Pman/Login.php

[Pman.Base] / Pman / Login.php

diff --git a/Pman/Login.php b/Pman/Login.php
index 5add22c..e3f02d1 100644 (file)
--- a/Pman/Login.php
+++ b/Pman/Login.php
@@ -51,11 +51,7 @@ class Pman_Login extends Pman
                 
                 $this->addEvent('LOGOUT');
                 $e = DB_DataObject::factory('Events');
-                $e->query("UPDATE Events SET remarks = '' WHERE 
-                    person_id = {$u->id} AND
-                    action = 'LOGIN' AND
-                    remarks = '". $e->escape(session_id()) . "'");
-                    
+              
                 session_regenerate_id(true);
                 $u->logout();
             }
@@ -75,6 +71,11 @@ class Pman_Login extends Pman
         if (!empty($_REQUEST['username'])) {
             $this->post();
         }
+        if (!empty($_REQUEST['switch'])) {
+            $this->switchUser($_REQUEST['switch']);
+        }
+        
+        
         $this->jerr("INVALID REQUEST");
         exit;
     }
@@ -122,6 +123,16 @@ class Pman_Login extends Pman
     }
 
     
+    function switchUser($id)
+    {
+        // first check they have perms to do this..
+        if (!$this->authUser || ($this->authUser->company_id_comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) {
+            $this->jerr(
+           }
+        
+    }
+    
+    
     var $domObj = false;
     function post()
     {
@@ -171,6 +182,7 @@ class Pman_Login extends Pman
         
         if ($u->checkPassword($_REQUEST['password'])) {
             $u->login();
+            // we might need this later..
             $this->addEvent("LOGIN", false, session_id());
             if (!empty($_REQUEST['lang'])) {
                 $u->lang($_REQUEST['lang']);