Thread

I am building a site for a client and it involves user membership, if a user has an issue with there membership is there a way a super admin can view their password and login as that user so that the super admin can see what the problem is?

Or is there a way to log in without the password?

Thanks

Or is there a way to log in without the password?

If I remember correctly, the SuperAdmin can log in anywhere on the site, and make changes accordingly, but you can’t view a user’s current password (it’s a hash, right?). SA’s can change user passwords, though.

Yeah looking at the database they are hashes. The SuperAdmin can view/edit/delete all the data that a member can see. But this site develops content based on the members profile, so if they are having issues it would be better to get in there as that user, be in their shoes as it were, rather than overseeing the data as a SuperAdmin.

I know this is probably barred from a security point of view, but could the SuperAdmin somehow log themselves in as this person without a password? all i need is to fake the member_id and group_id of the logged in user.

Or is there a way to decode the hashes? or is that the point of a hash?

Or is this a case of internet etiquette? should I ask my users for their permission to access there account in the case of an issue, and either I change there password to a temporary one. Or ask them to provide their password?

Thanks for getting back to me. Anymore help would be appreciated.

But this site develops content based on the members profile, so if they are having issues it would be better to get in there as that user, be in their shoes as it were, rather than overseeing the data as a SuperAdmin.

From a troubleshooting perspective, that makes sense. Not knowing if there’s another way, I would make a dummy user account for each member profile so the SA can log in to ‘see’ what that member group sees, instead of only what the SA can see.

I know this is probably barred from a security point of view, but could the SuperAdmin somehow log themselves in as this person without a password? all i need is to fake the member_id and group_id of the logged in user.

I don’t think EE is set up that way, since the SA can see everything.

Or is there a way to decode the hashes? or is that the point of a hash?

That’s the idea behind the hash. There isn’t much security if the SA can log in to a users account using the users PW.

Or is this a case of internet etiquette? should I ask my users for their permission to access there account in the case of an issue, and either I change there password to a temporary one. Or ask them to provide their password?

If the users are few, you could always ask for the PW, if there are many it could become a cumbersome problem. Even temporary passwords get messy. Unless you have dozens of member groups it may be easier to use the ‘manual’ solution above.

If you go and view that user’s preferences in the CP, in the lower left corner you can choose to Login as that member.

I’ve been unable to get that to work.

Does the member require CP privileges? Regardless of the setting, Login as Member simply logs out the SA. The Member options are 1) Site Homepage, 2) Other (enter URL), but it does not auto login as that member.

What am I doing wrong?

I use that all the time; if you’re having difficulties with it, please start a new thread in technical support. =)

Thanks very much Lisa that’s exactly what I was looking for. And may I add a great feature of ExpressionEngine. Thanks for all your help Gramps but this is the solution I was looking for.