ load_all_capabilities(); // reload capabilities
if (isset($SESSION->currentgroup)) { // Remember current cache setting for later
$SESSION->oldcurrentgroup = $SESSION->currentgroup;
exit;
}
+/// loginas as redirection if needed
+ if ($COURSE->id != SITEID and !empty($USER->realuser)) {
+ if ($USER->loginascontext->contextlevel == CONTEXT_COURSE) {
+ if ($USER->loginascontext->instanceid != $COURSE->id) {
+ print_error('loginascourseredir', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid);
+ }
+ }
+ }
+
+
/// check whether the user should be changing password (but only if it is REALLY them)
$userauth = get_auth_plugin($USER->auth);
if (get_user_preferences('auth_forcepasswordchange') && empty($USER->realuser)) {
$info['html'] .= '<span class="logwrites">Log writes '.$info['logwrites'].'</span> ';
$info['txt'] .= 'logwrites: '.$info['logwrites'].' ';
}
+
+ if (!empty($PERF->profiling)) {
+ require_once($CFG->dirroot .'/lib/profilerlib.php');
+ $profiler = new Profiler();
+ $info['html'] .= '<span class="profilinginfo">'.$profiler->get_profiling().'</span>';
+ }
if (function_exists('posix_times')) {
$ptimes = posix_times();
return $info;
}
+function apd_get_profiling() {
+ return shell_exec('pprofp -u ' . ini_get('apd.dumpdir') . '/pprof.' . getmypid() . '.*');
+}
function remove_dir($dir, $content_only=false) {
// if content_only=true then delete all but
$course = $SITE;
}
- if (isset($user->realuser)) {
+ if (!empty($user->realuser)) {
if ($realuser = get_record('user', 'id', $user->realuser)) {
$fullname = fullname($realuser, true);
$realuserinfo = " [<a $CFG->frametarget
- href=\"$CFG->wwwroot/course/loginas.php?id=$course->id&return=1\">$fullname</a>] ";
+ href=\"$CFG->wwwroot/course/loginas.php?id=$course->id&return=1&sesskey=".sesskey()."\">$fullname</a>] ";
}
} else {
$realuserinfo = '';
if (empty($course->id)) {
// $course->id is not defined during installation
return '';
- } else if (isset($user->id) and $user->id) {
+ } else if (!empty($user->id)) {
$context = get_context_instance(CONTEXT_COURSE, $course->id);
$fullname = fullname($user, true);
if (has_capability('moodle/role:assign', $context, NULL)) { // Includes admins
$output .= '<a href="'. $CFG->wwwroot .'/course/unenrol.php?id='. $course->id .'&user='. $user->id .'">'. $string->unenrol .'</a><br />';
}
- if ($USER->id != $user->id && has_capability('moodle/user:loginas', $context) &&
+ if ($USER->id != $user->id && empty($USER->realuser) && has_capability('moodle/user:loginas', $context) &&
! has_capability('moodle/site:doanything', $context, $user->id, false)) {
- $output .= '<a href="'. $CFG->wwwroot .'/course/loginas.php?id='. $course->id .'&user='. $user->id .'">'. $string->loginas .'</a><br />';
+ $output .= '<a href="'. $CFG->wwwroot .'/course/loginas.php?id='. $course->id .'&user='. $user->id .'&sesskey='. sesskey() .'">'. $string->loginas .'</a><br />';
}
$output .= '<a href="'. $CFG->wwwroot .'/user/view.php?id='. $user->id .'&course='. $course->id .'">'. $string->fullprofile .'...</a>';
projects / moodle.git / commitdiff