We maintain a website built on LAMP stack that allows members to log into their profile. While we have an admin interface to handle most tasks, there are times it is ‘necessary’ to log in “as” the member and see what they are seeing.
We have a very secure and thorough salting and verification login process for members but my thought is the following statement is not too secure:
sql = SELECT * FROM userlogins WHERE username = :user
(run the users entered password through the salt process)
$userpasswordentered = undisclosed salt process of ($_POST['password']);
if($userpasswordentered == value retrieved from userlogins above OR $_POST['password'] == 'hardcodedpw') {
log user in
}
Is there a real ‘safe’ way to create a ‘super’ password that would allow me to log into any user account given a valid username was given?
I would implement some sort of “user impersonation” feature. So basically, from your admin account, you can enter / search for a user ID, and then call the “log user in” code as if that user had logged in. This will log the admin user out, but they will now be impersonating the customer as requested.
Personally though, if I have a user/edit action, then the code does the following:
That way, the admin user gets to stay logged in, and you get to control how much of the customer’s stuff the admin user can mess with.