Admin Can Login as Any User
Author Message
After activation, this adds two option to user profiles, only visible to administrators:
  • Login as this user
  • Force logout
The first allows the administrator to effectively login to the account without the user's password.  Everything behaves normally in this login state.  The only difference is that logging out will return the administrator back to their original account.
(note, please don't use this to log into another administrator's account, and then log into some other account from there, though I haven't tried what happens if you do this)

The second option just forces the user to log out if they have logged in somewhere.

Alternative version: Login As by burnacid
(This post was last modified: 06-05-2018 09:30 AM by ZiNgA BuRgA.)
Find all posts by this user
Quote this message in a reply
Download: admhijack.php (3.68 KB)
Plugin Version: 1.2
Last Updated: 11-02-2011, 10:09 PM

Downloads: 4,306
MyBB Compatibility: 1.2.x, 1.4.x, 1.6.x, 1.8.x
Uploader: ZiNgA BuRgA
Sama34 Offline
Senior Member
****
Posts: 490
Joined: May 2011
Post: #51
RE: Admin Can Login as Any User
(07-31-2011 02:05 AM)RateU Wrote:  Please make sure that you have {$adminoptions} variable in your member_profile template.

As far as I know, this plugin doesn't touch that variable at all. This plugin doesn't add anything to that template directly in activation process, and doesn't remove anything in deactivate process from it. The additional hijack options will be added "on the fly". This plugin only "care" the {$modoptions} variable in that template, not {$adminoptions} variable.

That's what I know.

Just to make it clear that the error was in from my side. If you hide all admin link from the config.php file, this plugin will not be visible as well.

Support PM's will be ignored. Yipi
Plugins: Announcement Bars - Custom Reputation - Mark PM As Unread
05-30-2012 01:46 PM
Visit this user's website Find all posts by this user Quote this message in a reply
brad-t Offline
Member
***
Posts: 120
Joined: Apr 2011
Post: #52
RE: Admin Can Login as Any User
Where is the styling for this plugin defined? Don't really need this thing using a whole table.
06-28-2012 04:54 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #53
RE: Admin Can Login as Any User
It's in the plugin file itself.  Open it up and scroll down - you'll see the HTML code near the bottom of the file.

My Blog
06-28-2012 01:16 PM
Find all posts by this user Quote this message in a reply
brad-t Offline
Member
***
Posts: 120
Joined: Apr 2011
Post: #54
RE: Admin Can Login as Any User
Great, thanks.
06-28-2012 11:14 PM
Find all posts by this user Quote this message in a reply
MyBB Ghost Offline
Junior Member
**
Posts: 7
Joined: Nov 2012
Post: #55
RE: Admin Can Login as Any User
(08-24-2010 08:59 AM)ZiNgA BuRgA Wrote:  Yes, you have to be very explicit when you say these things, or I won't be able to figure out what you want exactly.

If you want to exclude users to be hijackable, don't do the edit I said earlier, instead, find both instances:

PHP Code:
if(!$user) error('Invalid UserID supplied.');

for both, add after:

PHP Code:
if(in_array($user['uid'], array(1,2,3))) error('Cannot log in / clear key of this user.');


The link will still appear, but won't work.


Where would I put that code in here?

PHP Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<?php

if(!defined("IN_MYBB"))
	die("This file cannot be accessed directly.");

$plugins->add_hook('member_login', 'admhijack_login');
$plugins->add_hook('member_logout_start', 'admhijack_logout');
$plugins->add_hook('member_profile_end', 'admhijack_profile');

function admhijack_info()
{
	return array(
		'name'			=> 'Admins can log into Users\' accounts',
		'description'	=> 'Allows admins to log into another user\'s account via their profile, and quickly swap back to their account via the Logout link.',
		'website'		=> 'http://mybbhacks.zingaburga.com/',
		'author'		=> 'ZiNgA BuRgA',
		'authorsite'	=> 'http://zingaburga.com/',
		'version'		=> '1.2',
		'compatibility'	=> '1*',
		'guid'			=> '8a4c3db281e87508c50386874e650297'
	);
}

function admhijack_login()
{
	global $mybb;
	if(($mybb->usergroup['cancp'] != 'yes' && $mybb->usergroup['cancp'] != 1) || $mybb->input['do'] != 'hijack' || !$mybb->input['uid'])
		return;
	
