diff --git a/plugins/admin_multi_view/controller.php b/plugins/admin_multi_view/controller.php index f60e43bb9..861df63a7 100644 --- a/plugins/admin_multi_view/controller.php +++ b/plugins/admin_multi_view/controller.php @@ -26,18 +26,20 @@ if (!is_admin() or !function_exists('multiview_user_init') ) $refresh_main = false; -if ( isset($_GET['view_guest']) ) +if ( isset($_GET['view_as']) ) { - pwg_set_session_var( 'multiview_as', $conf['guest_id'] ); + if ( is_adviser() and $user['id']!=$_GET['view_as'] and $conf['guest_id']!=$_GET['view_as']) + die('security error'); + pwg_set_session_var( 'multiview_as', (int)$_GET['view_as'] ); + // user change resets theme/lang + pwg_unset_session_var( 'multiview_theme' ); + pwg_unset_session_var( 'multiview_lang' ); $refresh_main = true; } -elseif ( isset($_GET['view_admin']) ) -{ - pwg_unset_session_var('multiview_as'); - $refresh_main = true; -} -$view_as = pwg_get_session_var( 'multiview_as', 0 ); - +if (pwg_get_session_var( 'multiview_as', $user['id']) != $user['id'] ) + $view_as_user = build_user( pwg_get_session_var( 'multiview_as',0), false); +else + $view_as_user = $user; if ( isset($_GET['theme']) ) { @@ -80,13 +82,45 @@ if ( isset($_GET['debug_template']) ) } $my_url = get_root_url().'plugins/'.basename(dirname(__FILE__)).'/'.basename(__FILE__); -$my_template = ''; -$themes_html='Theme: '; +foreach( $user_map as $id=>$username) +{ + $selected = ($id==$view_as_user['id']) ? 'selected="selected"' : ''; + $users_html .= + ''; +} +$users_html.= ''; + + +// +-----------------------------------------------------------------------+ +// | templates | +$my_template = ''; +$themes_html=''; foreach (get_languages() as $language_code => $language_name) { - $selected = $language_code == pwg_get_session_var( 'multiview_lang', $user['language'] ) ? 'selected="selected"' : ''; + $selected = $language_code == pwg_get_session_var( 'multiview_lang', $view_as_user['language'] ) ? 'selected="selected"' : ''; $lang_html .= '