- Arabic translation by Hassan Hisham.
- Minor code tweaks.
Description
This plugin allows you to quickly swap between user accounts in WordPress at the click of a button. You'll be instantly logged out and logged in as your desired user. This is handy for test environments where you regularly log out and in between different accounts, or for adminstrators of sites who need to switch between multiple accounts.
Features
- Switch users: Instantly switch to any user account from the Users screen.
- Switch back: Instantly switch back to your originating account.
- Switch off: Log out of your account but retain the ability to instantly switch back in again.
- It's completely secure (see the Security section below).
- Compatible with WordPress, WordPress Multisite and BuddyPress.
Security
- Only users with the ability to edit other users can switch user accounts (by default this is only Administrators). Lower level users cannot switch accounts.
- User switching is protected with the WordPress nonce security system, meaning only those who are allowed to switch users can switch.
- Full support for administration over SSL (if applicable).
- Passwords are not (and cannot be) revealed.
Translations Included
- Chinese Simplified by Tunghsiao Liu (Sparanoid)
- German by Ralph Stenzel
- Farsi (Persian) by Amin Ab
- Slovak by Max Samael
- Polish by Bartosz Arendt
- Lithuanian by Tommixoft
- Arabic by Hassan Hisham
Screenshots
-
The Switch To link on the Users screen
-
The Switch To link on a user's profile
Installation
You can install this plugin directly from your WordPress dashboard:
- Go to the Plugins menu and click Add New.
- Search for User Switching.
- Click Install Now next to the User Switching plugin.
- Activate the plugin.
Alternatively, see the guide to Manually Installing Plugins.
Usage
Visit the Users menu in WordPress and you'll see a Switch To link next to each user. Clicking this will immediately switch you into that user account. Once switched, you can switch back to your originating account via the Switch back link on each dashboard screen and in your profile menu in the WordPress toolbar.
See the FAQ for information about the Switch Off feature.
Todo list
- A custom capability (eg. ‘switch_users’) which can be granted to lower level users so they can switch accounts. Done!
- Some way of switching back to the administrator account after switching to a lower level account (will require a cookie-based remembering system which doesn’t compromise security).
Done! - A persistent notification in the admin area reminding you that this is an account you switched to and not your account (also reliant on solution above). Done!
FAQ
What does "Switch off" mean?
Switching off logs you out of your account but retains your user ID in an authorisation cookie so you can switch straight back without having to log in again manually. It's akin to switching to no user, and being able to switch back.
The Switch Off link can be found in your profile menu in the WordPress toolbar. Once you've switched off you'll see a Switch back link in the footer of your site.
Does this plugin work with WordPress Multisite?
Yes, and you'll also be able to switch users from the Users screen in Network Admin.
Does this plugin work with BuddyPress?
Yes, and you'll also be able to switch users from the Members screens.
Does this work as a mu-plugin?
Yes, but you'll need to install user-switching.php
into the root of your mu-plugins
directory, not in the user-switching
subdirectory. This is a restriction of WordPress.
What capability does a user need in order to switch accounts?
A user needs the edit_users
capability in order to switch user accounts. By default only Administrators have this capability, and with Multisite enabled only Super Admins have this capability.
Can regular admins on Multisite installs switch accounts?
No. This can be enabled though by installing the User Switching for Regular Admins plugin.
Are any hooks called when users switch accounts?
Yes. When a user switches to another account, the switch_to_user
hook is called with the new and old user IDs passed as parameters.
When a user switches back to their original account, the switch_back_user
hook is called with the new (original) and old user IDs passed as parameters.
When a user switches off, the switch_off_user
hook is called with the old user ID as a parameter.
Download
This plugin requires WordPress version 3.1 or later.
View the plugin on WordPress.org.
Version 0.7.1 ZIP file from downloads.wordpress.org
Any comments, questions, queries, suggestions, complaints, etc, please leave a comment!
Very handy indeed. I think I will make something with this and my “No Login” plugin for test sites.
And very clean code, too. Me likes.
using wp 2.7.1 and in the edit profile palce, there is no switch user link as shown above in the screenshot :-( what could be wrong?
sorry, my bad. found the link now :-(
Thanks for the plugin BUT I defintely don’t have any “Switch To” link anywhere as explained above !! I am runing wp 2.7.1 and I installed the plugin through the Admin > Plugin Install panel with no errors !
What is going on ???
AYN: Are you sure you’re logged in as an admin and you’re in the editing screen for a user? (You won’t see the link in the second screenshot unless you’re using a development version of WP 2.8). The link will be right under the option for enabling comment moderation keyboard shortcuts.
Hi John
Thanks for your quick reply.
I AM logged in as Admin and I am in the editing screen of my Admin profile and cannot see the switch link under the enabling keyboard ….. I wished I was missing it somewhere but unfortunately I am not ! … OKay I got it :
Sorry,….. I just found it. I was expecting to find the link on my Admin Edit profile page and from there to be able to choose wich user to switch to. I didn’t recognise how it actually works till luckily checked my Editor account and saw the link there. I clicked it and switched to my Editor account happily. I expected though that I would be able to switch back to my Admin account from there but it doesn’t seem available. I had to logout of the Editor account and then sign in again to my Admin account. Is that how it works ? Am I missing something here ?
Thanks again for the good work and your kind response.
Cheers
I should just correct/ answer myself to my previous question about switching back. Sorry that I was a hurried one. I understand after paying more attention to the description that ONLY Admins can switch accounts so: only if I am switching between diffrent Admin accounts I would be able to switch back without having to login. Correct me John please if I’m I got anything wrong here.
That feature may be handy if feasible though i.e. to make the plugin remember me in whatever account type I switched to and give me a link to switch back perhaps only to that account I came from. A good idea ?!
Best regards and thanks again
AYN: You’re right in that switching back is not currently possible, but it’s a planned feature as you can see in the ‘Todo list’ above. Thanks for your interest in my plugin!
OH thank you thank thank you. This will save a lot of headaches from utilizing 2 different computers and logging in and out of the same machine. Can’t wait to install! A very useful plugin for developers indeed.
All the best,
Jayson
http://twitter.com/askjayson
Version 0.2 released, adding the ability to securely switch back to the administrator account you originally switched from. Good times.
Nice one bro!
Now I can switch back again I’d say this is a pretty invaluable plugin. No more sitting there with Firefox and (ugh) IE open at the same time…
What are the changes in the 0.2.1 ?
thanks
Federico
I need to know before the update….
Hi Federico. The only change in 0.2.1 is to prevent the “Switch back to…” message showing up when it shouldn’t. You do not need to update to this version if you don’t want to.
John.
This plugin is simple and cool, i love it!!! Thanks for your efforts
Hi John
This plugin looks great but I woudl really like the follwoing functionality you have listed under your to do list here:
“A custom capability (eg. ‘switch_users’) which can be granted to lower level users so they can switch accounts.”
Any ideas when you might do this?
I am currently trying to hack your code to implement this exact functionality on a WordPress MU / BuddyPress site so if you wanted to work toegether on this then drop me a mail.
Andy: I haven’t given much thought to the custom capability as I’ve not come across a need for it yet. Using a plugin such as Role Scoper or Role Manager I’m sure it would be easy to grant certain users a custom capability of ‘switch_users’. It would then simply be a case of changing the references to ‘edit_user’ in the User Switching plugin to ‘switch_users’.
Give me a shout if you have any problems and I’ll see about adding it natively to the plugin.
It would be cool if the plugin could play nice with Justin Tadlocks new capability plugin ( Members ).
Tadlocks Members plugin ( beta ) has a filter hook on the available caps (see functions-admin.php) if you want to integrate User Swithing specific capabilities.
http://justintadlock.com/archives/2009/09/07/beta-test-my-upcoming-user-role-and-content-management-plugin
http://justintadlock.com/downloads/members.zip
John: Thanks for the suggestion. The idea already crossed my mind when I read about Justin’s plugin. I’ve not had a chance to test it out yet.
The main reason I’ve not added the custom capability option to User Switching yet is that it requires a bit more thought. For example, if a lower level user has the ‘switch_users’ capability, they would need a screen in the admin area from which they could switch users from, as only Administrators by default have access to the Users menu.
In addition, should these lower level users with the switch_users capability be allowed to switch to any other account regardless of its role? Or should, for example, an Editor only be allowed to switch to other Editor accounts and lower accounts?
I’ll give it a bit more thought and see what I come up with.
It doesn’t work with wordpress 2.9 i think, when switching to another use you get taken to the login page…
Thanks Patung, I’ll look into it.
I have found this plugin to be virtually indispensable for theme development, included this plugin in my article
Hey, I guess I never got around to thanking you the fantastic bit of functionality that this plugin offers.
I use it both on regular WP installs, as well as on MU setups and it works great.
Thanks again!
0.2.2 is out:
* Respect the current ‘Remember me’ setting when switching users.
* Redirect to home page instead of admin screen if the user you’re switching to has no privileges.
very good for buddy press sites!
Any plans of incorporating an audit trail? If using the audit trail plugin, what user’s info will be trapped making the change, the admin or the user’s?
Phil: I used the Audit Trail plugin once ages ago, but not recently. It’s probably easy enough to add an audit trail item that logs when a user switches users (I’ll have a look at it at some point), but from then on any action will always be recorded as the user that has been switched to.
Thanks. Really like the work you’re doing.
