Login as user

Hi
this hack allows admins to login as any user they want. In the Adminpanel you´ll have a link in the "edit user"-screen which allows you to login as the user. Good for testing and finding errors that the user reports etc

Only 1 File to edit (admin/user.php)
Installationtime: < 5 minutes

[Hotte]

Quote:

Originally posted by scsa20
actuly, to code to use for limiting it to just you is:
if ($bbuserinfo['userid']!=1)
{show_nopermission(); exit; }
you seem to forgot the exit; command

No. The exit command ist done in show_nopermission.

[Velocd]

Quote:

Originally posted by Mist
please dont have a go at me here... but i think that this is the worst possible hack someone could have ever made... i would hate someone to be able to login in as me at a board i post at... it ruins the point of having users...

Well, the only reason I could see to using this hack is to view the users personal messages, not being a peeping tom or anything, but to make sure the user hasn't been doing anything against the rules. Ofcourse, there is already a hack that allows you to view users PM's, so this hack isn't really needed. The only purpose of this hack is to do something corrupt to another user.

[Lovaboye]

Quote:

Originally posted by Hotte
[B]

Try adding the "if ($action=="loginas"){" - Code before "cpheader();" at the beginning of the file (near line 42)

Yea im having that same prob, but this seems not to help? it says error were ever i put this???? Is their another file ur supposted to edit? What is wrong?

I get this error

"Parse error: parse error in /home/qwertybo/ffclub-www/forum/admin/user.php on line 1735"

[Lovaboye]

Did anyone get this to work????????

[Hotte]

Quote:

Originally posted by Lovaboye
"Parse error: parse error in /home/qwertybo/ffclub-www/forum/admin/user.php on line 1735"

Do you have copied the complete "if ($action=="loginas"){"-Part before cpheader();?
Make sure that you move

PHP Code:

if ($action=="loginas"){
    $user=$DB_site->query_first("SELECT password FROM user WHERE userid='$userid'");
    vbsetcookie("bbuserid","",1);
      vbsetcookie("bbpassword","",1);
    vbsetcookie("sessionhash","",1);
    vbsetcookie("bbuserid",$userid);
    vbsetcookie("bbpassword",$user[password]);
    Header("Location: ../index.php");
} 


before cpheader();
This error seems to occur, if a board doesn?t use gzip.

[SWFans.net]

Quote:

Originally posted by Velocd


Well, the only reason I could see to using this hack is to view the users personal messages, not being a peeping tom or anything, but to make sure the user hasn't been doing anything against the rules. Ofcourse, there is already a hack that allows you to view users PM's, so this hack isn't really needed. The only purpose of this hack is to do something corrupt to another user.

Agreed, any user account type problems someone may have can almost always be corrected through the ?find? and look at user options readily available in the Admin CP. And if access to their account is required than you talk to them and have them temporarily reset/change their PW so you can access their account and then have them change it again once you are through. Use of this hack is unethical IMO.

[Logician]

Quote:

Originally posted by Mist
please dont have a go at me here... but i think that this is the worst possible hack someone could have ever made... i would hate someone to be able to login in as me at a board i post at... it ruins the point of having users...this is just my opinion tho ... i dont like this idea

Mist this hack doesnt open Admin a new door which doesnt already exist to disguise as a user. You have the control of your db and Admin CP and if a Admin wants to login as a user he already can: Copy users password from MYSQL, change it to something you want and login with that password. After you are finished, revert his old password with SQL UPDATE command and he wouldnt even notice you logged in with his user name.

So as you see you already have the tools to do it.

IMO the hack can be very useful when a user have a problem he cant solve by himself or cant explain good or wants you to see the problem and with this hack you can easily login as him without playing with SQL commands.

In vbulletin I have 2 instances I asked Firefly to login as me to notice a problem and in my board I have been asked many times to login as someone since they insist they catched a bug/problem which only occurs to them. (Like they cant empty PM box etc.)

I think the hack is quite useful. My 2 cents..

[Boofo]

Nice Hack and as Logocian said, could be useful if your board ever encountered problems with certain users for whatever reason. I don't know if anyone has mentioned this yet, but you have 2 lines of code that are exactly the same after the install. Here's what your txt instructions said to do.

Code:

-------------------------------------------------------------------------------------------------+
| In admin/user.php, find this code:                                                              |
+-------------------------------------------------------------------------------------------------+
<li>".makelinkcode("View the profile for $user[username]","../member.php?s=$session[sessionhash]&action=getinfo&userid=$userid",1)."</li>
+-------------------------------------------------------------------------------------------------+

+-------------------------------------------------------------------------------------------------+
| After this, add:                                                                                |
+-------------------------------------------------------------------------------------------------+
<li>".makelinkcode("View the profile for $user[username]","../member.php?s=$session[sessionhash]&action=getinfo&userid=$userid",1)."</li>
<li>".makelinkcode("Login as User","user.php?s=$session[sessionhash]&action=loginas&userid=$user[userid]",1)."</li>
+-------------

Don't you mean REPLACE this code and not add it below it?

Quote:

Originally posted by Hotte
Hi
this hack allows admins to login as any user they want. In the Adminpanel you?ll have a link in the "edit user"-screen which allows you to login as the user. Good for testing and finding errors that the user reports etc

Only 1 File to edit (admin/user.php)
Installationtime: < 5 minutes

[josh929]

Code:

Warning: Cannot add header information - headers already sent by (output started at /home/somegood/public_html/forums/admin/adminfunctions.php:19) in /home/somegood/public_html/forums/admin/functions.php on line 1552

Warning: Cannot add header information - headers already sent by (output started at /home/somegood/public_html/forums/admin/adminfunctions.php:19) in /home/somegood/public_html/forums/admin/functions.php on line 1552

Warning: Cannot add header information - headers already sent by (output started at /home/somegood/public_html/forums/admin/adminfunctions.php:19) in /home/somegood/public_html/forums/admin/functions.php on line 1552

Warning: Cannot add header information - headers already sent by (output started at /home/somegood/public_html/forums/admin/adminfunctions.php:19) in /home/somegood/public_html/forums/admin/functions.php on line 1552

Warning: Cannot add header information - headers already sent by (output started at /home/somegood/public_html/forums/admin/adminfunctions.php:19) in /home/somegood/public_html/forums/admin/functions.php on line 1552

Warning: Cannot add header information - headers already sent by (output started at /home/somegood/public_html/forums/admin/adminfunctions.php:19) in /home/somegood/public_html/forums/admin/user.php on line 1725

any ideas?

[Boofo]

Exactly where and how would you put that code?

Quote:

Originally posted by scsa20
actuly, to code to use for limiting it to just you is:

PHP Code:

if ($bbuserinfo['userid']!=1) 
{show_nopermission(); exit; } 


you seem to forgot the exit; command

oh, forgot to add...it so'pose to go in before

PHP Code:

if ($action=="loginas"){