[TH] Login As User [Deleted]

Jon W

Well-known member
Waindigo submitted a new resource:

Login As User by Waindigo (version 1.0.0) - Give members permission to login the site as other members, without having to know their password.

Description:

Members who have been granted the 'Login as different user' permission can click on a link on a user's member card to log in as that user.

A link in the admin bar will allow them to quickly return to their own account at any time.

To log in as a different user, the user will have to be a member of one of the permitted user groups.

Installation:
  • Upload contents of upload folder to root directory, overwriting any existing...

Read more about this resource...
 
This can cause problems, but I suppose it can be useful for a few boards.
The same could be said for giving someone the 'permanent delete' permission and that is a core feature. Provided that you only give the permission to members that you trust (which might just be yourself!) then it can be really useful.
 
If someone is logged in as another user, can he see that users personal conversations also?

Because if he can, that would be a huge privacy problem!
 
Thank you so much! This is an odd vBulletin add-on that we've been waiting to see available for XenForo. I'm sure many folks will be excited about this. It's great for admins and mods to use when a problem arises.
 
If someone is logged in as another user, can he see that users personal conversations also?

Because if he can, that would be a huge privacy problem!

Well, not really. An admin can simply go to the forum DB and see the P.C if he wants to. It's wise though to limit the usage to trusted members, better admins.
 
If someone is logged in as another user, can he see that users personal conversations also?

Because if he can, that would be a huge privacy problem!
Yavuz is exactly right. Anyone with access to the database can get at this information. This is definitely a feature you would only give to a handful of members, if that.

Having said that, if anyone wants to have additional restrictions placed on this feature, please contact me to discuss contributing to this.
 
Well, not really. An admin can simply go to the forum DB and see the P.C if he wants to. It's wise though to limit the usage to trusted members, better admins.

We'd really like to see the ability for an admin to see private conversations added. This has been helpful when "he said", "she said" issues arise between members. The vBulletin mod "login as user" allowed for the ability to read private messages and logging in invisibly to a user's account. Obviously, this is not something to give to all members and even some moderators, that's why it's requested as an "admin" only feature.

Thanks in advance for the consideration.
 
In fact you should upload this addon a second time as "Read PCs of your Members" as I remember some requests for such a feature. ;-)

However I find that feature VERY problematic since it raises serious privacy issues. It is one thing to allow technicians direct database access but another to be able to allow >>all<< your users to read private conversations of other users just with a simple click in ACP.

If people know it can be that easy to read their private conversations they will never trust any Xenforo software again for real private conversations. And not all XF boards are just 4 fun. Some have serious content where members need a way to trust that all PCs stay private and secret.

In my opinion there has been a border crossed that should better not have been crossed.
 
In fact you should upload this addon a second time as "Read PCs of your Members" as I remember some requests for such a feature. ;-)

However I find that feature VERY problematic since it raises serious privacy issues. It is one thing to allow technicians direct database access but another to be able to allow >>all<< your users to read private conversations of other users just with a simple click in ACP.

If people know it can be that easy to read their private conversations they will never trust any Xenforo software again for real private conversations. And not all XF boards are just 4 fun. Some have serious content where members need a way to trust that all PCs stay private and secret.

In my opinion there has been a border crossed that should better not have been crossed.

I see what you mean but nothing really stays private. Forums get sold, not all admins respect privacy, the list goes on. Also, admins have also responsibility to prevent spam, user harrasing another user. It's better not to share sensitive information that you like to see remain private.
 
and lol @ ya'll complaining bout reading pms. PMs can be read by the database. So if you have an addon creator or your host or admin that has access to the database then they can read pms too.

I put in my TOS that your pms can be read at anytime. I even made a thread about it and told members I don't read them but can if I wanted to and will if I suspect spam. When I suspect spam I will investigate cause I hate spammers with a vengeance. No mercy. Catch em, ban em. End of story.

This is also a good way to manage spammers as well.
 
We'd really like to see the ability for an admin to see private conversations added. This has been helpful when "he said", "she said" issues arise between members. The vBulletin mod "login as user" allowed for the ability to read private messages and logging in invisibly to a user's account. Obviously, this is not something to give to all members and even some moderators, that's why it's requested as an "admin" only feature.

Thanks in advance for the consideration.
Not quite sure what you are requesting. This add-on can already do everything you are asking for. It is a permission, so you can make it available for admins use only.

In my opinion there has been a border crossed that should better not have been crossed.
This add-on was created for a school website where teachers may need to log in to a student's accounts to perform actions on their behalf. As an unintended consequence, this ability could potentially be used to stop suspected bullying by making it easier for teachers to read a student's private messages. So many times you hear cases of children committing suicide because they are being bullied. I can't even see that line you are talking about from where I'm standing.
 
I haven't downloaded it yet but does this make it so that when you login, it doesn't change the last login date?
 
I haven't downloaded it yet but does this make it so that when you login, it doesn't change the last login date?

I would expect it to change the login date.

The addon was originally made for me on one of my sites which services a school.
I need it to send in homework if a student has difficulty with the system, or check what` on earth a rather muddled support request means.

The privacy issue has also come up in this school community. As admin I can already check private conversations in other software the community uses.
I always explain that I never check private conversations "for fun" - I am too busy!
But if I get a report of anything sensitive I can quickly check, and see EXACTLY what was said.

