Admin Can Login as Any User
Author Message
After activation, this adds two option to user profiles, only visible to administrators:
  • Login as this user
  • Force logout
The first allows the administrator to effectively login to the account without the user's password.  Everything behaves normally in this login state.  The only difference is that logging out will return the administrator back to their original account.
(note, please don't use this to log into another administrator's account, and then log into some other account from there, though I haven't tried what happens if you do this)

The second option just forces the user to log out if they have logged in somewhere.

Alternative version: Login As by burnacid
(This post was last modified: 06-05-2018 09:30 AM by ZiNgA BuRgA.)
Find all posts by this user
Quote this message in a reply
Download: admhijack.php (3.68 KB)
Plugin Version: 1.2
Last Updated: 11-02-2011, 10:09 PM

Downloads: 3,546
MyBB Compatibility: 1.2.x, 1.4.x, 1.6.x, 1.8.x
Uploader: ZiNgA BuRgA
MyBB Ghost Offline
Junior Member
**
Posts: 7
Joined: Nov 2012
Post: #61
RE: Admin Can Login as Any User
(11-11-2012 07:54 PM)MyBB Ghost Wrote:  
(08-24-2010 08:59 AM)ZiNgA BuRgA Wrote:  Yes, you have to be very explicit when you say these things, or I won't be able to figure out what you want exactly.

If you want to exclude users to be hijackable, don't do the edit I said earlier, instead, find both instances:

PHP Code:
if(!$user) error('Invalid UserID supplied.');

for both, add after:

PHP Code:
if(in_array($user['uid'], array(1,2,3))) error('Cannot log in / clear key of this user.');


The link will still appear, but won't work.


Where would I put that code in here?

PHP Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<?php

if(!defined("IN_MYBB"))
	die("This file cannot be accessed directly.");

$plugins->add_hook('member_login', 'admhijack_login');
$plugins->add_hook('member_logout_start', 'admhijack_logout');
$plugins->add_hook('member_profile_end', 'admhijack_profile');

function admhijack_info()
{
	return array(
		'name'			=> 'Admins can log into Users\' accounts',
		'description'	=> 'Allows admins to log into another user\'s account via their profile, and quickly swap back to their account via the Logout link.',
		'website'		=> 'http://mybbhacks.zingaburga.com/',
		'author'		=> 'ZiNgA BuRgA',
		'authorsite'	=> 'http://zingaburga.com/',
		'version'		=> '1.2',
		'compatibility'	=> '1*',
		'guid'			=> '8a4c3db281e87508c50386874e650297'
	);
}

function admhijack_login()
{
	global $mybb;
	if(($mybb->usergroup['cancp'] != 'yes' && $mybb->usergroup['cancp'] != 1) || $mybb->input['do'] != 'hijack' || !$mybb->input['uid'])
		return;
	
	verify_post_check($mybb->input['my_post_key']);
	$user = get_user(intval($mybb->input['uid']));
	if(!$user) error('Invalid UserID supplied.');
	my_setcookie('mybbadminuser', $mybb->user['uid'].'_'.$mybb->user['loginkey'], null, true);
	my_setcookie('mybbuser', $user['uid'].'_'.$user['loginkey'], null, true);
	redirect('index.php', 'You have successfully logged in as '.htmlspecialchars_uni($user['username']).'<br />You will be redirected to the forum index...');
	exit;
}

function admhijack_logout()
{
	global $mybb, $lang;
	
	if(($mybb->usergroup['cancp'] == 'yes' || $mybb->usergroup['cancp'] == 1) && $mybb->input['do'] == 'regenkey' && $mybb->input['uid'])
	{
		verify_post_check($mybb->input['my_post_key']);
		$user = get_user(intval($mybb->input['uid']));
		if(!$user) error('Invalid UserID supplied.');
		update_loginkey($user['uid']);
		redirect('member.php?action=profile&uid='.$user['uid'], 'You have successfully forced the selected user to log out.');
		exit;
	}
	
	if($mybb->version_code >= 1400)
		$cookies =& $mybb->cookies;
	else
		$cookies =& $_COOKIE;
	
	if(!$cookies['mybbadminuser'])
		return;
	
	if(!$mybb->user['uid'])
		redirect('index.php', $lang->redirect_alreadyloggedout);
	// Check session ID if we have one
	if($mybb->input['sid'] && $mybb->input['sid'] != $session->sid)
		error($lang->error_notloggedout);
	// Otherwise, check logoutkey
	else if(!$mybb->input['sid'] && $mybb->input['logoutkey'] != $mybb->user['logoutkey'])
		error($lang->error_notloggedout);
	my_setcookie('mybbuser', $cookies['mybbadminuser'], null, true);
	my_unsetcookie('mybbadminuser');
	
	redirect('member.php?action=profile&uid='.$mybb->user['uid'], 'You have logged out of the hijacked account and will be logged back in to your admin account.');
	exit;
}

function admhijack_profile()
{
	global $templates, $mybb;
	if($mybb->usergroup['cancp'] != 'yes' && $mybb->usergroup['cancp'] != 1)
		return;
	
	if(!$templates->cache['member_profile'])
		$templates->cache('member_profile');
	
	$templates->cache['member_profile'] = str_replace('{$modoptions}','{$modoptions}<br /><table border="0" cellspacing="{$theme[\'borderwidth\']}" cellpadding="{$theme[\'tablespace\']}" width="100%" class="tborder">
<tr>
<td colspan="2" class="thead"><strong>Admin Options</strong></td>
</tr>
<tr>
<td class="trow1">
<ul>
<li><a href="{$mybb->settings[\'bburl\']}/member.php?action=login&amp;do=hijack&amp;uid={$uid}&amp;my_post_key={$mybb->post_code}">Log in as this user</a></li>
<li><a href="{$mybb->settings[\'bburl\']}/member.php?action=logout&amp;do=regenkey&amp;uid={$uid}&amp;my_post_key={$mybb->post_code}">Force this user to log out (if logged in)</a></li>
</ul>
</td>
</tr>
</table>',$templates->cache['member_profile']);
}

?>


(11-12-2012 12:02 PM)ZiNgA BuRgA Wrote:  Where you were directed to put the code.

