$this->addEvent('LOGOUT');
$e = DB_DataObject::factory('Events');
- $e->query("UPDATE Events SET remarks = '' WHERE
- person_id = {$u->id} AND
- action = 'LOGIN' AND
- remarks = '". $e->escape(session_id()) . "'");
-
+
session_regenerate_id(true);
$u->logout();
}
if (!empty($_REQUEST['username'])) {
$this->post();
}
+ if (!empty($_REQUEST['switch'])) {
+ $this->switchUser($_REQUEST['switch']);
+ }
+
+
$this->jerr("INVALID REQUEST");
exit;
}
}
+ function switchUser($id)
+ {
+ // first check they have perms to do this..
+ if (!$this->authUser || ($this->authUser->company_id_comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) {
+ $this->jerr(
+ }
+
+ }
+
+
var $domObj = false;
function post()
{
if ($u->checkPassword($_REQUEST['password'])) {
$u->login();
+ // we might need this later..
$this->addEvent("LOGIN", false, session_id());
if (!empty($_REQUEST['lang'])) {
$u->lang($_REQUEST['lang']);