Interestingly this younger generation enthusiastically welcomes this as a protection. They are so afflicted by the national epidemic of bullying what they desperately need is safety, before privacy. Most feel the same about surveillance cameras in their schools.

This community has quickly discovered I use my authority carefully and caringly.
If that were not so I would simply lose that community and the project would` fail.

Granted this addon is wide open to abuse. As is so much else about all software which tends`to be autocratic in its power. It is up to us as admins to use that tremendous power of our software, thoughtfully.

But on a forum for adults where only the admin has the facility, or at most one or two mods, an adult user can vote with their feet if the addon is abused.

Jon/ Waindigo I think you described it from the wrong end as a user resource rather than primarily an admin resource. This has created an unfortunate impression. The addon needs to be defined as an admin resource. Something like this:

This addon permits a permitted user, normally the admin, to login as another user.
The admin can check what the user sees and what exact difficulty they are having.
The admin can upload a file etc which the user has been unable to do.
The admin can also grant permission to another user such as a mod to use this facility as well. Clearly this privilege should only be granted to a, known, trusted, responsible person.
 
I haven't downloaded it yet but does this make it so that when you login, it doesn't change the last login date?
No. It will change the login date. It will also show you as being online as that user (unless you select not to show online), updates the page you are currently viewing and logs your actions as normal -- just as if you had logged in as that user with their password.
 
I would expect it to change the login date.

The addon was originally made for me on one of my sites which services a school.
I need it to send in homework if a student has difficulty with the system, or check what` on earth a rather muddled support request means.

The privacy issue has also come up in this school community. As admin I can already check private conversations in other software the community uses.
I always explain that I never check private conversations "for fun" - I am too busy!
But if I get a report of anything sensitive I can quickly check, and see EXACTLY what was said.

Interestingly this younger generation enthusiastically welcomes this as a protection. They are so afflicted by the national epidemic of bullying what they desperately need is safety, before privacy. Most feel the same about surveillance cameras in their schools.

This community has quickly discovered I use my authority carefully and caringly.
If that were not so I would simply lose that community and the project would` fail.

Granted this addon is wide open to abuse. As is so much else about all software which tends`to be autocratic in its power. It is up to us as admins to use that tremendous power of our software, thoughtfully.

But on a forum for adults where only the admin has the facility, or at most one or two mods, an adult user can vote with their feet if the addon is abused.

Jon/ Waindigo I think you described it from the wrong end as a user resource rather than primarily an admin resource. This has created an unfortunate impression. The addon needs to be defined as an admin resource. Something like this:

This addon permits a permitted user, normally the admin, to login as another user.
The admin can check what the user sees and what exact difficulty they are having.
The admin can upload a file etc which the user has been unable to do.
The admin can also grant permission to another user such as a mod to use this facility as well. Clearly this privilege should only be granted to a, known, trusted, responsible person.
You know... like you said... it probably would've been better if he put the word Admin somewhere in the addon description like so: http://www.vbulletin.org/forum/showthread.php?t=228077

So I would basically have to go into the database just to change the last login date. :/

Waindigo, didn't you make a addon that lets us change user join date and does it still work? Would you be able to do so to change user last login date?

I think I remember using that change user join date addon and it worked for awhile then stopped working. If not you, it might have been ragtek. Probably gotta ask him.
 
You know... like you said... it probably would've been better if he put the word Admin somewhere in the addon description like so: http://www.vbulletin.org/forum/showthread.php?t=228077
Already changed the description in response to Morgain's post.

So I would basically have to go into the database just to change the last login date. :/
If you wanted to cover your tracks entirely then you would also need to remove all the other things I mentioned above as well.

Waindigo, didn't you make a addon that lets us change user join date and does it still work? Would you be able to do so to change user last login date?
Yes, I did. I think better to build it into this add-on as it would probably be a lot easier just to not update the last login date in the first place. Would have to check though.

I think I remember using that change user join date addon and it worked for awhile then stopped working. If not you, it might have been ragtek. Probably gotta ask him.
Perhaps conflicting with another add-on? I've just tested it and it works fine on my install.
 
Already changed the description in response to Morgain's post.


If you wanted to cover your tracks entirely then you would also need to remove all the other things I mentioned above as well.


Yes, I did. I think better to build it into this add-on as it would probably be a lot easier just to not update the last login date in the first place. Would have to check though.


Perhaps conflicting with another add-on? I've just tested it and it works fine on my install.
Yeah it was probably an addon conflict. I'm not concerned with 'covering tracks' cause members know I do what I want (lol) but I am concerned with causing false hopes. People will think 'omg so and so logged in yaaay and then they start sending me (the person i logged in under) pms' and if I'm in a bad mood and I get that alert I'mma reply 'gtfo go away' and they get mad at the person but it's really me. :ROFLMAO:

I'm trying not to troll my members. I've worked so hard at not doing so as much as I used to. That's why I asked about it.
 
Yeah it was probably an addon conflict. I'm not concerned with 'covering tracks' cause members know I do what I want (lol) but I am concerned with causing false hopes. People will think 'omg so and so logged in yaaay and then they start sending me pms' and if I'm in a bad mood and I get that alert I'mma reply 'gtfo bytch' and they get at the person but it's really me. :ROFLMAO:

I'm trying not to troll my members. I've worked so hard at not doing so as much as I used to. That's why I asked about it.
In that case, should be able to modify that other add-on really easily to do what you want to do. Can you check whether the other add-on works or not first though? No point me copying that add-on if it doesn't work!
 
Top Bottom