<?php
/**
* SeekQuarry/Yioop --
* Open Source Pure PHP Search Engine, Crawler, and Indexer
*
* Copyright (C) 2009 - 2026 Chris Pollett chris@pollett.org
*
* LICENSE:
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see
* <https://www.gnu.org/licenses/>.
*
* END LICENSE
*
* @author Chris Pollett chris@pollett.org
* @license https://www.gnu.org/licenses/ GPL3
* @link https://www.seekquarry.com/
* @copyright 2009 - 2026
* @filesource
*/
namespace seekquarry\yioop\views\elements;
use seekquarry\yioop\configs as C;
/**
* Element that draws the "acting as" banner shown while a user with
* Manage Users access is impersonating another account. It renders
* only when the session marks an impersonation in progress, so the
* authenticated views that include it pay nothing on a normal
* session. The banner shows who is acting as whom and a Switch Back
* control that reveals an inline password field; submitting it
* re-authenticates the original user and restores the session.
*
* @author Chris Pollett chris@pollett.org
*/
class ImpersonatebarElement extends Element
{
/**
* Draws the impersonation banner if the session indicates an
* act-as is in progress; otherwise draws nothing.
*
* @param array $data fields from the controller; uses the
* CSRF token for the re-auth form. The acting-as and
* impersonator names come from the session so the banner
* can render on any authenticated view without a per-page
* lookup.
*/
public function render($data)
{
if (empty($_SESSION['IMPERSONATOR_RETURN_NAME'])) {
return;
}
$impersonator = $_SESSION['IMPERSONATOR_RETURN_NAME'];
$acting_as = $_SESSION['USER_NAME'] ?? '';
$token = $data[C\p('CSRF_TOKEN')] ?? '';
$admin_url = htmlentities(C\SHORT_BASE_URL);
?><div class="impersonation-banner"><span><?=
tl('adminbar_element_acting_as', $impersonator, $acting_as)
?></span>
<a href="#" id="impersonation-reveal"
onclick="elt('impersonation-reveal').classList.add(
'none'); elt('impersonation-stop').classList.remove(
'none'); elt('impersonator-password').focus();
return false;"><?=
tl('adminbar_element_switch_back') ?></a>
<form id="impersonation-stop" action="<?= $admin_url ?>"
class="impersonation-stop none" method="post"
autocomplete="off">
<input type="hidden" name="c" value="admin" >
<input type="hidden" name="a" value="manageAccount" >
<input type="hidden" name="arg" value="stopactingas" >
<input type="hidden" name="<?= C\p('CSRF_TOKEN') ?>"
value="<?= $token ?>" >
<input type="password" id="impersonator-password"
name="impersonator_password" placeholder="<?=
tl('adminbar_element_impersonator_password',
$impersonator) ?>" >
<button type="submit" class="button-box impersonation-go"
title="<?= tl('adminbar_element_switch_back')
?>">→</button>
<button type="button" class="button-box impersonation-go"
title="<?= tl('adminbar_element_cancel_switch') ?>"
onclick="elt('impersonation-stop').classList.add('none');
elt('impersonation-reveal').classList.remove('none');
return false;">✕</button>
</form></div><?php
}
}