Thanks for the hint. I didn't know about user_external_login.

Unfortunately it does not allow me to start a new session and call $_SESSION[LOGIN_AS_DIFFERENT_USER] = TRUE;. This line is very important, because later on it tells ip_login not to do an autologin but let the user login as a different user.

Are there some more things to think about?
Best Regards
Ernst



2010/2/8 Brian Vuyk <brian@brianvuyk.com>
Is it possible this could be simplified somewhat by using user_external_login()?

http://api.drupal.org/api/function/user_external_login/6


Ernst Plüss wrote:
Hi drupal friends

I've written a patch for the ip_login module. It extends the module with the possiblity to have a "login as an other user" link.

Basically it does the following things:
  1. Logs out the current user.
  2. Makes sure ip_login does not straight login again.
  3. Shows the user login screen.
My code works, but I'm not 100% sure whether it's save to code it like that. Could someone have an I on it?


/**
 * Logs the current user out and start new session.
 *
 * Most of the code taken from user_logout() and _drupal_bootstrap().
 */
function ip_login_as_different_user() {
  global $user;

  watchdog('user', 'Session closed for %name.', array('%name=> $user->name));

  // Destroy the current session:
  session_destroy();
  // Only variables can be passed by reference workaround.
  $null = NULL;
  user_module_invoke('logout', $null, $user);

  // Load the anonymous user
  $user = drupal_anonymous_user();

  require_once variable_get('session_inc', './includes/session.inc');
  session_set_save_handler('sess_open', 'sess_close', 'sess_read', 'sess_write', 'sess_destroy_sid', 'sess_gc');
  session_start();

  $_SESSION[LOGIN_AS_DIFFERENT_USER] = TRUE;

  // show the login page
  drupal_goto('user');
}

Thanks for taking your time!
Ernst