Matt93 Posted July 15, 2020 Share Posted July 15, 2020 Hello, I have a PHP Login MySQL System which works perfect, however I would like to add a Functionality so that me as Admin can Login to Users Accounts. How can this be done, can you please help me? Many Thanks Quote Link to comment https://forums.phpfreaks.com/topic/311095-php-login-as-user/ Share on other sites More sharing options...
gw1500se Posted July 15, 2020 Share Posted July 15, 2020 Hard to say without knowing how you are managing your logins. However, you could change your login script to check for the user's password or a superuser password. You have to be careful how you do the latter and what you us as a superuser password to minimize the risk of being hacked. Quote Link to comment https://forums.phpfreaks.com/topic/311095-php-login-as-user/#findComment-1579644 Share on other sites More sharing options...
Matt93 Posted July 15, 2020 Author Share Posted July 15, 2020 Hello @gw1500se Thank you for your post. If it helps I'm using https://github.com/apollonzinos/php-login-advanced, but quite modified version by my team, but that is the base. By Super Password you mean a Secondary Password that is Used for the User so the User will have his Normal Password he Entered and a Second Column in the DB for the Super Password so the Admin can Login or I'm understanding you wrong? Thanks Quote Link to comment https://forums.phpfreaks.com/topic/311095-php-login-as-user/#findComment-1579647 Share on other sites More sharing options...
kicken Posted July 15, 2020 Share Posted July 15, 2020 (edited) The best thing to do in my opinion is to just have a way to switch the active user of your session, and expose this functionality to administrators only. For example in my systems when an administrator looks up a user in the user listing there is a link called 'Impersonate' available to them. When clicked, this modifies the $_SESSION['UserId'] (where I happen to store my login info) value to that of the selected user and as a result the person is now "logged in" as that user. I also store the ID of the administrator in a separate session variable so when they "log out" it just returns them to their session rather than actually logging them out of the system. With this method there's no need to know your users password. There's no master password that could accidentally leak. You can control better who can use this functionally via permissions (we only let a small group of 'Super Administrators' do this). Edited July 15, 2020 by kicken Quote Link to comment https://forums.phpfreaks.com/topic/311095-php-login-as-user/#findComment-1579650 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.