<?php
-// Allows a teacher/admin to login as another user (in stealth mode)
+// Allows a teacher/admin to login as another user (in stealth mode).
require_once('../config.php');
require_once('lib.php');
$url = new moodle_url('/course/loginas.php', array('id'=>$id));
$PAGE->set_url($url);
-/// Reset user back to their real self if needed, for security reasons you need to log out and log in again
+// Reset user back to their real self if needed, for security reasons you need to log out and log in again.
if (session_is_loggedinas()) {
require_sesskey();
require_logout();
redirect(get_login_url());
}
-///-------------------------------------
-/// We are trying to log in as this user in the first place
-
-$userid = required_param('user', PARAM_INT); // login as this user
+// Try log in as this user.
+$userid = required_param('user', PARAM_INT);
require_sesskey();
$course = $DB->get_record('course', array('id'=>$id), '*', MUST_EXIST);
-/// User must be logged in
+// User must be logged in.
$systemcontext = context_system::instance();
$coursecontext = context_course::instance($course->id);
$context = $coursecontext;
}
-/// Login as this user and return to course home page.
-$oldfullname = fullname($USER, true);
+// Login as this user and return to course home page.
session_loginas($userid, $context);
$newfullname = fullname($USER, true);
-add_to_log($course->id, "course", "loginas", "../user/view.php?id=$course->id&user=$userid", "$oldfullname -> $newfullname");
-
$strloginas = get_string('loginas');
$strloggedinas = get_string('loggedinas', '', $newfullname);
$string['errorminpasswordupper'] = 'Passwords must have at least {$a} upper case letter(s).';
$string['errorpasswordupdate'] = 'Error updating password, password not changed';
$string['event_user_loggedin'] = 'User has logged in';
+$string['eventuserloggedinas'] = 'User logged in as another user';
$string['forcechangepassword'] = 'Force change password';
$string['forcechangepasswordfirst_help'] = 'Force users to change password on their first login to Moodle.';
$string['forcechangepassword_help'] = 'Force users to change password on their next login to Moodle.';
--- /dev/null
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * User loggedinas event.
+ *
+ * @package core
+ * @copyright 2013 Rajesh Taneja <rajesh@moodle.com>
+ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+namespace core\event;
+
+defined('MOODLE_INTERNAL') || die();
+
+/**
+ * User loggedinas event class.
+ *
+ * @package core
+ * @copyright 2013 Rajesh Taneja <rajesh@moodle.com>
+ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class user_loggedinas extends base {
+
+ /**
+ * Init method.
+ *
+ * @return void
+ */
+ protected function init() {
+ $this->data['crud'] = 'r';
+ // TODO MDL-41040 set level.
+ $this->data['level'] = 50;
+ $this->data['objecttable'] = 'user';
+ }
+
+ /**
+ * Return localised event name.
+ *
+ * @return string
+ */
+ public static function get_name() {
+ return get_string('eventuserloggedinas', 'auth');
+ }
+
+ /**
+ * Returns non-localised event description with id's for admin use only.
+ *
+ * @return string
+ */
+ public function get_description() {
+ return 'Userid ' . $this->userid . ' has logged in as '. $this->relateduserid;
+ }
+
+ /**
+ * Return legacy data for add_to_log().
+ *
+ * @return array
+ */
+ protected function get_legacy_logdata() {
+ return array($this->courseid, 'course', 'loginas', '../user/view.php?id=' . $this->courseid . '&user=' . $this->userid,
+ $this->other['originalusername'] . ' -> ' . $this->other['loggedinasusername']);
+ }
+
+ /**
+ * Get URL related to the action.
+ *
+ * @return \moodle_url
+ */
+ public function get_url() {
+ return new \moodle_url('/user/view.php', array('id' => $this->objectid));
+ }
+}
* @return void
*/
function session_loginas($userid, $context) {
+ global $USER;
+
if (session_is_loggedinas()) {
return;
}
- // switch to fresh new $SESSION
+ // Switch to fresh new $SESSION.
$_SESSION['REALSESSION'] = $_SESSION['SESSION'];
$_SESSION['SESSION'] = new stdClass();
$user->realuser = $_SESSION['REALUSER']->id;
$user->loginascontext = $context;
- // let enrol plugins deal with new enrolments if necessary
+ // Let enrol plugins deal with new enrolments if necessary.
enrol_check_plugins($user);
- // set up global $USER
+
+ // Create event before $USER is updated.
+ $event = \core\event\user_loggedinas::create(
+ array(
+ 'objectid' => $USER->id,
+ 'context' => $context,
+ 'relateduserid' => $userid,
+ 'other' => array(
+ 'originalusername' => fullname($USER, true),
+ 'loggedinasusername' => fullname($user, true)
+ )
+ )
+ );
+ // Set up global $USER.
session_set_user($user);
+ $event->trigger();
}
/**
--- /dev/null
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Unit tests for (some of) ../sessionlib.php.
+ *
+ * @package core_session
+ * @category phpunit
+ * @copyright 2103 Rajesh Taneja <rajesh@moodle.com>
+ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+global $CFG;
+require_once($CFG->libdir . '/sessionlib.php');
+
+/**
+ * Unit tests for (some of) ../sessionlib.php.
+ *
+ * @package core_session
+ * @category phpunit
+ * @copyright 2103 Rajesh Taneja <rajesh@moodle.com>
+ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class core_sessionlib_testcase extends advanced_testcase {
+
+ /**
+ * Test session_loginas.
+ */
+ public function test_session_loginas() {
+ global $USER;
+ $this->resetAfterTest();
+
+ // Set current user as Admin user and save it for later use.
+ $this->setAdminUser();
+ $adminuser = $USER;
+
+ // Create a new user and try admin loginas this user.
+ $user = $this->getDataGenerator()->create_user();
+ session_loginas($user->id, context_system::instance());
+
+ $this->assertSame($user->id, $USER->id);
+ $this->assertSame(context_system::instance(), $USER->loginascontext);
+ $this->assertSame($adminuser->id, $USER->realuser);
+
+ // Set user as current user and login as admin user in course context.
+ $this->setUser($user);
+ $this->assertNotEquals($adminuser->id, $USER->id);
+ $course = $this->getDataGenerator()->create_course();
+ $coursecontext = context_course::instance($course->id);
+
+ // Catch event triggred.
+ $sink = $this->redirectEvents();
+ session_loginas($adminuser->id, $coursecontext);
+ $events = $sink->get_events();
+ $sink->close();
+ $event = array_pop($events);
+
+ $this->assertSame($adminuser->id, $USER->id);
+ $this->assertSame($coursecontext, $USER->loginascontext);
+ $this->assertSame($user->id, $USER->realuser);
+
+ // Test event captured has proper information.
+ $this->assertInstanceOf('\core\event\user_loggedinas', $event);
+ $this->assertSame($user->id, $event->objectid);
+ $this->assertSame($adminuser->id, $event->relateduserid);
+ $this->assertSame($course->id, $event->courseid);
+ $this->assertEquals($coursecontext, $event->get_context());
+ $oldfullname = fullname($user, true);
+ $newfullname = fullname($adminuser, true);
+ $expectedlogdata = array($course->id, "course", "loginas", "../user/view.php?id=$course->id&user=$user->id", "$oldfullname -> $newfullname");
+ $this->assertEventLegacyLogData($expectedlogdata, $event);
+ }
+}