User Switching - Version 0.8.7

Version Description

  • Respect the secure_logged_in_cookie and login_redirect filters.

=

Download this release

Release Info

Developer johnbillion
Plugin Icon 128x128 User Switching
Version 0.8.7
Comparing to
See all releases

Code changes from version 0.8.6 to 0.8.7

Files changed (2) hide show
  1. readme.txt +110 -107
  2. user-switching.php +38 -12
readme.txt CHANGED
@@ -1,116 +1,119 @@
1
- === User Switching ===
2
-
3
- Contributors: johnbillion
4
- Tags: user, users, profiles, switching, wpmu, multisite, buddypress, bbpress, become, user control, user management, user access, developer
5
- Requires at least: 3.1
6
- Tested up to: 3.8
7
- Stable tag: 0.8.6
8
- License: GPL v2 or later
9
-
10
- Instant switching between user accounts in WordPress.
11
-
12
- == Description ==
13
-
14
- This plugin allows you to quickly swap between user accounts in WordPress at the click of a button. You'll be instantly logged out and logged in as your desired user. This is handy for test environments where you regularly log out and in between different accounts, or for adminstrators who need to switch between multiple accounts.
15
-
16
- = Features =
17
-
18
- * Switch user: Instantly switch to any user account from the *Users* screen.
19
- * Switch back: Instantly switch back to your originating account.
20
- * Switch off: Log out of your account but retain the ability to instantly switch back in again.
21
- * It's completely secure (see the *Security* section below).
22
- * Compatible with WordPress, WordPress Multisite, BuddyPress and bbPress.
23
-
24
- = Security =
25
-
26
- * Only users with the ability to edit other users can switch user accounts. By default this is only Administrators on single site installs, and Super Admins on Multisite installs.
27
- * Passwords are not (and cannot be) revealed.
28
- * Implements WordPress' nonce security system, meaning only those who intend to switch users can switch.
29
- * Full support for administration over SSL (if applicable).
30
-
31
- = Usage =
32
-
33
- 1. Visit the *Users* menu in WordPress and you'll see a *Switch To* link next to each user.
34
- 2. Click this and you will immediately switch into that user account.
35
- 3. You can switch back to your originating account via the *Switch back* link on each dashboard screen or in your profile menu in the WordPress toolbar.
36
-
37
- See the [FAQ](http://wordpress.org/plugins/user-switching/faq/) for information about the *Switch Off* feature.
38
-
39
- = Translations Included =
40
-
41
- * Arabic by Hassan Hisham
42
- * Chinese Simplified by Tunghsiao Liu
43
- * Farsi (Persian) by Amin Ab
44
- * German by Ralph Stenzel
45
- * Japanese by Yusuke Hayasaki
46
- * Lithuanian by Tommixoft
47
- * Polish by Bartosz Arendt
48
- * Russian by R J
49
- * Slovak by Max Samael
50
-
51
- == Screenshots ==
52
-
53
- 1. ![The *Switch To* link on the Users screen](https://raw.github.com/johnbillion/user-switching/master/assets-wp-repo/screenshot-1.png)
54
- 2. ![The *Switch To* link on a user's profile](https://raw.github.com/johnbillion/user-switching/master/assets-wp-repo/screenshot-2.png)
55
-
56
- == Installation ==
57
-
58
- If you have the [WordPress Developer plugin](http://wordpress.org/plugins/developer/) installed then User Switching is a one-click install from the Tools -> Developer screen.
59
-
60
- Alternatively, you can install this plugin directly from your WordPress dashboard:
61
-
62
- 1. Go to the *Plugins* menu and click *Add New*.
63
- 2. Search for *User Switching*.
64
- 3. Click *Install Now* next to the *User Switching* plugin.
65
- 4. Activate the plugin.
66
-
67
- == Frequently Asked Questions ==
68
-
69
- = What does "Switch off" mean? =
70
-
71
- Switching off logs you out of your account but retains your user ID in an authorisation cookie so you can switch straight back without having to log in again manually. It's akin to switching to no user, and being able to switch back.
72
-
73
- The *Switch Off* link can be found in your profile menu in the WordPress toolbar. Once you've switched off you'll see a *Switch back* link in the footer of your site.
74
-
75
- = Does this plugin work with WordPress Multisite? =
76
-
77
- Yes, and you'll also be able to switch users from the Users screen in Network Admin.
78
-
79
- = Does this plugin work with BuddyPress? =
80
-
81
- Yes, and you'll also be able to switch users from member profile screens and the member listing screen.
82
-
83
- = Does this plugin work with bbPress? =
84
-
85
- Yes, and you'll also be able to switch users from member profile screens.
86
-
87
- = Does this work as a mu-plugin? =
88
-
89
- Yes, but you'll need to install `user-switching.php` into the root of your `mu-plugins` directory, not in the `user-switching` subdirectory. This is a restriction of WordPress.
90
-
91
- = What capability does a user need in order to switch accounts? =
92
-
93
- A user needs the `edit_users` capability in order to switch user accounts. By default only Administrators have this capability, and with Multisite enabled only Super Admins have this capability.
94
-
95
- = Can regular admins on Multisite installs switch accounts? =
96
-
97
- No. This can be enabled though by installing the [User Switching for Regular Admins](https://github.com/johnbillion/user-switching-for-regular-admins) plugin.
98
-
99
- = Are any plugin hooks called when users switch accounts? =
100
-
101
- Yes. When a user switches to another account, the `switch_to_user` hook is called with the new and old user IDs passed as parameters.
102
-
103
- When a user switches back to their original account, the `switch_back_user` hook is called with the new (original) and old user IDs passed as parameters. Note that the old user ID can be boolean false if the user is switching back after they've been switched off.
104
-
105
- When a user switches off, the `switch_off_user` hook is called with the old user ID as a parameter.
106
 