Hi,
I’m having problems with you plugins. I used it in the past and it worked quite well. But these days, I am mananging a rather big site with WP 3.0, and a lot of plugins. I can switch to another user but I CANNOT SWITCH BACK to my admin status. Doesn’t work. I have to log out and relog as admin.
Any idea ?
Same problem: no way to switch back and no options “remember me” ??
OK ! Found where the option was. Sorry for the comments, you can delete them. And thanks for the plugin.
And what is that option (I have the same problem) ???
Well, when you switch to a new profile, you got the admin page with a link saying “go back to previous profile” (or something like that). I use S2member plugin that redirect the members so I could not see the link.
Two ideas for WP3.1+ features:
1) Add a “switch back” link to the admin bar
2) Have an optional setting to configure a “Become user” link in the admin bar for the site admin. That was the admin can easily switch back and forth between their administrative persona and normal user profile.
Thanks for the suggestions belg4mit. I had already implemented #1 while WordPress 3.1 was in beta, but it stopped working at some point before 3.1 was finally released. I’ll look into it and update the plugin.
John
Version 0.3.2 released.
* Fix the ‘Switch back to’ menu item in the WordPress admin bar (WordPress 3.1+).
* Fix a formatting issue on the user profile page.
Thanks a ton for this plugin, one of my clients needed this exact feature, works great!
After hearing Ozh mention the coding was clean, I read the whole script, very clean and hardly any wasted code. The only thing I wasn’t too keen on was the use of the softer ‘and’ instead of ‘&&’.. but that’s just me.
The only feature I would like to have would be the ability to switch back to the original account that has the correct caps and user_level faster. That is a real tricky proposition security-wise, but I had a few ideas that may or may not help you if you decide to try for it.
Looking at the way the cookies are created, using the username, substr of hashed pass, and time..
Backup the target accounts password, then replace with your password. That way you can generate the correct authorization cookies for any user because you know their username and password. So the only thing that changes when all users have the same password hash, is the username. Thats where if you just replaced the target users password with yours, you would always be able to gen the right hash.
Along those lines, you could create copies of the entire users and usermeta tables, and then replace all of the users password hashes to a known value. Then you could have wordpress use those temporarily by defining this:
/** CUSTOM_USER_TABLE and CUSTOM_USER_META_TABLE are used to designated that the user and usermeta tables normally utilized by WordPress are not used, instead these values/tables are used to store your user information. */
define('CUSTOM_USER_TABLE', $table_prefix . 'my_users');
define('CUSTOM_USER_META_TABLE', $table_prefix . 'my_usermeta');
At the least, you could create the cookies for each user that way, and all you need is a way to quickly switch the cookies you use. And, you are still the only one who knows your admins real credentials (as long as you don’t still send the admin cookies while logged in as another user, which they might be able to see through logs or xss), so it should prevent a backhack.
It’s an interesting excercise to think about, but oh ya I’m on the clock!
After the last update (version 0.4.1) it seems to be problems with WP 3.1.2, after switching to another user. The admin bar will not show, and link “Your name” does not open the submenu, to reveal “Your profile”.
No problems until I switch user.
Hi Knut, I’ve just tested the plugin in WordPress 3.1 and all works as expected, including the admin bar link. Remember that if you switch to another user they may not have the admin bar active (you can see their setting from the Profile screen). Remember too that the ‘My name’ link at the top right of the screen isn’t a dropdown menu in 3.1, this was only added in 3.2.
You should really update to the latest version of WordPress (3.2, and 3.3 is right around the corner) as the plugin won’t be actively supporting older versions.
Thank you for the reply and testing.
What I meant, was that I use it with WordPess 3.2.1. Sorry for the typo.
I have now found that the problem is incompatibility with another plugin, the only one I did not deacktivate while testing.
I will now dig in deeper, and find out which of the two plugins really doing something wrong, before requesting it fixed.
Again, sorry.
The thing is sorted out, and fixed. No problem at all with this excellent plugin. Tank you for your patience, and very useful plugin.
No problem Knut, glad you got it sorted.
I am not able to switch back. I can not find the switch back button. It is not in my footer.
Judd: The switch back link is shown on every screen in the admin area, and in the user profile menu in the admin toolbar. The switch back link only appears in the footer when you use the Switch Off function.
Damn that’s nice code!
Thanks for all the code comments :)
I was hired to do a security and performance audit of your plugin. Out of around 50 plugins I checked, yours comes out on top.
Thanks Ryan, that’s cool and I’m really pleased the plugin was rated so highly!
I love this plugin, but after the most recent update, the “Switch to” option has disappeared from my Buddypress members page (it’s still available from the WP dashboard, though).
Is this a bug in my installation or a planned change? I only ever used Switch to from the members page – having to go to the dashboard first, then clicking on “users”, then “switch to” is a bit of a pain.
