Jump to content

Recommended Posts

Hard to say without knowing how you are managing your logins. However, you could change your login script to check for the user's password or a superuser password. You have to be careful how you do the latter and what you us as a superuser password to minimize the risk of being hacked.

Link to comment
https://forums.phpfreaks.com/topic/311095-php-login-as-user/#findComment-1579644
Share on other sites

Hello @gw1500se

Thank you for your post. 

If it helps I'm using https://github.com/apollonzinos/php-login-advanced, but quite modified version by my team, but that is the base. 

By Super Password you mean a Secondary Password that is Used for the User so the User will have his Normal Password he Entered and a Second Column in the DB for the Super Password so the Admin can Login or I'm understanding you wrong?

Thanks

Link to comment
https://forums.phpfreaks.com/topic/311095-php-login-as-user/#findComment-1579647
Share on other sites

The best thing to do in my opinion is to just have a way to switch the active user of your session, and expose this functionality to administrators only.

For example in my systems when an administrator looks up a user in the user listing there is a link called 'Impersonate' available to them.   When clicked, this modifies the $_SESSION['UserId'] (where I happen to store my login info) value to that of the selected user and as a result the person is now "logged in" as that user.  I also store the ID of the administrator in a separate session variable so when they "log out" it just returns them to their session rather than actually logging them out of the system.

With this method there's no need to know your users password.   There's no master password that could accidentally leak.  You can control better who can use this functionally via permissions (we only let a small group of 'Super Administrators' do this).

 

Edited by kicken
Link to comment
https://forums.phpfreaks.com/topic/311095-php-login-as-user/#findComment-1579650
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.