<?php
/*
 ----------------------------------------------------------------------
 LICENSE

 This program is free software; you can redistribute it and/or
 modify it under the terms of the GNU General Public License (GPL)
 as published by the Free Software Foundation; either version 2
 of the License, or (at your option) any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 To read the license please visit http://www.gnu.org/copyleft/gpl.html
 ----------------------------------------------------------------------
*/

/**
 * Any ADMIN account can impersonate to any other account by using this page.
 *
 * @copyright AlternC-Team 2000-2017 https://alternc.com/ 
 */

require_once("../class/config.php");

/*
 We come into this page in two situations : 
 * with a user id to go to (we check the current account is admin and is allowed to connect to this account)
 * with no parameter when the admin want to go back to his admin account.
 */

$fields = array (
        "id"                => array ("get", "integer", ""),
);
getFields($fields);

// * with no parameter when the admin want to go back to his admin account.  
if ( empty($id) && isset($_COOKIE["oldid"]) && !empty($_COOKIE["oldid"])) {
  // We check the cookie's value : 
  list($newuid,$passcheck)=explode("/",$_COOKIE["oldid"]);
  $newuid=intval($newuid); 
  if (!$newuid) {
    $msg->raise("ERROR", "admin", _("Your authentication information are incorrect"));
    include("index.php");
    exit();
  }
  $admin->enabled=true;
  $r=$admin->get($newuid);
  if ($passcheck!=md5($r["pass"])) {
    $msg->raise("INFO", "admin", _("Your authentication information are incorrect"));
    include("index.php");
    exit();
  }

  // Ok, so we remove the cookie : 
  setcookie('oldid','',0,'/');
  unset($_COOKIE['oldid']);

  // And we go back to the former administrator account : 
  if (!$mem->setid($newuid)) {
    include("index.php");
    exit();
  }

  include_once("adm_list.php");
  exit();
}


//  * with a user id to go to (we check the current account is admin and is allowed to connect to this account) 
if (!$admin->enabled) {
  $msg->raise("ERROR", "admin", _("This page is restricted to authorized staff"));
  echo $msg->msg_html_all();
  exit();
}

// Depending on subadmin_restriction, a subadmin can (or cannot) connect to account he didn't create
$subadmin=variable_get("subadmin_restriction");
if ($subadmin==0 && !$admin->checkcreator($id)) {
  $msg->raise("ERROR", "admin", _("This page is restricted to authorized staff"));
  echo $msg->msg_html_all();
  exit();
}

if ($r=$admin->get($id)) {
  $oldid=$cuid."/".md5($mem->user["pass"]);
  setcookie('oldid',$oldid,0,'/');
  $_COOKIE['oldid']=$oldid;

  if (!$mem->setid($id)) {
    include("index.php");
    exit();
  }
  // Now we are the other user :) 
  include_once("main.php");
  exit();
}

// If there were an error, let's show it :
include_once("head.php");

?>
<h3><?php __("Member login"); ?></h3>
<?php
echo $msg->msg_html_all();

include_once("foot.php"); 
?>