107
  == Upgrade Notice ==
108
 
109
- = 0.8.6 =
110
- * Correctly encode the `redirect_to` parameter in the login screen message.
111
 
112
  == Changelog ==
113
 
 
 
 
114
  = 0.8.6 =
115
  * Correctly encode the `redirect_to` parameter in the login screen message.
116
 
1
+ === User Switching ===
2
+
3
+ Contributors: johnbillion
4
+ Tags: user, users, profiles, switching, wpmu, multisite, buddypress, bbpress, become, user control, user management, user access, developer
5
+ Requires at least: 3.1
6
+ Tested up to: 3.9
7
+ Stable tag: 0.8.7
8
+ License: GPL v2 or later
9
+
10
+ Instant switching between user accounts in WordPress.
11
+
12
+ == Description ==
13
+
14
+ This plugin allows you to quickly swap between user accounts in WordPress at the click of a button. You'll be instantly logged out and logged in as your desired user. This is handy for test environments where you regularly log out and in between different accounts, or for adminstrators who need to switch between multiple accounts.
15
+
16
+ = Features =
17
+
18
+ * Switch user: Instantly switch to any user account from the *Users* screen.
19
+ * Switch back: Instantly switch back to your originating account.
20
+ * Switch off: Log out of your account but retain the ability to instantly switch back in again.
21
+ * It's completely secure (see the *Security* section below).
22
+ * Compatible with WordPress, WordPress Multisite, BuddyPress and bbPress.
23
+
24
+ = Security =
25
+
26
+ * Only users with the ability to edit other users can switch user accounts. By default this is only Administrators on single site installs, and Super Admins on Multisite installs.
27
+ * Passwords are not (and cannot be) revealed.
28
+ * Implements WordPress' nonce security system, meaning only those who intend to switch users can switch.
29
+ * Full support for administration over SSL (if applicable).
30
+
31
+ = Usage =
32
+
33
+ 1. Visit the *Users* menu in WordPress and you'll see a *Switch To* link next to each user.
34
+ 2. Click this and you will immediately switch into that user account.
35
+ 3. You can switch back to your originating account via the *Switch back* link on each dashboard screen or in your profile menu in the WordPress toolbar.
36
+
37
+ See the [FAQ](http://wordpress.org/plugins/user-switching/faq/) for information about the *Switch Off* feature.
38
+
39
+ = Translations Included =
40
+
41
+ * Arabic by Hassan Hisham
42
+ * Chinese Simplified by Tunghsiao Liu
43
+ * Farsi (Persian) by Amin Ab
44
+ * German by Ralph Stenzel
45
+ * Japanese by Yusuke Hayasaki
46
+ * Lithuanian by Tommixoft
47
+ * Polish by Bartosz Arendt
48
+ * Russian by R J
49
+ * Slovak by Max Samael
50
+
51
+ == Screenshots ==
52
+
53
+ 1. ![The *Switch To* link on the Users screen](https://raw.github.com/johnbillion/user-switching/master/assets-wp-repo/screenshot-1.png)
54
+ 2. ![The *Switch To* link on a user's profile](https://raw.github.com/johnbillion/user-switching/master/assets-wp-repo/screenshot-2.png)
55
+
56
+ == Installation ==
57
+
58
+ If you have the [WordPress Developer plugin](http://wordpress.org/plugins/developer/) installed then User Switching is a one-click install from the Tools -> Developer screen.
59
+
60
+ Alternatively, you can install this plugin directly from your WordPress dashboard:
61
+
62
+ 1. Go to the *Plugins* menu and click *Add New*.
63
+ 2. Search for *User Switching*.
64
+ 3. Click *Install Now* next to the *User Switching* plugin.
65
+ 4. Activate the plugin.
66
+
67
+ == Frequently Asked Questions ==
68
+
69
+ = What does "Switch off" mean? =
70
+
71
+ Switching off logs you out of your account but retains your user ID in an authorisation cookie so you can switch straight back without having to log in again manually. It's akin to switching to no user, and being able to switch back.
72
+
73
+ The *Switch Off* link can be found in your profile menu in the WordPress toolbar. Once you've switched off you'll see a *Switch back* link in the footer of your site.
74
+
75
+ = Does this plugin work with WordPress Multisite? =
76
+
77
+ Yes, and you'll also be able to switch users from the Users screen in Network Admin.
78
+
79
+ = Does this plugin work with BuddyPress? =
80
+
81
+ Yes, and you'll also be able to switch users from member profile screens and the member listing screen.
82
+
83
+ = Does this plugin work with bbPress? =
84
+
85
+ Yes, and you'll also be able to switch users from member profile screens.
86
+
87
+ = Does this work as a mu-plugin? =
88
+
89
+ Yes, but you'll need to install `user-switching.php` into the root of your `mu-plugins` directory, not in the `user-switching` subdirectory. This is a restriction of WordPress.
90
+
91
+ = What capability does a user need in order to switch accounts? =
92
+
93
+ A user needs the `edit_users` capability in order to switch user accounts. By default only Administrators have this capability, and with Multisite enabled only Super Admins have this capability.
94
+
95
+ = Can regular admins on Multisite installs switch accounts? =
96
+
97
+ No. This can be enabled though by installing the [User Switching for Regular Admins](https://github.com/johnbillion/user-switching-for-regular-admins) plugin.
98
+
99
+ = Are any plugin hooks called when users switch accounts? =
100
+
101
+ Yes. When a user switches to another account, the `switch_to_user` hook is called with the new and old user IDs passed as parameters.
102
+
103
+ When a user switches back to their original account, the `switch_back_user` hook is called with the new (original) and old user IDs passed as parameters. Note that the old user ID can be boolean false if the user is switching back after they've been switched off.
104
+
105
+ When a user switches off, the `switch_off_user` hook is called with the old user ID as a parameter.
106
 
107
  == Upgrade Notice ==
108
 
109
+ = 0.8.7 =
110
+ * Respect the `secure_logged_in_cookie` and `login_redirect` filters.
111
 
