Location: PHPKode > projects > ConPortal > conportal/impersonate.php
<?php
/*
 *  ConPortal - Pomona College ITS scheduling appplication
 *  Copyright (C) 2005-2006  Pomona College
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of version 2 of the GNU General Public License
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */
require_once('standard.php');
check_auth();
if (!checkPerm($_SESSION, "impersonate") and !isset($_SESSION['impersonatingUser']))
{
	error("You don't have permission to access that page.");
	header("Location: " . $_SERVER['HTTP_REFERER']);
	die;
}

if (isset($_GET['impersonate']))
{
	// Check that the user's not impersonating themself
	if ($_SESSION['pid'] == $_GET['impersonate'])
		error("Impersonating yourself doesn't really do anything.");
	else
	{
		// Make sure it's a valid user account
		$details = getUserDetails($_GET['impersonate']);
		if (!$details)
			error("Sorry, {$_GET['impersonate']} isn't a user account.");
		elseif ($details['active'] == 0)
			error("Sorry, {$_GET['name']}'s account has been deactivated.");
		else
		{
			// Impersonate!
			$_SESSION['impersonatingUser'] = $_SESSION['pid'];
			foreach ($details as $key => $value)
				$_SESSION[$key] = $value;
			header("Location: " . BASE_URL . "index.php");
			die;
		}	
	}
}
elseif (isset($_GET['end']))
{
	// End impersonation
	if (isset($_SESSION['impersonatingUser']))
	{
		$details = getUserDetails($_SESSION['impersonatingUser']);
		if (!$details)
			error("Hmmm...you are apparently being impersonated by a person who doesn't exist...");
		else
		{
			foreach ($details as $key => $value)
				$_SESSION[$key] = $value;
			unset($_SESSION['impersonatingUser']);
		}
	}
	else
	{
		error("Not currently impersonating anyone!");
	}
}

xhtml_header("Impersonate User");

// Get a list of all users and formulate the string of <options>
$users = sortUsersByName(getAllUserDetails());
$options = "";
foreach ($users as $user)
{
	if ($user['pid'] == $_SESSION['pid'])
		$options .= "<option value=\"{$user['pid']}\" selected=\"selected\">{$user['name']}</option>\n";
	else
		$options .= "<option value=\"{$user['pid']}\">{$user['name']}</option>\n";
}

?>

<h1 class="center">Impersonate User</h1>
<p class="center">Impersonating a user means that for all intents and purposes,
Conportal will consider you to be that person.  So, be careful not to mess anything up.</p>
<form action="#" method="get">
	<p class="center">Impersonate user:
		<select name="impersonate">
			<?= $options ?>
		</select>
	</p>
	<p class="center">
		<input type="submit" value='
<?php
	echo IMPERSONATE_BUTTON;
?>
' />
	</p>
</form>

<?php
xhtml_footer();
?>
Return current item: ConPortal