I have a user claiming he can log in but cannot post. While viewing his profile to try to trouble-shoot the situation, I noticed the "Become this User" button.

I am wondering if I clicked on the button, would I become him for long enough to test whether I (he) is able to post? How do I revert back to my admin account when I'm done? I'm a little reluctant to test this feature until I know exactly what it does and if there are any questionable side effects (I'm not thrilled about the prospect of entering someone elses morbid virtual body)

in some cases it can be used to test if a problem is with their account.

basicly you would "become" this member to check things if you need to

i sugest you dont do this lightly as it allows you access to everything they have (pm's as well)

once done, you can logout normally, and then log back in with your name....not sure, but there is prolly another way yo get back to your normal account as well

This allows you to be logged in as the user for troubleshooting purposes.

You will be logged in as this user until which time you log out and log back in as yourself.

Mainly this is made so that you as the admin can valdate any "issues" with a user account (such as if they're experiancing an error you can judge if its a software issue or if its "user error").

I have used it several times to update a user's profile at their request.

I have also used it several times to test out user log in problems, posting problems, etc.

I think the feature should be removed. One particular customer of yours is using it to break privacy, and post as another user to make it look like he haven't banned him.

And what would stop an admin from logging into MySQL and updating the password hash of said user and doing the same thing? In all honesty I believe this feature is a good one to have as it allows the admin to preform tasks as a user, should it be resetting things on their behalf (as we don't have the ability to reset passwords in the CP at the presant time) or to validate abuse claims of users.

Well then I'd say don't use/visit the site if you feel the person is not operating the site honestly and it offends you.

You're sort of asking something like... Remove the steering wheel from my car because someone keeps taking it for a joy ride.

It's up to me to secure my car and it's up to that sites owner to secure his site and/or Admins.

Nothing. But this feature makes it a lot easier.

I don't, but lots of people pays for it, and they're being cheated. This feature helps him doing that.

Hansi,

This is the wrong venue to seek recourse.

This is a valid function and very useful tool for Admins. There is no valid reason to remove it.

As a paying Customer of Infopop (sorry, I just cannot bring myself to type the “G” name), my vote is for it to stay.

For note, updating a user password is simple, especailly if PHPMyAdmin is installed on the server (which comes with most control panels now adays), there are MD5 password encoders everywhere, it'd in all honesty take 30 seconds to 2 minutes to update a user password; just as long as it woudl take to use the "login as this user" feature.

Well you could modify your own code and remove the feature too on your own.

yes, but I think he's saying that he's a member on a board where the admin is "abusing" this feature...

Well then as I said if he can't get the guy to stop and it bothers him enough then time to move on to another site. Not much else you can do if an Admin won't listen to you as typically he is the one that owns the board or is close to the person that does.

And also even if the feature was removed -- whats to stop that admin from coding it back in?

So if your on a site where the admin abuses you like this you just need to decide if you want to stay there.

Of course I don't wan't to stay, but you should be worried that your software is being used in a massive fraud, involving hundreds of thousands of pounds.

Hello Hansi

As with anything that is abused it should be reported to the proper authorities.

If you feel that what you're describing is fraud or illegal then you should report it to the local authorities where the site is being run from.

I empathize with you but your suggestion to modify the program because someone abuses it is not valid either.

I'm sorry but along the same lines. I DON'T agree that all guns should be outlawed from the public just because some idiots abuse it and kill others with it. The PERSON is the problem not the object.

This is what I was saying that he could just update the user password in the CP, it's a non-salted hash, so it'd be easy for any novice to update.

If this is a legal issue it should be brought up with the law in the established country; we are in no way lawyers or police, we simply modify and add to a codebase.