getMLText("invalid_request_token"))),getMLText("invalid_request_token")); } if (!isset($_GET["userid"])) { UI::exitError(getMLText("admin_tools"),getMLText("unknown_id")); } /* Check if user is allowed to switch to a different user */ if (!$user->isAdmin()) { $substitutes = $user->getReverseSubstitutes(); $found = false; foreach($substitutes as $subsuser) { /* Make sure a substitution is allowed and the substituted user * is not an admin. */ if($subsuser->getID() == $_GET["userid"] && !$subsuser->isAdmin()) $found = true; } if(!$found) UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); } $session->setSu($_GET['userid']); $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_substituted_user'))); add_log_line("?userid=".$_GET["userid"]); header("Location: ../".(isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php?folderid=".$settings->_rootFolderID)); ?>