112
  == Changelog ==
113
 
114
+ = 0.8.7 =
115
+ * Respect the `secure_logged_in_cookie` and `login_redirect` filters.
116
+
117
  = 0.8.6 =
118
  * Correctly encode the `redirect_to` parameter in the login screen message.
119
 
user-switching.php CHANGED
@@ -2,8 +2,8 @@
2
  /*
3
  Plugin Name: User Switching
4
  Description: Instant switching between user accounts in WordPress
5
- Version: 0.8.6
6
- Plugin URI: https://lud.icro.us/wordpress-plugin-user-switching/
7
  Author: John Blackbourn
8
  Author URI: https://johnblackbourn.com/
9
  Text Domain: user-switching
@@ -112,11 +112,6 @@ class user_switching {
112
  if ( !isset( $_REQUEST['action'] ) )
113
  return;
114
 
115
- if ( isset( $_REQUEST['redirect_to'] ) and !empty( $_REQUEST['redirect_to'] ) )
116
- $redirect_to = self::remove_query_args( $_REQUEST['redirect_to'] );
117
- else
118
- $redirect_to = false;
119
-
120
  switch ( $_REQUEST['action'] ) {
121
 
122
  # We're attempting to switch to another user:
@@ -126,7 +121,10 @@ class user_switching {
126
  check_admin_referer( "switch_to_user_{$user_id}" );
127
 
128
  # Switch user:
129
- if ( switch_to_user( $user_id, self::remember() ) ) {
 
 
 
130
 
131
  # Redirect to the dashboard or the home URL depending on capabilities:
132
  if ( $redirect_to )
@@ -153,6 +151,9 @@ class user_switching {
153
 
154
  # Switch user:
155
  if ( switch_to_user( $old_user->ID, self::remember(), false ) ) {
 
 
 
156
  if ( $redirect_to )
157
  wp_safe_redirect( add_query_arg( array( 'user_switched' => 'true', 'switched_back' => 'true' ), $redirect_to ) );
158
  else
@@ -170,6 +171,7 @@ class user_switching {
170
 
171
  # Switch off:
172
  if ( switch_off_user() ) {
 
173
  if ( $redirect_to )
174
  wp_safe_redirect( add_query_arg( array( 'switched_off' => 'true' ), $redirect_to ) );
175
  else
@@ -184,6 +186,28 @@ class user_switching {
184
 
185
  }
186
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
187
  /**
188
  * Display the 'Switched to {user}' and 'Switch back to {user}' messages in the admin area.
189
  *
@@ -542,7 +566,8 @@ function wp_set_olduser_cookie( $old_user_id ) {
542
  $expiration = time() + 172800; # 48 hours
543
  $cookie = wp_get_olduser_cookie();
544
  $cookie[] = wp_generate_auth_cookie( $old_user_id, $expiration, 'old_user' );
545
- setcookie( OLDUSER_COOKIE, json_encode( $cookie ), $expiration, COOKIEPATH, COOKIE_DOMAIN, false );
 
546
  }
547
  }
548
 
@@ -560,7 +585,8 @@ function wp_clear_olduser_cookie( $clear_all = true ) {
560
  } else {
561
  array_pop( $cookie );
562
  $expiration = time() + 172800; # 48 hours
563
- setcookie( OLDUSER_COOKIE, json_encode( $cookie ), $expiration, COOKIEPATH, COOKIE_DOMAIN, false );
 
564
  }
565
  }
566
  }
@@ -586,7 +612,7 @@ function wp_get_olduser_cookie() {
586
  * @param int $user_id The ID of the user to switch to.
587
  * @param bool $remember Whether to 'remember' the user in the form of a persistent browser cookie. Optional.
588
  * @param bool $set_old_user Whether to set the old user cookie. Optional.
589
- * @return bool True on success, false on failure.
590
  */
591
  if ( !function_exists( 'switch_to_user' ) ) {
592
  function switch_to_user( $user_id, $remember = false, $set_old_user = true ) {
@@ -610,7 +636,7 @@ function switch_to_user( $user_id, $remember = false, $set_old_user = true ) {
610
  else
611
  do_action( 'switch_back_user', $user_id, $old_user_id );
612
 