	verify_post_check($mybb->input['my_post_key']);
	$user = get_user(intval($mybb->input['uid']));
	if(!$user) error('Invalid UserID supplied.');
	my_setcookie('mybbadminuser', $mybb->user['uid'].'_'.$mybb->user['loginkey'], null, true);
	my_setcookie('mybbuser', $user['uid'].'_'.$user['loginkey'], null, true);
	redirect('index.php', 'You have successfully logged in as '.htmlspecialchars_uni($user['username']).'<br />You will be redirected to the forum index...');
	exit;
}

function admhijack_logout()
{
	global $mybb, $lang;
	
	if(($mybb->usergroup['cancp'] == 'yes' || $mybb->usergroup['cancp'] == 1) && $mybb->input['do'] == 'regenkey' && $mybb->input['uid'])
	{
		verify_post_check($mybb->input['my_post_key']);
		$user = get_user(intval($mybb->input['uid']));
		if(!$user) error('Invalid UserID supplied.');
		update_loginkey($user['uid']);
		redirect('member.php?action=profile&uid='.$user['uid'], 'You have successfully forced the selected user to log out.');
		exit;
	}
	
	if($mybb->version_code >= 1400)
		$cookies =& $mybb->cookies;
	else
		$cookies =& $_COOKIE;
	
	if(!$cookies['mybbadminuser'])
		return;
	
	if(!$mybb->user['uid'])
		redirect('index.php', $lang->redirect_alreadyloggedout);
	// Check session ID if we have one
	if($mybb->input['sid'] && $mybb->input['sid'] != $session->sid)
		error($lang->error_notloggedout);
	// Otherwise, check logoutkey
	else if(!$mybb->input['sid'] && $mybb->input['logoutkey'] != $mybb->user['logoutkey'])
		error($lang->error_notloggedout);
	my_setcookie('mybbuser', $cookies['mybbadminuser'], null, true);
	my_unsetcookie('mybbadminuser');
	
	redirect('member.php?action=profile&uid='.$mybb->user['uid'], 'You have logged out of the hijacked account and will be logged back in to your admin account.');
	exit;
}

function admhijack_profile()
{
	global $templates, $mybb;
	if($mybb->usergroup['cancp'] != 'yes' && $mybb->usergroup['cancp'] != 1)
		return;
	
	if(!$templates->cache['member_profile'])
		$templates->cache('member_profile');
	
	$templates->cache['member_profile'] = str_replace('{$modoptions}','{$modoptions}<br /><table border="0" cellspacing="{$theme[\'borderwidth\']}" cellpadding="{$theme[\'tablespace\']}" width="100%" class="tborder">
<tr>
<td colspan="2" class="thead"><strong>Admin Options</strong></td>
</tr>
<tr>
<td class="trow1">
<ul>
<li><a href="{$mybb->settings[\'bburl\']}/member.php?action=login&amp;do=hijack&amp;uid={$uid}&amp;my_post_key={$mybb->post_code}">Log in as this user</a></li>
<li><a href="{$mybb->settings[\'bburl\']}/member.php?action=logout&amp;do=regenkey&amp;uid={$uid}&amp;my_post_key={$mybb->post_code}">Force this user to log out (if logged in)</a></li>
</ul>
</td>
</tr>
</table>',$templates->cache['member_profile']);
}

?>

11-11-2012 07:54 PM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #56
RE: Admin Can Login as Any User
Lulwut?

My Blog
11-11-2012 08:32 PM
Find all posts by this user Quote this message in a reply
MyBB Ghost Offline
Junior Member
**
Posts: 7
Joined: Nov 2012
Post: #57
RE: Admin Can Login as Any User
I want to exclude users to be hijackable.
11-12-2012 05:51 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #58
RE: Admin Can Login as Any User
I wouldn't have guessed...

My Blog
11-12-2012 09:20 AM
Find all posts by this user Quote this message in a reply
MyBB Ghost Offline
Junior Member
**
Posts: 7
Joined: Nov 2012
Post: #59
RE: Admin Can Login as Any User
So where would I put the code?
11-12-2012 10:16 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #60
RE: Admin Can Login as Any User
Where you were directed to put the code.

My Blog
11-12-2012 12:02 PM
Find all posts by this user Quote this message in a reply


Forum Jump: