Add-On Releases - Cyb - Login To User Account

Info:
This will allow forum administrators to simply login to user accounts (to test forum functions, permissions etc...). SuperAdmin can choose admins who are able to use this function. SuperAdmin can set also who can login to other admin accounts. "Login As User" is shown in member profiles and Quick User Links (can be disabled). Option is automatically hidden in your own account and if target user is admin while you have no permissions to login to admin accounts.

See screenshots.


Installation:
1. Import XML file (as product): AdminCP > Plugin System > Manage Products > [Add/Import Product]


Variables:
-Link to login to user in memberinfo: $cyb_ltoua_link_mi
-Logged in as user alert: $cyb_ltoua_alert


To set options:
Go to: AdminCP > vBulletin Options > Cyb - Login To Other User Account


Versions:
v1.0 - May 20. 2006.
-First Release
v1.1 - May 21. 2006.
-Now SuperAdmin can log into other admins
v1.2 - Aug 04. 2006.
-Release of this hack for vB v3.6
v1.5 - Aug 29. 2006.
-Added option to easily go back to admin account
-Alert can be enabled/disabled
-Added "Product Version Checking"
-Only Admins allowed to use function can see "Login As" links
-Several code improvements
v1.6 - Sep 01. 2006.
-Fixed bug (error message at the top of "add new user" page)
-Fixed bug (uncached template)
v1.7 - Sep 05. 2006.
-Now only SuperAdmin can access settings where you choose which Admins can use the hack
-You can also set Admins who will be able to use other Admins accounts (only SuperAdmin can set this)
-Alert moved to navbar so it is now shown on any page to Admin who is logged in as someone else
v1.8 - Apr 23. 2007.
-"Last activity" not changed for target user when admin used account
-"Login As User" automatically hidden in your own account and if target user is admin and you have no permissions to login to admin accounts
-Admin not logged out from ACP when back to original account, except session expired regularly
-Added option to modify alert box CSS
-Many other code improvements and optimizations
-If you have older version of this hack installed please uninstall it before installing latest version or it will not work properly
v1.9.1 - Jul 23. 2007.
-Fixed bug (Security Exploit)
-Fixed bug ("login as user" doesn't work if you access user profile via last post info)
-"Go back" alert moved to header (for must of users there is no need to edit custom styles anymore)
-Now you can go back from banned user accounts without clearing cookies manually
v2.0 - Nov 08. 2007.
-New: Actions logged in Moderator Log
-Fixed bug where admins with primary usergroup different than 6 are not able to use hack
-Several minor bugs fixed
--You MUST uninstall older version before installing this one in order to get it working properly
v2.1 - May 03. 2008.
-Compatible with vBulletin 3.7
-Minor bugs fixed
v2.2 - Jun 23. 2008.
-Added option to disable logs
-Added option to switch to vB 3.6.x compatibility mode
-Fixed bug (session lost for target user when you go back to admin)
-Fixed bug (sessions lost for guests/bots when you login as another user)
-Made several compatibility improvements
v2.3 - Apr 11. 2009.
-Bug fix (non-Admins able to login to user accounts in some cases)
-Bug fix (Admin can not search product entries in ModLog by product ID)
-Bug fix (logging error if username contains special characters)
-Bug fix (Admin must be member of usergroup 6 to use product)
-Minor bugs fixed


Click INSTALL if you like this hack.

[Luggruff]

Two things I'm really wondering hard about, and that nobody else in this thread seems to care about at all:

-If I log in to a users account, and that user is currently logged on.. what happens?
-If I post on behalft of another user, can other admins see that I was the "real" poster or not? If not, implement it! (it's necessary that noone ever can be totally anonymous, in situations where someone might get a split nerv and post stuff on behalft of someone else, as a result of a grudge against a sertain user or whatever)

Fix this, and I'll install it in a jiffy!

[Luke Brown256]

1) nothing really happens you are still both logged in.
2) No there is no way to do that, the only way to check would be the check the IP address which is a pretty sure indicator, and have faith in your admins.
If you think you admins WOULD do something like that, then they shouldnt be admins for on and shouldnt have access to this tool.