613
- return true;
614
  }
615
  }
616
 
2
  /*
3
  Plugin Name: User Switching
4
  Description: Instant switching between user accounts in WordPress
5
+ Version: 0.8.7
6
+ Plugin URI: https://johnblackbourn.com/wordpress-plugin-user-switching/
7
  Author: John Blackbourn
8
  Author URI: https://johnblackbourn.com/
9
  Text Domain: user-switching
112
  if ( !isset( $_REQUEST['action'] ) )
113
  return;
114
 
 
 
 
 
 
115
  switch ( $_REQUEST['action'] ) {
116
 
117
  # We're attempting to switch to another user:
121
  check_admin_referer( "switch_to_user_{$user_id}" );
122
 
123
  # Switch user:
124
+ $user = switch_to_user( $user_id, self::remember() );
125
+ if ( $user ) {
126
+
127
+ $redirect_to = self::get_redirect( $user );
128
 
129
  # Redirect to the dashboard or the home URL depending on capabilities:
130
  if ( $redirect_to )
151
 
152
  # Switch user:
153
  if ( switch_to_user( $old_user->ID, self::remember(), false ) ) {
154
+
155
+ $redirect_to = self::get_redirect();
156
+
157
  if ( $redirect_to )
158
  wp_safe_redirect( add_query_arg( array( 'user_switched' => 'true', 'switched_back' => 'true' ), $redirect_to ) );
159
  else
171
 
172
  # Switch off:
173
  if ( switch_off_user() ) {
174
+ $redirect_to = self::get_redirect();
175
  if ( $redirect_to )
176
  wp_safe_redirect( add_query_arg( array( 'switched_off' => 'true' ), $redirect_to ) );
177
  else
186
 
187
  }
188
 
189
+ /**
190
+ * Fetch the URL to redirect to for a given user (used after switching).
191
+ *
192
+ * @param WP_User|null A WP_User object (optional).
193
+ * @return string The URL to redirect to.
194
+ */
195
+ protected static function get_redirect( WP_User $user = null ) {
196
+
197
+ if ( isset( $_REQUEST['redirect_to'] ) and !empty( $_REQUEST['redirect_to'] ) ) {
198
+ $redirect_to = self::remove_query_args( $_REQUEST['redirect_to'] );
199
+ } else {
200
+ $redirect_to = '';
201
+ }
202
+
203
+ if ( $user ) {
204
+ $redirect_to = apply_filters( 'login_redirect', $redirect_to, $redirect_to, $user );
205
+ }
206
+
207
+ return $redirect_to;
208
+
209
+ }
210
+
211
  /**
212
  * Display the 'Switched to {user}' and 'Switch back to {user}' messages in the admin area.
213
  *
566
  $expiration = time() + 172800; # 48 hours
567
  $cookie = wp_get_olduser_cookie();
568
  $cookie[] = wp_generate_auth_cookie( $old_user_id, $expiration, 'old_user' );
569
+ $secure = apply_filters( 'secure_logged_in_cookie', false, $old_user_id, is_ssl() );
570
+ setcookie( OLDUSER_COOKIE, json_encode( $cookie ), $expiration, COOKIEPATH, COOKIE_DOMAIN, $secure, true );
571
  }
572
  }
573
 
585
  } else {
586
  array_pop( $cookie );
587
  $expiration = time() + 172800; # 48 hours
588
+ $secure = apply_filters( 'secure_logged_in_cookie', false, get_current_user_id(), is_ssl() );
589
+ setcookie( OLDUSER_COOKIE, json_encode( $cookie ), $expiration, COOKIEPATH, COOKIE_DOMAIN, $secure, true );
590
  }
591
  }
592
  }
612
  * @param int $user_id The ID of the user to switch to.
613
  * @param bool $remember Whether to 'remember' the user in the form of a persistent browser cookie. Optional.
614
  * @param bool $set_old_user Whether to set the old user cookie. Optional.
615
+ * @return bool|WP_User WP_User object on success, false on failure.
616
  */
617
  if ( !function_exists( 'switch_to_user' ) ) {
618
  function switch_to_user( $user_id, $remember = false, $set_old_user = true ) {
636
  else
637
  do_action( 'switch_back_user', $user_id, $old_user_id );
638
 
639
+ return $user;
640
  }
641
  }
642