From: moodler Date: Fri, 14 Nov 2003 12:48:26 +0000 (+0000) Subject: SECURITY FIX: This patch prevents teachers from logging in as admins or X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=6a7585f25977a7917119c7e4c0e6641740186c21;p=moodle.git SECURITY FIX: This patch prevents teachers from logging in as admins or course creators! I'll make an announcement to registered administrators. --- diff --git a/course/loginas.php b/course/loginas.php index 022de5f773..24aa7fd828 100644 --- a/course/loginas.php +++ b/course/loginas.php @@ -32,6 +32,10 @@ error("This student is not in this course!"); } + if (iscreator($user)) { + error("You can not login as this person!"); + } + // Login as this student and return to course home page. $teacher_name = "$USER->firstname $USER->lastname"; diff --git a/user/lib.php b/user/lib.php index 2bbd422d41..2c376be0e6 100644 --- a/user/lib.php +++ b/user/lib.php @@ -203,7 +203,7 @@ function print_user($user, $course, $string, $countries) { if (isteacher($course->id)) { $timemidnight = usergetmidnight(time()); echo "id&user=$user->id\">$string->activity
"; - if (isstudent($course->id, $user->id)) { + if (isstudent($course->id, $user->id) and !iscreator($user->id)) { // Includes admins echo "id&user=$user->id\">$string->unenrol
"; echo "id&user=$user->id\">$string->loginas
"; } diff --git a/user/view.php b/user/view.php index 42cb332b03..732a2defe8 100644 --- a/user/view.php +++ b/user/view.php @@ -170,7 +170,7 @@ echo ""; echo "

"; } - if (isteacher($course->id) and ($USER->id != $user->id)) { + if (isteacher($course->id) and ($USER->id != $user->id) and !iscreator($user->id)) { echo "

"; echo "id\">"; echo "id\">";