From 4b32a2fc37e259154eb862dfe9767552ab9d5d34 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 2 Mar 2026 04:11:36 +0000
Subject: [PATCH] Allow login-as for admin members, protect only super admin
(member_srl=4)
Changed the restriction so admins can login as other admin accounts,
but member_srl 4 (super admin) is protected from impersonation.
Co-authored-by: Lastorder-DC <18280396+Lastorder-DC@users.noreply.github.com>
---
modules/member/member.admin.controller.php | 5 +++--
modules/member/tpl/member_list.html | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/modules/member/member.admin.controller.php b/modules/member/member.admin.controller.php
index 1be80b0cb..54fe90c24 100644
--- a/modules/member/member.admin.controller.php
+++ b/modules/member/member.admin.controller.php
@@ -1829,13 +1829,14 @@ class MemberAdminController extends Member
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}
- // Do not allow login as another admin
- if($member_info->is_admin === 'Y')
+ // Do not allow login as the super admin (member_srl = 4)
+ if(intval($member_info->member_srl) === 4)
{
throw new Rhymix\Framework\Exceptions\NotPermitted;
}
// Perform login as the target member
+ // Session::login() sets the basic session variables, and setSessionInfo() populates Context with member details
Rhymix\Framework\Session::login($member_info->member_srl);
$oMemberController = getController('member');
$oMemberController->setSessionInfo();
diff --git a/modules/member/tpl/member_list.html b/modules/member/tpl/member_list.html
index e270e2667..bb3f568d3 100644
--- a/modules/member/tpl/member_list.html
+++ b/modules/member/tpl/member_list.html
@@ -99,7 +99,7 @@
| {$member_info['group_list']} |
{$lang->inquiry}/{$lang->cmd_modify}
-
+
{$lang->cmd_login_as}
|