News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Logging in as another user for admin purposes

Started by MrMike, August 29, 2014, 02:34:04 PM

Previous topic - Next topic

MrMike

I have a webring site that uses SMF 2.0x for both the forums and registration on the site itself. The site is basically built around SMF at the core.  The code  that creates the webring functionality uses the SMF API for login detection, basically just to allow the user to manage their own rings and site lists and whatnot.

As an admin I'd like to be able to temporarily 'login' as another user, basically becoming that user so I can manage the stuff in their account.

I've looked for mod packages that might do something like this but couldn't find anything. Is there any mod package that would have this kind of feature?

Failing that I'd love to hear any suggestions on how to implement this, even if it's just in general terms.

I've come up with one way that might work (maybe), but it's so sleazy I hate to even outline it here. :(

Arantor

I'd love to know what functionality you can't change in their account as admin, since everything in SMF as standard can already do that without you having to log in as them...

Shambles

Wanting to read your members PMs is sleazy too.

MrMike

Quote from: ♥ on August 29, 2014, 02:36:50 PM
I'd love to know what functionality you can't change in their account as admin, since everything in SMF as standard can already do that without you having to log in as them...

I probably should have been more clear in my original post...I can alter everything that comes with SMF (profile page, user settings, etc) but not the added-on features. The items I want to manage are in the webring code/functions.

So, yes- when I login as an SMF admin I have access to both my account settings and any other user's account settings, just like any SMF forum.

But even as an admin in SMF you can't post as another user or send PMs as another user unless you login as that user, and that's basically the same kind of issue that I'm trying to solve.

The added on functions in the webring code work the same way as posting in SMF, you have to actually be logged in as user "X" to manage site lists or ring membership (for example) as user "X".

So essentially what I need is a way to temporarily login as a given user so I can manage their account from within their account.

MrMike

Quote from: Shambles on August 29, 2014, 03:19:55 PM
Wanting to read your members PMs is sleazy too.

I agree, and I don't want to read their PMs.

What I need to do from time to time is to use their account as if I were them in order to straighten something out or help them through something (adding a ring, managing a ring, etc).

Kindred

that is also deceptive and may violate several country's laws....


there is never any case where an admin should log in as a user. If you bsolutely must, you can get the user's password from them and log in correctly.
or change the user's password from the admin menu, -- either way, it involves getting specific permission and/or notification to the user that you are doing it.

You can set up test or alternative accounts, but you should never be performing actions inside the account of another actual user.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

MrMike

Quote from: Kindred on August 29, 2014, 03:38:55 PM
there is never any case where an admin should log in as a user.

Well, a fair number of software apps allow an admin to temporarily log in as a given user in order to manage an account or assist a user, but I'll understand if people aren't comfortable answering this for whatever reason.


Cheers

margarett

Well, SMF has no way to do it. You would really need to reset the user'a password if you don't know it already and login.

For general debug purposes you should have one (or several) test users. Pretty much everything can be simulated with such users ;) You can even cheat a user's post count (via database) so that it goes directly to a specific post count group, if that is important for whatever you need to debug ;)
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

MrMike

Quote from: margarett on August 29, 2014, 05:09:26 PM
For general debug purposes you should have one (or several) test users.

It's not test users or any debugging that I need to work with, it's actual users who occasionally misconfigure something or who need a little help getting started. They just need someone to go in as them and set things straight.

It's okay though, I've found a somewhat out-of-band way to login as them that seems to work.





Kindred

I disagree -- if a user misconfigures something then you can explain to them how to configure it or walk them through it -- I see no reason, EVER, that an admin should log into an actual user's account. (and, as I said, it actually may be illegal to do that in some countries especially if you post anything from that user's account)
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

live627

Quote from: MrMike on August 29, 2014, 06:15:19 PM
Quote from: margarett on August 29, 2014, 05:09:26 PM
For general debug purposes you should have one (or several) test users.

It's not test users or any debugging that I need to work with, it's actual users who occasionally misconfigure something or who need a little help getting started. They just need someone to go in as them and set things straight.
but couldn't you do that already as admin?

MrMike

Quote from: Kindred on August 29, 2014, 06:30:55 PMI disagree -- if a user misconfigures something then you can explain to them how to configure it or walk them through it -- I see no reason, EVER, that an admin should log into an actual user's account.

I understand where you're coming from, and that's fine.

On the other hand, sites like Salesforce.com and Bugzilla and ServiceNow and apps like SharePoint Server offer this exact thing as an option, so they must see some value in it.

Google and Yahoo and Outlook and nearly every other large provider of a web service has a top-level admin mechanism to log into any account and see what's there if they need to. Facebook has it. Twitter has it. Pinterest has it, so does Flickr. It's not an uncommon feature.

Sometimes it's a better client experience if someone can go in and fix something in 2 minutes while they're on the phone rather than spending 20 minutes to try and walk them through it.

They also don't have to reveal their password and/or change it (and half of them have forgotten it anyway so they'd have to go through the whole password reset process, another bit of annoyance for them).

My goal is to keep my users happy by fixing things quickly. I need this functionality, it's that simple.

In any case I've got it working now- I only needed a few lines of code in LogInLogOut.php to implement a switch that allows me to jump on as any given user and do whatever needs to be done from within the account. So no worries.  :D


Quote from: Kindred on August 29, 2014, 06:30:55 PM
(and, as I said, it actually may be illegal to do that in some countries especially if you post anything from that user's account)

I don't know about other countries but in the US if it's done with their permission and they've agreed to it in the Terms of Service, then I think I'd be on safe ground. And if I wind up doing 20 years in Folsom because of the way my admin panel works, so be it. lol


MrMike

Quote from: live627 on August 29, 2014, 08:43:19 PM
but couldn't you do that already as admin?