Stephen, the latest update should have in fact fixed the bug you’ve reported. The button was intentionally removed from the members listing page due to formatting issues, but the button should still be available on individual member profile pages.
There’s a bug in BuddyPress which was causing the button to not appear, but it looks like my attempt to get around it doesn’t always work.
Ahaaa… Thanks for the reply. Actually it was the members listing page that I meant (sorry). That was the only place I used it. Unfortunately it’s not appearing on the individual members’ profile pages either.
BTW there was never any formatting issue on our listing page (using PlatformPro). Is there anyway this option can be brought back? Doing it via Dashboard>>Users is such a pain I’ve created dummy accounts with various rights levels so I can quickly log in & out to check things. Which I’d rather not do. Great work, anyway – all the praise above is due!
Is there a way to check to see if the user switching in use? I can check if the plugin is active with is_plugin_active() but I am looking to see if the current user is using the plugin.
A client is using a shopping cart and has manual checkout turned off for everyone except admin. They would like to be able to switch to a user to push an order through so they can track each users order history but still want the ability to manually checkout.
If there is a way to check if the current user has used your plugin to log in? If there is I think I can work this out.
Thanks for the plugin, it is great and an amazing time saver for testing sites.
Alex
Alex: I’m currently working on a small update to the plugin which adds a few tweaks. I’ll add something which allows you to determine if the current user has logged in normally or switched in using User Switching.
Fantastic! I have found a work around (I think) but it is not very elegant and checking the plugin would be beautiful (and much simpler).
Thanks for the fast response.
Alex
Alex: Have a look at the new
current_user_switched()
function in User Switching 0.6. It tells you whether or not the current user switched into their account.John,
That is great. Thank you so much, you are the best!
Awesome plugin. Thank you very much for releasing it!
Hi John
Tres handy plugin, however, might you be happy to add an options page that allowed us to select whether the redirect on switching back to our own user went to the same page or the users page. As we are managing over 100 users I would far prefer switchback goes to the user list as I tend to be testing users views repetitively!
Cheers :) Happy to help if nesc…
Thanks for the feedback Xavier!
Previous versions of the plugin did redirect you back to the Users screen, but myself and a few other users found that it’s more intuitive and more useful to be redirected back to the page where you switched back from. I won’t be adding an options screen for this preference because I like to keep the plugin as lightweight as possible.
One plugin which might help you is Toolbar Quick View. This gives you an admin toolbar menu which contains – among other things – a link to the Users screen. This means it’ll only be one click back to the Users screen after you’ve switched back from wherever you are on the site. Hope this helps!
John.
No worries. Do you have a link to version 0.6 for those that want it to work that way?
..or is that a really annoying question ;)
thanks again..
Hi John,
Do you have any tips on how to implement this plugin for regular admins on multi-site?
Hi Ryan,
In order to switch into another user’s account, you need the ability to edit that user. The reason for this of course is that switching into a user account gives you the ability to edit that user’s account. Therefore, the ability to switch to a user needs to mirror the ability to edit that user.
Regular Admins on multisite don’t have the ability to edit other users. This is why they can’t switch.
I’ve written some code that allows regular admins to switch users (but not switch into super admin accounts) but you should be aware that using it effectively allows regular admins to edit other users’ accounts by way of switching in to them.
Hope this helps.
John
Awesome! That sounds like exactly what I was looking to achieve :)
Hmmm, I tried the code here as a plugin, but it just served an error … https://gist.github.com/4604330
Any ideas on how I should implement it?
What was the error Ryan?
I get the following error message:
http://pastebin.com/Nexnznai
When used with this plugin, which is just copy and paste of your Gist into a plugin.
http://stuff.ryanhellyer.net/user-switching-admins-only.zip
Sounds like your “User switching for regular admins” plugin is being loaded before User Switching. I have User Switching network-activated so I don’t have that problem.
I’ve updated the Gist at https://gist.github.com/johnbillion/4604330 so it overrides the hooks on the
plugins_loaded
hook. Give it a try.Thanks for your help.
I don’t get any errors now, but it isn’t showing the “Switch to” link for the regular admins :(
I decided to try this on a brand new install and it worked fine :)
I’m not sure why the other one didn’t work.
I deactivated both plugins on the original site, then reactivated them and it worked prefectly :)
Thanks for all your help John! Much appreciated.
Interesting. I wonder if WP loads plugins in the order they were activated. I was always under the impression they were loaded in alphabetical order according to their filename, but maybe not. Glad you’ve got it sorted.
I’ve tweaked this and added it to GitHub: https://github.com/johnbillion/user-switching-for-regular-admins
Relying on plugins loading in a certain order never really works well. All I know is that it’s definitely based on the order they’re stored in the database. I assume that order is controlled by the order you activate them in, but I’m not certain.