You are here

function masquerade_block_1_validate in Masquerade 7

Same name and namespace in other branches
  1. 5 masquerade.module \masquerade_block_1_validate()
  2. 6 masquerade.module \masquerade_block_1_validate()

Masquerade block form validation.

File

./masquerade.module, line 652
The masquerade module allows administrators to masquerade as other user.

Code

function masquerade_block_1_validate($form, &$form_state) {
  global $user;

  //unset($form);
  $name = $form_state['values']['masquerade_user_field'];
  $allowed = FALSE;
  $to_uid = db_select('users', 'u')
    ->fields('u', array(
    'uid',
  ))
    ->condition('u.name', $name, '=')
    ->execute()
    ->fetchField();
  if ($to_uid !== FALSE) {
    $allowed = user_access('masquerade as any user') || db_select('masquerade_users', 'm')
      ->fields('m', array(
      'uid_to',
    ))
      ->condition('m.uid_to', $to_uid, '=')
      ->condition('m.uid_from', $user->uid, '=')
      ->execute()
      ->fetchField();
  }
  if (isset($_SESSION['masquerading'])) {
    form_set_error('masquerade_user_field', t('You are already masquerading. Please <a href="@unswitch">switch back</a> to your account to masquerade as another user.', array(
      '@unswitch' => url('masquerade/unswitch', array(
        'query' => array(
          'token' => drupal_get_token('masquerade/unswitch'),
        ),
      )),
    )));
  }
  if ($to_uid && $allowed === FALSE) {
    form_set_error('masquerade_user_field', t('You are not allowed to masquerade as the selected user.'));
  }
  if ($name != variable_get('anonymous', t('Anonymous')) && module_exists('alt_login')) {
    $alt_login = db_query("SELECT u.name FROM {users} u INNER JOIN {alt_login} al ON u.uid = al.uid WHERE al.alt_login = :alt_login", array(
      ':alt_login' => $name,
    ))
      ->fetchObject();
    if (isset($alt_login->name)) {
      $name = $alt_login->name;
    }
  }
  $masq_user = _masquerade_user_load($name);
  if (!$masq_user) {
    form_set_error('masquerade_user_field', t('User %masq_as does not exist. Please enter a valid username.', array(
      '%masq_as' => $form_state['values']['masquerade_user_field'],
    )));
  }
  elseif ($masq_user->uid == $user->uid) {
    form_set_error('masquerade_user_field', t('You cannot masquerade as yourself. Please choose a different user to masquerade as.'));
  }
  elseif (variable_get('maintenance_mode', 0) && !user_access('access site in maintenance mode', $masq_user)) {
    form_set_error('masquerade_user_field', t('It is not possible to masquerade in off-line mode as !user does not have the %config-perm permission. Please <a href="@site-maintenance">set the site status</a> to "online" to masquerade as !user.', array(
      '!user' => theme('username', array(
        'account' => $masq_user,
      )),
      '%config-perm' => 'use the site in maintenance mode',
      '@site-maintenance' => url('admin/settings/site-maintenance'),
    )));
  }
  else {
    $form_state['values']['masquerade_user_field'] = $name;
  }
}