[Luggruff]

Quote:

Originally Posted by Luke Brown256

1) nothing really happens you are still both logged in.
2) No there is no way to do that, the only way to check would be the check the IP address which is a pretty sure indicator, and have faith in your admins.
If you think you admins WOULD do something like that, then they shouldnt be admins for on and shouldnt have access to this tool.

Let me quote myself:

Quote:

If I post on behalft of another user, can other admins see that I was the "real" poster or not? If not, implement it!

The question was wether this hack allowed it or not, not wether it was possible or not, because I'm almost sertain I've seen that it's possible before.

EDIT: So i installed the hack even though my concerns aren't fixed, only, when setting admins.. i get to the SMILEY guide o_0
You could just as easy have linked to the misc.php page only.. =\

Could it be that "Cyb - Advanced Forum Rules" and "Cyb - Check If Already Posted" have like 90% same name on hooks? (same name of hooks is a BIG no-no of what I've allways heard from other developers)

[Luke Brown256]

You get the smiley guide if you are NOT a superadmin.

[Luggruff]

Quote:

Originally Posted by Luke Brown256

You get the smiley guide if you are NOT a superadmin.

Want to view my config.php?

Code:

	//	****** SUPER ADMINISTRATORS ******
	//	The users specified below will have permission to access the administrator permissions
	//	page, which controls the permissions of other administrators
$config['SpecialUsers']['superadministrators'] = '1, 2';

I'm number 2

[Luke Brown256]

Ok then just out of interest by any chance is your PRIMARY usergroup NOT Administrators.

[Luggruff]

Quote:

Originally Posted by Luke Brown256

Ok then just out of interest by any chance is your PRIMARY usergroup NOT Administrators.

Yes, I have usergroup ID 6 as primary, I as you, have read every single post of this thread and would know that to be necessary.

Oh my: Where do I change that hiddeous GREEN color on the "Forum rules" link in the navbar? o_0

EDIT: is it supposed to be:

$config['SpecialUsers']['superadministrators'] = '1, 2';
or
$config['SpecialUsers']['superadministrators'] = '1', '2';
?

EDIT2:
- Back-To-Admin does not work - Get's 404page (the other admin at my forum with userID #1 can use the system)
- Latest activity on the userprofile shows if admins log in to the account, in that other hack (on second hand, it might have been the 3.5.4 version of that hack), it doesn't (read it in the posts of that hacks thread).. would be cool if fixed!

EDIT3: The other admin at the forum with UserID #1 wrote me down in the "Set Admins" page, I can now see the link to "log in as user" in the userprofiles, though, I just get a strange vbulletin-message saying that the user is not registred and therefor there is no profile to view!

could this be more agitating?

[Luke Brown256]

kk:
'1, 2';
Is correct so that is fine.

2) i am not sure what your saying.
3) no idea for that

The hack works fine for me, as you read i modded it so it would work for admins whose primary usergroup was not administrators but that is it.

I think CYB should answer these questions.

[Luggruff]

Quote:

Originally Posted by Luke Brown256

kk:
'1, 2';
Is correct so that is fine.

2) i am not sure what your saying.
3) no idea for that

The hack works fine for me, as you read i modded it so it would work for admins whose primary usergroup was not administrators but that is it.

I think CYB should answer these questions.

Let's just hope he answeres some day then =\
And by the way, "TIP" when doing stuff like adding a link to the menu for everyone to see, either put it in a template or include the colorchange of that link in the hack options.
Especially when choosing a color like BoogerGreen o_0

EDIT1: OK I REALLY need to understand this hack!
"cybfrules_forceuser" is located in the User Profile page, though it is not a bit of code included in the memberinfo template. Wich demands me knowing HOW and WHAT is saying where that Link is going to show up (in the user profile).. I need to move the link to another spot in the Users Profiles as it just takes up too much space lying on the same row as a bunch of other links! -_-
(see picture)

[Luggruff]

Now seriously, when needed support, it is most often needed as right away as possible.
And In this case, I couldn't care less if you've written that you suck at support, you really made it your responsibility when you posted a hack with this greatly hidden parts of code that _some people_ can't uderstand where to reach, and that _need_ to reach it!

