Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.
/course/ -> loginas.php (source)

Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403]

   1  <?php
   2  // Allows a teacher/admin to login as another user (in stealth mode).
   3  
   4  require_once('../config.php');
   5  require_once ('lib.php');
   6  
   7  $id       = optional_param('id', SITEID, PARAM_INT);   // course id
   8  $redirect = optional_param('redirect', 0, PARAM_BOOL);
   9  
  10  $url = new moodle_url('/course/loginas.php', array('id'=>$id));
  11  $PAGE->set_url($url);
  12  
  13  // Reset user back to their real self if needed, for security reasons you need to log out and log in again.
  14  if (\core\session\manager::is_loggedinas()) {
  15      require_sesskey();
  16      require_logout();
  17  
  18      // We can not set wanted URL here because the session is closed.
  19      redirect(new moodle_url($url, array('redirect'=>1)));
  20  }
  21  
  22  if ($redirect) {
  23      if ($id and $id != SITEID) {
  24          $SESSION->wantsurl = "$CFG->wwwroot/course/view.php?id=".$id;
  25      } else {
  26          $SESSION->wantsurl = "$CFG->wwwroot/";
  27      }
  28  
  29      redirect(get_login_url());
  30  }
  31  
  32  // Try log in as this user.
  33  $userid = required_param('user', PARAM_INT);
  34  
  35  require_sesskey();
  36  $course = $DB->get_record('course', array('id'=>$id), '*', MUST_EXIST);
  37  
  38  // User must be logged in.
  39  
  40  $systemcontext = context_system::instance();
  41  $coursecontext = context_course::instance($course->id);
  42  
  43  require_login();
  44  
  45  if (has_capability('moodle/user:loginas', $systemcontext)) {
  46      if (is_siteadmin($userid)) {
  47          throw new \moodle_exception('nologinas');
  48      }
  49      $context = $systemcontext;
  50      $PAGE->set_context($context);
  51  } else {
  52      require_login($course);
  53      require_capability('moodle/user:loginas', $coursecontext);
  54      if (is_siteadmin($userid)) {
  55          throw new \moodle_exception('nologinas');
  56      }
  57      if (!is_enrolled($coursecontext, $userid)) {
  58          throw new \moodle_exception('usernotincourse');
  59      }
  60      $context = $coursecontext;
  61  
  62      // Check if course has SEPARATEGROUPS and user is part of that group.
  63      if (groups_get_course_groupmode($course) == SEPARATEGROUPS &&
  64              !has_capability('moodle/site:accessallgroups', $context)) {
  65          $samegroup = false;
  66          if ($groups = groups_get_all_groups($course->id, $USER->id)) {
  67              foreach ($groups as $group) {
  68                  if (groups_is_member($group->id, $userid)) {
  69                      $samegroup = true;
  70                      break;
  71                  }
  72              }
  73          }
  74          if (!$samegroup) {
  75              throw new \moodle_exception('nologinas');
  76          }
  77      }
  78  }
  79  
  80  // Login as this user and return to course home page.
  81  \core\session\manager::loginas($userid, $context);
  82  // Add a notification to let the logged in as user know that all content will be force cleaned
  83  // while in this session.
  84  \core\notification::info(get_string('sessionforceclean', 'core'));
  85  $newfullname = fullname($USER, true);
  86  
  87  $strloginas    = get_string('loginas');
  88  $strloggedinas = get_string('loggedinas', '', $newfullname);
  89  
  90  $PAGE->set_title($strloggedinas);
  91  $PAGE->set_heading($course->fullname);
  92  $PAGE->navbar->add($strloggedinas);
  93  notice($strloggedinas, "$CFG->wwwroot/course/view.php?id=$course->id");