 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/.cursor-server/data/User/History/-253a5ec/ |
<?php
session_start();
// Check if user is logged in and is admin
if (!isset($_SESSION['user_id']) || !isset($_SESSION['is_admin']) || !$_SESSION['is_admin']) {
header('Location: /auth/login.php');
exit;
}
require_once 'config/database.php';
// Handle login as user action
if ($_POST['action'] === 'login_as_user' && isset($_POST['user_id'])) {
$user_id = (int)$_POST['user_id'];
// Get the target user's information
$pdo = getDBConnection();
$stmt = $pdo->prepare("SELECT id, name, email, plan, credits, is_admin FROM users WHERE id = ?");
$stmt->execute([$user_id]);
$target_user = $stmt->fetch();
if ($target_user) {
// Store admin session data for return
$_SESSION['admin_user_id'] = $_SESSION['user_id'];
$_SESSION['admin_name'] = $_SESSION['name'];
$_SESSION['admin_email'] = $_SESSION['email'];
$_SESSION['admin_is_admin'] = $_SESSION['is_admin'];
// Switch to target user session
$_SESSION['user_id'] = $target_user['id'];
$_SESSION['name'] = $target_user['name'];
$_SESSION['email'] = $target_user['email'];
$_SESSION['plan'] = $target_user['plan'];
$_SESSION['credits'] = $target_user['credits'];
$_SESSION['is_admin'] = $target_user['is_admin'];
$_SESSION['logged_in_as_user'] = true; // Flag to indicate admin is logged in as user
// Log the action
$admin_id = $_SESSION['admin_user_id'];
$stmt = $pdo->prepare("INSERT INTO admin_logs (admin_id, action, target_user_id, details, created_at) VALUES (?, ?, ?, ?, NOW())");
$stmt->execute([
$admin_id,
'login_as_user',
$user_id,
"Admin logged in as user: {$target_user['name']} ({$target_user['email']})"
]);
// Redirect to dashboard
header('Location: /dashboard.php?message=logged_in_as_user&user_name=' . urlencode($target_user['name']));
exit;
} else {
header('Location: /admin.php?error=User not found');
exit;
}
}
// Handle return to admin action
if (isset($_GET['return_to_admin']) && $_GET['return_to_admin'] === '1') {
if (isset($_SESSION['admin_user_id']) && $_SESSION['logged_in_as_user']) {
// Restore admin session
$_SESSION['user_id'] = $_SESSION['admin_user_id'];
$_SESSION['name'] = $_SESSION['admin_name'];
$_SESSION['email'] = $_SESSION['admin_email'];
$_SESSION['is_admin'] = $_SESSION['admin_is_admin'];
// Clear temporary session data
unset($_SESSION['admin_user_id']);
unset($_SESSION['admin_name']);
unset($_SESSION['admin_email']);
unset($_SESSION['admin_is_admin']);
unset($_SESSION['logged_in_as_user']);
// Log the return action
$pdo = getDBConnection();
$stmt = $pdo->prepare("INSERT INTO admin_logs (admin_id, action, target_user_id, details, created_at) VALUES (?, ?, ?, ?, NOW())");
$stmt->execute([
$_SESSION['user_id'],
'return_to_admin',
null,
"Admin returned to admin mode"
]);
header('Location: /admin.php?message=Successfully returned to admin mode');
exit;
} else {
header('Location: /auth/login.php');
exit;
}
}
// If no valid action, redirect to admin panel
header('Location: /admin.php?error=Invalid action');
exit;
?>