No, unfortunately I can't. But I've got it all sorted now so I can login as a given user as needed.

Kindred

#13
If I ever found anyone from Facebook logging into my account, I would sue their butts off...

And actually, I can find no evidence that bugzilla or salesforce , both services which I use and have had admin access on, allow an admin to actually log in AS a user.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Mstcool

Make a guide or a walk through video so they don't mis-configure things. :P

MrMike

#15
Quote from: Kindred on August 29, 2014, 09:30:35 PMIf I ever found anyone from Facebook logging into my account, I would sue their butts off...

You wouldn't notice unless they told you, but they do it frequently in the course of investigations. A lot of web apps include this functionality. VBulletin, WordPress, Drupal, Django, etc all include this functionality or have plugins that provide it. Most serious multi-user software packages have this option.


Quote from: Kindred on August 29, 2014, 09:30:35 PMAnd actually, I can find no evidence that bugzilla or salesforce , both services which I use and have had admin access on, allow an admin to actually log in AS a user.

RTFM. I found plenty of evidence, took me all of 30 seconds or so in Google:

Salesforce.com:
https://help.salesforce.com/HTViewHelpDoc?id=logging_in_as_another_user.htm&language=en_US
See "Logging In as Another User": "To assist other users, administrators can log in to Salesforce as another user."

Bugzilla:
http://www.bugzilla.org/docs/2.22/html/useradmin.html (scroll down to bottom)
See the section titled "Impersonating Users": "Bugzilla administrators can impersonate any user in the system"

ServiceNow:
http://wiki.servicenow.com/index.php?title=Impersonating_a_User
"Use this feature to test what different users can do in the system and to perform actions for them in their stead"

SharePoint Server:
http://support.microsoft.com/kb/2752600

MrMike

Quote from: Mstcool on August 30, 2014, 02:27:30 AMMake a guide or a walk through video so they don't mis-configure things.

The walk through guides exist but unfortunately that isn't always enough. And once they've messed things up all they want is for someone to go in and fix it. They don't want to hear about how they should know how to do it or that they should watch a video. They just want it fixed, and this is the quickest, surest way from Point A to Point B.

People may have some deep moral, ethical, or philosophical reservations about logging in as a user, but there's a reason why this functionality exists. A user account is not a Sacred Holy Tomb that the eyes of mortal man should never gaze upon. :)

Mstcool

Yes, but every user wants privacy. I would NEVER want anyone to access my account, whether its an admin or another user. Sure, if I want them too, then yeah. But I wouldn't want this feature to exist. Simply giving the admin my password is easier. If anyone ever does access my account, I will leave that site forever, whether I loved that site or not. My account is mine, not anyone else's.

MrMike

Quote from: Mstcool on August 30, 2014, 04:34:08 PMYes, but every user wants privacy.

Absolutely, I agree 100%. If a user doesn't want me to log into their account to fix stuff, I've got no problem with that. I won't do it without their permission or a court order.



Quote from: Mstcool on August 30, 2014, 04:34:08 PMI would NEVER want anyone to access my account, whether its an admin or another user. Sure, if I want them too, then yeah.

Wait, what?  You just said that you'd never want them to access your account unless you want them to access your account. Lol, which is it?




Quote from: Mstcool on August 30, 2014, 04:34:08 PMBut I wouldn't want this feature to exist. Simply giving the admin my password is easier.

I understand, but not everyone feels that way. Some clients get bent out of shape if they have to go through anything with passwords like giving them out or changing them.

In contrast, I've never had a client say "no" when I asked them if I could log in to their account to fix or change something. (And if they ever said no, then I wouldn't do it.)

Allowing an admin to log in as a user is a useful function; that's why so may of the larger software/service providers have that kind of feature built in.



Quote from: Mstcool on August 30, 2014, 04:34:08 PMIf anyone ever does access my account, I will leave that site forever, whether I loved that site or not.

Unless you wanted them to, correct? :)

Seriously though, I totally agree that it's your prerogative to leave a site for whatever reason or reasons you like.





Mstcool

Sorry for being unclear, I meant to say, I wouldn't want my account being accessed without my permission of course. If they did, they will lose a member. :P

Idk about others but I would personally want to fix the problems myself. :P


What are these things that people keep messing up with?

MrMike

Quote from: Mstcool on August 30, 2014, 11:05:33 PMWhat are these things that people keep messing up with?

On the WebRingo site it's mostly ring and site configuration, site membership within multiple rings, and sometimes the ring code selection.

On other sites it's stuff like advanced user config, or group, subgroup, and guest permissions. Sometimes it's capture rates, sometimes it's spam and bot scoring thresholds, sometimes it's a complicated recurring calendar event, and so on.

Sometimes it's just easier to say, "Can I login to your account and take a look?" and fix it than it is to try and walk them through numerous config settings when they're already frustrated or nearing the end of their patience.

So trust me- I get it. I get the whole "stay out of my account" thing. But sometimes it's just not a practical or sensible approach. If you have paying customers who need immediate help then before long you'll find yourself wishing you had a "Log in as User" button.  :)


Mstcool

Oh, I get what you mean and why you are trying to have this feature. Anyways, good luck with your site! :)

Oh and if you're the only admin, they you should add more people to ur staff who can access others account and fix stuff for them as well. That'll make ur life easier. :) :P

Advertisement: