PHP Login as User

[Matt93]

Hello,

I have a PHP Login MySQL System which works perfect, however I would like to add a Functionality so that me as Admin can Login to Users Accounts. How can this be done, can you please help me?


Many Thanks

[gw1500se]

Hard to say without knowing how you are managing your logins. However, you could change your login script to check for the user's password or a superuser password. You have to be careful how you do the latter and what you us as a superuser password to minimize the risk of being hacked.

[Matt93]

Hello @gw1500se

Thank you for your post. 

If it helps I'm using https://github.com/apollonzinos/php-login-advanced, but quite modified version by my team, but that is the base. 

By Super Password you mean a Secondary Password that is Used for the User so the User will have his Normal Password he Entered and a Second Column in the DB for the Super Password so the Admin can Login or I'm understanding you wrong?

Thanks

[kicken]

The best thing to do in my opinion is to just have a way to switch the active user of your session, and expose this functionality to administrators only.

For example in my systems when an administrator looks up a user in the user listing there is a link called 'Impersonate' available to them.   When clicked, this modifies the $_SESSION['UserId'] (where I happen to store my login info) value to that of the selected user and as a result the person is now "logged in" as that user.  I also store the ID of the administrator in a separate session variable so when they "log out" it just returns them to their session rather than actually logging them out of the system.

With this method there's no need to know your users password.   There's no master password that could accidentally leak.  You can control better who can use this functionally via permissions (we only let a small group of 'Super Administrators' do this).

 

Edited July 15, 2020 by kicken