Summing it all up in one post as it seems I've got all the time in the world:

1. I get launched to the misc.php page when trying so Set Admin
2. I am SuperAdmin and I have Admin (usergroupID 6) as primary usergroup
3. When the other admin at my forum (he's got userID 1 and I've got userID 2) set me as permitted admin at the Set Admin page I can see the "Log In As User" on everybody's userprofile page. Though when clicking the link, I'm told that no profile can be show since the user is not registred. Strange huh?
4. The other admin at my forum (the one with userID 1 and that everything is working perfectly for.. well almost perfect) ..cannot log back into his admin account for some reason. He has to do that manually so to speek.
5. In the user profile, there's a field saying "Latest activity 12:15PM" etc, that changes when an admin logs on to a users account.. wich pretty much reveals that someone has used the account. Maybe possible to put a conditional there saying "if user logged on through the "Login As User" link, do not change latest activity". Pretty much makes the hack useless if not. (I mean, something recognize that you are not the original user right, how else could the alert on the top show?)
6. That horrifying green link for the rules in the menu, where can I change it?! I noticed it is not in the NavBar template.. and I really need to understand how it was placed there, even right between two menu-links?! As I am in the process of creating a new style and can't get nowhere before I can move that link along with the rest of the menu!!

[allanh]

lol... this hack is pure evil...but I love it

[Luggruff]

Ok, I feel stupid. Edited a bogus config.php file -_-
Still one problem remains: Logging back into the admin account again.
Following error follows:

Code:

Database error in vBulletin 3.6.2:

Invalid SQL:

				SELECT userid, username, password, salt, styleid
				FROM user
				WHERE userid = 
				LIMIT 1;

MySQL Error  : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 4
Error Number : 1064
Date         : Tuesday, October 24th 2006 @ 04:09:25 PM
Script       : http://hlforum.org/index.php?do=backtoadmin
Referrer     : http://www.hlforum.org/index.php
IP Address   : 81.235.18.67
Username     : Luggruff
Classname    : vb_database

And yeah, ABE's hack doesn't change the "activity log" for the user you log onto.. so untill further notice, I'll use his. (your's is better though, as you can Set Admins)

[Luke Brown256]

kk that error message is most likely caused by the cookie not being set.
as you can see from the statement:
SELECT userid, username, password, salt, styleid
FROM user
WHERE userid =

no userid is specified which is causing the error.
Make sure you have cookies enabled and try again.

[Luke Brown256]

by making a slight alteration to the code i have worked out how to stop it altering when the user last logged in:
I edited Cyb - Login To Other User Account - LTU:

this section:

Code:

            vbsetcookie('userid', $cyb_target_user['userid']);
            vbsetcookie('password', md5($cyb_target_user['password'] . COOKIE_SALT));
        
            exec_header_redirect($vbulletin->options['forumhome'] . '.php');

to:

Code:

            vbsetcookie('userid', $cyb_target_user['userid']);
            vbsetcookie('password', md5($cyb_target_user['password'] . COOKIE_SALT));
        
unset($vbulletin->db->shutdownqueries['lastvisit']);
    exec_header_redirect($vbulletin->options['forumhome'] . '.php');

But like the other one they still appear logged in , in the who is online section.

[Luggruff]

Quote:

Originally Posted by Luke Brown256

by making a slight alteration to the code i have worked out how to stop it altering when the user last logged in:
I edited Cyb - Login To Other User Account - LTU:

this section:

Code:

            vbsetcookie('userid', $cyb_target_user['userid']);
            vbsetcookie('password', md5($cyb_target_user['password'] . COOKIE_SALT));
        
            exec_header_redirect($vbulletin->options['forumhome'] . '.php');

to:

Code:

            vbsetcookie('userid', $cyb_target_user['userid']);
            vbsetcookie('password', md5($cyb_target_user['password'] . COOKIE_SALT));
        
unset($vbulletin->db->shutdownqueries['lastvisit']);
    exec_header_redirect($vbulletin->options['forumhome'] . '.php');

But like the other one they still appear logged in , in the who is online section.

Looks great ^^

Quote:

Originally Posted by Abe1

Only you can see that he is online. No one else can see you online. Go look in the users profile. It will show them offline.

And yeah, I have cookies enabled.. (untill they die automaticly)