Which is where?
11-12-2012 04:36 PM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,338
Joined: Jan 2008
Post: #62
RE: Admin Can Login as Any User
In fairyland!

My Blog
11-13-2012 09:27 AM
Find all posts by this user Quote this message in a reply
MyBB Ghost Offline
Junior Member
**
Posts: 7
Joined: Nov 2012
Post: #63
RE: Admin Can Login as Any User
Come on bro, just put the code in so I won't get hacked.
11-13-2012 10:52 AM
Find all posts by this user Quote this message in a reply
Seabody Offline
Member
***
Posts: 54
Joined: Aug 2012
Post: #64
RE: Admin Can Login as Any User
(11-13-2012 10:52 AM)MyBB Ghost Wrote:  Come on bro, just put the code in so I won't get hacked.

Reread the bolded parts. Wink

(08-24-2010 08:59 AM)ZiNgA BuRgA Wrote:  Yes, you have to be very explicit when you say these things, or I won't be able to figure out what you want exactly.

If you want to exclude users to be hijackable, don't do the edit I said earlier, instead, find both instances:

PHP Code:
if(!$user) error('Invalid UserID supplied.');

for both, add after:

PHP Code:
if(in_array($user['uid'], array(1,2,3))) error('Cannot log in / clear key of this user.');


The link will still appear, but won't work.

11-13-2012 01:08 PM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,338
Joined: Jan 2008
Post: #65
RE: Admin Can Login as Any User
Aww, someone had to ruin the fun Frown

But he'll be back asking to be spoonfed, nevertheless.

My Blog
(This post was last modified: 11-13-2012 02:08 PM by ZiNgA BuRgA.)
11-13-2012 02:08 PM
Find all posts by this user Quote this message in a reply
MyBB Ghost Offline
Junior Member
**
Posts: 7
Joined: Nov 2012
Post: #66
RE: Admin Can Login as Any User
(11-13-2012 02:08 PM)ZiNgA BuRgA Wrote:  Aww, someone had to ruin the fun Frown

But he'll be back asking to be spoonfed, nevertheless.

No, but anyways, how do you block other admins from force logging you out.
11-25-2012 11:38 AM
Find all posts by this user Quote this message in a reply
leefish Offline
Hamster
*******
Posts: 1,009
Joined: Apr 2010
Post: #67
RE: Admin Can Login as Any User
Are you the ghost of Aastra?  Seabody just told you

(11-13-2012 01:08 PM)Seabody Wrote:  
(11-13-2012 10:52 AM)MyBB Ghost Wrote:  Come on bro, just put the code in so I won't get hacked.

Reread the bolded parts. Wink

(08-24-2010 08:59 AM)ZiNgA BuRgA Wrote:  Yes, you have to be very explicit when you say these things, or I won't be able to figure out what you want exactly.

If you want to exclude users to be hijackable, don't do the edit I said earlier, instead, find both instances:

PHP Code:
if(!$user) error('Invalid UserID supplied.');

for both, add after:

PHP Code:
if(in_array($user['uid'], array(1,2,3))) error('Cannot log in / clear key of this user.');


The link will still appear, but won't work.






The choo choo train is coming to the tunnel.


[Image: leelink.gif]
MYBB1.6 & XThreads
11-25-2012 12:16 PM
Visit this user's website Find all posts by this user Quote this message in a reply
MyBB Ghost Offline
Junior Member
**
Posts: 7
Joined: Nov 2012
Post: #68
RE: Admin Can Login as Any User
(11-25-2012 12:16 PM)leefish Wrote:  Are you the ghost of Aastra?  Seabody just told you

(11-13-2012 01:08 PM)Seabody Wrote:  
(11-13-2012 10:52 AM)MyBB Ghost Wrote:  Come on bro, just put the code in so I won't get hacked.

Reread the bolded parts. Wink

(08-24-2010 08:59 AM)ZiNgA BuRgA Wrote:  Yes, you have to be very explicit when you say these things, or I won't be able to figure out what you want exactly.

If you want to exclude users to be hijackable, don't do the edit I said earlier, instead, find both instances:

PHP Code:
if(!$user) error('Invalid UserID supplied.');

for both, add after:

PHP Code:
if(in_array($user['uid'], array(1,2,3))) error('Cannot log in / clear key of this user.');


The link will still appear, but won't work.






The choo choo train is coming to the tunnel.

No, and that's for not logging in, with that code other admins can't log in as you, but they can force to log you out.
11-25-2012 02:04 PM
Find all posts by this user Quote this message in a reply
leefish Offline
Hamster
*******
Posts: 1,009
Joined: Apr 2010
Post: #69
RE: Admin Can Login as Any User
Tell em that the next asshat who forcibly logs you out gets demoted.


[Image: leelink.gif]
MYBB1.6 & XThreads
11-25-2012 02:31 PM
Visit this user's website Find all posts by this user Quote this message in a reply
echofloripa Offline
Junior Member
**
Posts: 3
Joined: Sep 2012
Post: #70
RE: Admin Can Login as Any User
thanks for the plugin!!!
01-03-2013 06:43 AM
Find all posts by this user Quote this message in a reply


Forum Jump: