From fc0e8a984379af71756408d7fabbb9e27d7261c7 Mon Sep 17 00:00:00 2001
From: Copilot <198982749+Copilot@users.noreply.github.com>
Date: Mon, 2 Mar 2026 13:17:40 +0900
Subject: [PATCH] Add admin login-as (impersonate) feature to member admin list
 (#4)

Co-authored-by: Lastorder-DC <18280396+Lastorder-DC@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
---
 modules/member/conf/module.xml             |  1 +
 modules/member/lang/en.php                 |  3 ++
 modules/member/lang/ko.php                 |  3 ++
 modules/member/member.admin.controller.php | 41 ++++++++++++++++++++++
 modules/member/tpl/member_list.html        | 21 ++++++++++-
 5 files changed, 68 insertions(+), 1 deletion(-)

diff --git a/modules/member/conf/module.xml b/modules/member/conf/module.xml
index a6aabadb5..5e179fc0a 100644
--- a/modules/member/conf/module.xml
+++ b/modules/member/conf/module.xml
@@ -118,6 +118,7 @@
 		<action name="procMemberAdminUpdateGroupOrder" type="controller" />
 		<action name="procMemberAdminUpdateMembersGroup" type="controller" ruleset="manageMemberGroup" />
 		<action name="procMemberAdminDeleteMembers" type="controller" />
+		<action name="procMemberAdminLoginAs" type="controller" />
 	</actions>
 	<eventHandlers>
 		<eventHandler after="document.getDocumentMenu" class="controller" method="triggerGetDocumentMenu" />
diff --git a/modules/member/lang/en.php b/modules/member/lang/en.php
index 24eceb38c..71dd2ac37 100644
--- a/modules/member/lang/en.php
+++ b/modules/member/lang/en.php
@@ -407,3 +407,6 @@ $lang->member_unauthenticated = 'Unauthenticated';
 $lang->member_number = 'Member identification number';
 $lang->msg_change_after_click = 'Change after clicking link below';
 $lang->msg_password_changed = 'Your password has been changed.';
+
+$lang->cmd_login_as = 'Login as this member';
+$lang->msg_confirm_login_as = 'Are you sure you want to login as this member? Your current admin session will be terminated.';
diff --git a/modules/member/lang/ko.php b/modules/member/lang/ko.php
index dee729b3b..c3f776d8d 100644
--- a/modules/member/lang/ko.php
+++ b/modules/member/lang/ko.php
@@ -411,3 +411,6 @@ $lang->member_unauthenticated = '미인증';
 $lang->member_number = '회원 번호';
 $lang->msg_change_after_click = '아래 링크 클릭 후 변경 가능';
 $lang->msg_password_changed = '비밀번호가 변경되었습니다.';
+
+$lang->cmd_login_as = '해당 회원으로 로그인';
+$lang->msg_confirm_login_as = '해당 회원으로 로그인하시겠습니까? 현재 관리자 세션이 종료됩니다.';
diff --git a/modules/member/member.admin.controller.php b/modules/member/member.admin.controller.php
index 1bc72fe41..54fe90c24 100644
--- a/modules/member/member.admin.controller.php
+++ b/modules/member/member.admin.controller.php
@@ -1802,6 +1802,47 @@ class MemberAdminController extends Member
 
 		return new BaseObject();
 	}
+
+	/**
+	 * Login as a specific member (admin only)
+	 * @return void|BaseObject
+	 */
+	function procMemberAdminLoginAs()
+	{
+		// Check admin permission and CSRF token
+		$logged_info = Context::get('logged_info');
+		if(!$logged_info || $logged_info->is_admin !== 'Y' || !Rhymix\Framework\Security::checkCSRF())
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+
+		$member_srl = Context::get('member_srl');
+		if(!$member_srl)
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+
+		// Get target member info
+		$member_info = MemberModel::getMemberInfoByMemberSrl($member_srl);
+		if(!$member_info || !$member_info->member_srl)
+		{
+			throw new Rhymix\Framework\Exceptions\InvalidRequest;
+		}
+
+		// Do not allow login as the super admin (member_srl = 4)
+		if(intval($member_info->member_srl) === 4)
+		{
+			throw new Rhymix\Framework\Exceptions\NotPermitted;
+		}
+
+		// Perform login as the target member
+		// Session::login() sets the basic session variables, and setSessionInfo() populates Context with member details
+		Rhymix\Framework\Session::login($member_info->member_srl);
+		$oMemberController = getController('member');
+		$oMemberController->setSessionInfo();
+
+		$this->setRedirectUrl(getNotEncodedUrl(''));
+	}
 }
 /* End of file member.admin.controller.php */
 /* Location: ./modules/member/member.admin.controller.php */
diff --git a/modules/member/tpl/member_list.html b/modules/member/tpl/member_list.html
index 09ce416ad..bb3f568d3 100644
--- a/modules/member/tpl/member_list.html
+++ b/modules/member/tpl/member_list.html
@@ -97,7 +97,12 @@
 					{zdate($member_info['last_login'], 'Y-m-d')}
 				</td>
 				<td class="rx_detail_marks">{$member_info['group_list']}&nbsp;</td>
-				<td class="nowr"><a href="{getUrl('', 'module', 'admin', 'act', 'dispMemberAdminInsert', 'member_srl', $member_info['member_srl'])}">{$lang->inquiry}/{$lang->cmd_modify}</a></td>
+				<td class="nowr">
+					<a href="{getUrl('', 'module', 'admin', 'act', 'dispMemberAdminInsert', 'member_srl', $member_info['member_srl'])}">{$lang->inquiry}/{$lang->cmd_modify}</a>
+					<!--@if($member_info['member_srl'] != 4)-->
+					<a href="#" class="_login_as" data-member-srl="{$member_info['member_srl']}">{$lang->cmd_login_as}</a>
+					<!--@end-->
+				</td>
 				{@$used_values = ''}
 				<!--@foreach($usedIdentifiers as $name=>$title)-->
 					{@$used_values .= "\t".$member_info[$name]}
@@ -245,5 +250,19 @@ jQuery(function($){
 			}
 		}
 	});
+	// Login as member
+	$('a._login_as').click(function(e){
+		e.preventDefault();
+		if(!confirm('{$lang->msg_confirm_login_as}')) return;
+		var member_srl = $(this).data('member-srl');
+		var $form = $('#loginAsForm');
+		$form.find('input[name=member_srl]').val(member_srl);
+		$form.submit();
+	});
 });
 </script>
+<form id="loginAsForm" action="./" method="post" style="display:none">
+	<input type="hidden" name="module" value="member" />
+	<input type="hidden" name="act" value="procMemberAdminLoginAs" />
+	<input type="hidden" name="member_srl" value="" />
+</form>