2013-04-19 07:00:34 +00:00
|
|
|
<?php
|
|
|
|
|
// MyDMS. Document Management System
|
2016-08-09 05:34:30 +00:00
|
|
|
// Copyright (C) 2010-2016 Uwe Steinmann
|
2013-04-19 07:00:34 +00:00
|
|
|
//
|
|
|
|
|
// This program is free software; you can redistribute it and/or modify
|
|
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
|
// the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
//
|
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
|
//
|
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
|
|
|
// along with this program; if not, write to the Free Software
|
|
|
|
|
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
|
|
|
|
|
|
include("../inc/inc.Settings.php");
|
2022-11-09 05:40:50 +00:00
|
|
|
include("../inc/inc.Utils.php");
|
2013-04-19 07:00:34 +00:00
|
|
|
include("../inc/inc.LogInit.php");
|
|
|
|
|
include("../inc/inc.Language.php");
|
2014-12-08 13:47:32 +00:00
|
|
|
include("../inc/inc.Init.php");
|
|
|
|
|
include("../inc/inc.Extension.php");
|
|
|
|
|
include("../inc/inc.DBInit.php");
|
2013-04-19 07:00:34 +00:00
|
|
|
include("../inc/inc.ClassUI.php");
|
|
|
|
|
include("../inc/inc.Authentication.php");
|
|
|
|
|
|
2015-05-19 17:44:18 +00:00
|
|
|
/* Check if the form data comes for a trusted request */
|
|
|
|
|
if(!checkFormKey('substituteuser', 'GET')) {
|
|
|
|
|
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
|
2013-04-19 07:00:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!isset($_GET["userid"])) {
|
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-19 17:44:18 +00:00
|
|
|
/* Check if user is allowed to switch to a different user */
|
|
|
|
|
if (!$user->isAdmin()) {
|
|
|
|
|
$substitutes = $user->getReverseSubstitutes();
|
|
|
|
|
$found = false;
|
|
|
|
|
foreach($substitutes as $subsuser) {
|
|
|
|
|
/* Make sure a substitution is allowed and the substituted user
|
|
|
|
|
* is not an admin.
|
|
|
|
|
*/
|
|
|
|
|
if($subsuser->getID() == $_GET["userid"] && !$subsuser->isAdmin())
|
|
|
|
|
$found = true;
|
|
|
|
|
}
|
|
|
|
|
if(!$found)
|
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-19 07:00:34 +00:00
|
|
|
$session->setSu($_GET['userid']);
|
|
|
|
|
|
2013-05-21 06:39:03 +00:00
|
|
|
$session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_substituted_user')));
|
|
|
|
|
|
2013-04-19 07:00:34 +00:00
|
|
|
add_log_line("?userid=".$_GET["userid"]);
|
2015-08-07 13:44:06 +00:00
|
|
|
|
|
|
|
|
$newuser = $dms->getUser($_GET["userid"]);
|
|
|
|
|
|
|
|
|
|
if (isset($referuri) && strlen($referuri)>0) {
|
|
|
|
|
header("Location: http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'] . $referuri);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
header("Location: ".$settings->_httpRoot.(isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php?folderid=".($newuser->getHomeFolder() ? $newuser->getHomeFolder() : $settings->_rootFolderID)));
|
|
|
|
|
}
|
2013-04-19 07:00:34 +00:00
|
|
|
|
|
|
|
|
?>
|
