Viewing File: /home/quiczmwg/bitmaven.org/admin/admin_login_as_user.php

<?php
// =====================================
// admin_login_as_user.php
// =====================================

// Start session FIRST — nothing before this
session_start();

// Correct DB path (admin folder → root)
require_once '../_db.php';

// OPTIONAL: protect this route (admin only)
if (!isset($_SESSION['admin_id'])) {
    header("Location: signin.php");
    exit;
}

// Check if userid is provided
if (!isset($_GET['userid'])) {
    die("Invalid request.");
}

$userid = $_GET['userid'];

// Fetch user
$sql = "SELECT userid, username FROM user_login WHERE userid = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $userid);
$stmt->execute();
$result = $stmt->get_result();

if ($result->num_rows === 1) {

    $user = $result->fetch_assoc();

    // Regenerate session for security
    session_regenerate_id(true);

    // Set user session
    $_SESSION['user_logged_in'] = true;
    $_SESSION['userid'] = $user['userid'];
    $_SESSION['username'] = $user['username'];
    $_SESSION['impersonated_by_admin'] = true;

    // Redirect BEFORE any HTML
    header("Location: ../dashboard.php");
    exit;

} else {
    die("User not found.");
}