Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public function mask_as_user() {
- $this->load->model('User_model', '', true);
- $email = $this->input->post('email');
- //there should be some front-end validation here too, but if not permitter, dont allow this to proceed.
- if (strpos($this->session->userdata('user_type'), 'permitter') === false) {
- $return['status'] = 'error';
- $return['message']= 'You are not an admin.';
- header('Content-type: application/json');
- echo json_encode($return);
- return false;
- }
- //save the current admin account, so we know where to switch back to
- $admin_account_email = $this->session->userdata('user_email');
- //logout current user to not have overlapping session data
- //$this->logout(false, true);
- $user_data = $this->User_model->get_user_data($email);
- if ($user_data[0]){
- $user_data = $this->clean_user_data($user_data[0]);
- }
- else{
- $return['status'] = 'error';
- $return['message']= 'This is not an active client account.';
- header('Content-type: application/json');
- echo json_encode($return);
- return false;
- }
- //get userdata for user-mask account and remove unneccessary data (such as login credentials) from session array
- //prevent switching into admin accounts. Not really any sensitive data that the rest of the company can't access elsewhere, but maybe someday there will be.
- if (strpos($user_data['user_type'], 'permitter') !== false) {
- $return['status'] = 'error';
- $return['message']= 'You cannot switch into an admin account.';
- header('Content-type: application/json');
- echo json_encode($return);
- return false;
- }
- //foreach column loaded from database, create a session value.
- $this->session->set_userdata($user_data);
- //set user to loggedin.
- $this->session->set_userdata('loggedin', TRUE);
- //set the current admin account which the mask is being applied to. We will need this for returning back to the admin account without having to logout.
- $this->session->set_userdata('admin_account_email', $admin_account_email);
- $return['status'] = 'success';
- $return['redir_url'] = '/site_client/dashboard';
- header('Content-type: application/json');
- echo json_encode($return);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement