Descriere
Acest modul îți permite să schimbi rapid conturile de utilizator în WordPress, cu un clic pe un buton. Vei fi autentificat și dezautentificat instantaneu ca utilizatorul pe care îl alegi. Este util pentru medii de testare, pentru a ajuta clienții de pe site-urile WooCommerce sau pentru administratorii care au nevoie să comute între mai multe conturi.
Funcționalități
- Comută utilizator: Comută instantaneu la oricare utilizator din ecranul de Utilizatori.
- Comută înapoi: Comută instantaneu înapoi la contul tău originar.
- Comutare oprită: Deautentificare din contul tău dar reține abilitatea de a comuta din nou instantaneu înapoi.
- Compatible with Multisite, WooCommerce, BuddyPress, and bbPress.
- Compatible with most membership and user management plugins.
- Compatible with most two-factor authentication solutions (see the FAQ for more info).
- Approved for use on enterprise-grade WordPress platforms such as Altis and WordPress VIP.
Note: User Switching supports versions of WordPress up to three years old, and PHP version 7.4 or higher.
Securitate
- Doar utilizatorii cu abilitatea de a edita alți utilizatori pot să comute între conturi. Implicit, aceștia sunt doar administratori pe instalările cu un singur site și super-administratori de pe instalările multi-site.
- Parolele nu sunt (și nu pot fi) devoalate.
- Folosește sistemul de autentificare cu cookie al WordPress când reține contul(urile) de unde ai comutat când comută înapoi.
- Implementează sistemul de securitate cu cod de unică folosință (nonce) în WordPress, însemnând că doar aceia care intenționează să comute utilizatorul pot comuta.
- Full support for user session validation where appropriate.
- Full support for HTTPS.
- Backed by the Patchstack Vulnerability Disclosure Program
Utilizare
- Vizitează meniul Utilizatoridin WordPress și vei vedea legătura Comută la în lista de acțiuni pentru fiecare utilizator.
- Clic aici și vei fi imediat comutat în contul acelui utilizator.
- Poți comuta înapoi la contul tău originar via legătura Comută înapoi pe fiecare ecran al panoului de control sau în meniul tău de profil din bara de unelte WordPress.
Vezi Întrebări/Răspunsuri pentru informații despre facilitatea de Comutare oprită.
Other Plugins
I maintain several other plugins for developers. Check them out:
- Query Monitor is the developer tools panel for WordPress
- WP Crontrol lets you view and control what’s happening in the WP-Cron system
Declarație de confidențialitate
User Switching makes use of browser cookies in order to allow users to switch to another account. Its cookies operate using the same mechanism as the authentication cookies in WordPress core, which means their values contain the user’s user_login
field in plain text which should be treated as potentially personally identifiable information (PII) for privacy and regulatory reasons (GDPR, CCPA, etc). The names of the cookies are:
wordpress_user_sw_{COOKIEHASH}
wordpress_user_sw_secure_{COOKIEHASH}
wordpress_user_sw_olduser_{COOKIEHASH}
User Switching does not send data to any third party, nor does it include any third party resources, nor will it ever do so.
See also the FAQ for some questions relating to privacy and safety when switching between users.
Accessibility Statement
User Switching aims to be fully accessible to all of its users. It implements best practices for web accessibility, outputs semantic and structured markup, adheres to the default styles and accessibility guidelines of WordPress, uses the accessibility APIs provided by WordPress and web browsers where appropriate, and is fully accessible via keyboard.
User Switching should adhere to Web Content Accessibility Guidelines (WCAG) 2.0 at level AA when used with a recent version of WordPress where its admin area itself adheres to these guidelines. If you’ve experienced or identified an accessibility issue in User Switching, please open a thread in the User Switching plugin support forum and I’ll address it swiftly.
Capturi ecran
Întrebări frecvente
-
Does this plugin work with PHP 8?
-
Yes, it’s actively tested and working up to PHP 8.3.
-
Ce înseamnă „Comutare oprită”?
-
Oprirea comutării te deautentifică din contul tău dar reține ID-ul tău de utilizator într-un cookie de autentificare pentru a putea comuta imediat înapoi fără să trebuiască să te autentifici din nou. E asemănător cu comutarea la niciun utilizator, iar apoi să poți comuta înapoi.
The Switch Off link can be found in your profile menu in the WordPress toolbar. Once you’ve switched off you’ll see a Switch back link in a few places:
- In the footer of your site
- On the Log In screen
- In the „Meta” widget
-
Poate lucra acest modul cu instalări WordPress multi-site?
-
Da, iar tu vei fi de asemenea capabil să comuți utilizatorii din ecranul Utilizatori din Administrare rețea.
-
Does this plugin work with WooCommerce?
-
Yes, and you’ll also be able to switch users from various WooCommerce administration screens while logged in as a Shop Manager or an administrative user.
-
Poate lucra acest modul cuBuddyPress?
-
Da, iar tu vei fi de de asemenea capabil să comuți utilizatorii din ecranele de profil membru și din cel cu lista membrilor.
-
Poate lucra acest modul cu bbPress?
-
Da, iar tu vei putea de asemenea să comuți utilizatorii din ecranele de profil membru.
-
Acest modul funcționează dacă site-ul meu folosește un modul de autentificare în doi-factori?
-
Da, cel mult.
O excepție de care sunt conștient este Duo Security. Dacă folosești acest modul, ar trebui să instalezi modulul suplimentar User Switching pentru Duo Security care va împiedica autentificarea cu doi-factori să apară la comutarea între utilizatori.
-
Ce capabilitate trebuie să aibă un utilizator pentru a putea comuta între conturi?
-
Un utilizator are nevoie de capabilitatea
edit_users
pentru a putea comuta între conturi de utilizatori. Implicit doar administratorii au această capabilitate, iar cu validarea modului multi-site doar super administratorii o au.Specifically, a user needs the ability to edit the target user in order to switch to them. This means if you have custom user capability mapping in place which uses the
edit_users
oredit_user
capabilities to affect ability of users to edit others, then User Switching should respect that. -
Pot administratorii obișnuiți să comute conturile în instalările multi-site?
-
Nu. Asta poate fi validată prin instalarea modulului Comutarea utilizatorilor pentru administratori obișnuiți.
-
Can the ability to switch accounts be granted to other users or roles?
-
Yes. The
switch_users
meta capability can be explicitly granted to a user or a role to allow them to switch users regardless of whether or not they have theedit_users
capability. For practical purposes, the user or role will also need thelist_users
capability so they can access the Users menu in the WordPress admin area.add_filter( 'user_has_cap', function( $allcaps, $caps, $args, $user ) { if ( 'switch_to_user' === $args[0] ) { if ( my_condition( $user ) ) { $allcaps['switch_users'] = true; } } return $allcaps; }, 9, 4 );
Note that this needs to happen before User Switching’s own capability filtering, hence the priority of
9
. -
Can the ability to switch accounts be denied from users?
-
Yes. User capabilities in WordPress can be set to
false
to deny them from a user. Denying theswitch_users
capability prevents the user from switching users, even if they have theedit_users
capability.add_filter( 'user_has_cap', function( $allcaps, $caps, $args, $user ) { if ( 'switch_to_user' === $args[0] ) { if ( my_condition( $user ) ) { $allcaps['switch_users'] = false; } } return $allcaps; }, 9, 4 );
Notes:
- This needs to happen before User Switching’s own capability filtering, hence the priority of
9
. - The ID of the target user can be found in
$args[2]
.
- This needs to happen before User Switching’s own capability filtering, hence the priority of
-
Can I add a custom „Switch To” link to my own plugin or theme?
-
Yes. Use the
user_switching::maybe_switch_url()
method for this. It takes care of authentication and returns a nonce-protected URL for the current user to switch into the provided user account.if ( method_exists( 'user_switching', 'maybe_switch_url' ) ) { $url = user_switching::maybe_switch_url( $target_user ); if ( $url ) { printf( '<a href="%1$s">Switch to %2$s</a>', esc_url( $url ), esc_html( $target_user->display_name ) ); } }
If you want to specify the URL that the user gets redirected to after switching, add a
redirect_to
parameter to the URL like so:if ( method_exists( 'user_switching', 'maybe_switch_url' ) ) { $url = user_switching::maybe_switch_url( $target_user ); if ( $url ) { // Redirect to the home page after switching: $redirect_to = home_url(); printf( '<a href="%1$s">Switch to %2$s</a>', esc_url( add_query_arg( 'redirect_to', rawurlencode( $redirect_to ), $url ) ), esc_html( $target_user->display_name ) ); } }
The above code also works for displaying a link to switch back to the original user, but if you want an explicit link for this you can use the following code:
if ( method_exists( 'user_switching', 'get_old_user' ) ) { $old_user = user_switching::get_old_user(); if ( $old_user ) { printf( '<a href="%1$s">Switch back to %2$s</a>', esc_url( user_switching::switch_back_url( $old_user ) ), esc_html( $old_user->display_name ) ); } }
-
Can I determine whether the current user switched into their account?
-
Yes. Use the
current_user_switched()
function for this. If the current user switched into their account from another then it returns aWP_User
object for their originating user, otherwise it returns false.if ( function_exists( 'current_user_switched' ) ) { $switched_user = current_user_switched(); if ( $switched_user ) { // User is logged in and has switched into their account. // $switched_user is the WP_User object for their originating user. } }
-
Can I log each time a user switches to another account?
-
You can install an audit trail plugin such as Simple History, WP Activity Log, or Stream, all of which have built-in support for User Switching and all of which log an entry when a user switches into another account.
-
Does this plugin allow a user to frame another user for an action?
-
Potentially yes, but User Switching includes some safety protections for this and there are further precautions you can take as a site administrator:
- You can install an audit trail plugin such as Simple History, WP Activity Log, or Stream, all of which have built-in support for User Switching and all of which log an entry when a user switches into another account.
- User Switching stores the ID of the originating user in the new WordPress user session for the user they switch to. Although this session does not persist by default when they subsequently switch back, there will be a record of this ID if your database server has query logging enabled.
- User Switching stores the login name of the originating user in an authentication cookie (see the Privacy Statement for more information). If your server access logs store cookie data, there will be a record of this login name (along with the IP address) for each access request.
- User Switching triggers an action when a user switches account, switches off, or switches back (see below). You can use these actions to perform additional logging for safety purposes depending on your requirements.
One or more of the above should allow you to correlate an action with the originating user when a user switches account, should you need to.
Bear in mind that even without the User Switching plugin in use, any user who has the ability to edit another user can still frame another user for an action by, for example, changing their password and manually logging into that account. If you are concerned about users abusing others, you should take great care when granting users administrative rights.
-
Pot comuta utilizatorii direct din bara de instrumente de administrare?
-
Da, există un modul terț suplimentar pentru asta: Admin Bar User Switching.
-
Sunt apelate orice acțiuni ale modulului când utilizatorul comută între conturi?
-
Yes. When a user switches to another account, the
switch_to_user
hook is called:/** * Fires when a user switches to another user account. * * @since 0.6.0 * @since 1.4.0 The `$new_token` and `$old_token` parameters were added. * * @param int $user_id The ID of the user being switched to. * @param int $old_user_id The ID of the user being switched from. * @param string $new_token The token of the session of the user being switched to. Can be an empty string * or a token for a session that may or may not still be valid. * @param string $old_token The token of the session of the user being switched from. */ do_action( 'switch_to_user', $user_id, $old_user_id, $new_token, $old_token );
When a user switches back to their originating account, the
switch_back_user
hook is called:/** * Fires when a user switches back to their originating account. * * @since 0.6.0 * @since 1.4.0 The `$new_token` and `$old_token` parameters were added. * * @param int $user_id The ID of the user being switched back to. * @param int|false $old_user_id The ID of the user being switched from, or false if the user is switching back * after having been switched off. * @param string $new_token The token of the session of the user being switched to. Can be an empty string * or a token for a session that may or may not still be valid. * @param string $old_token The token of the session of the user being switched from. */ do_action( 'switch_back_user', $user_id, $old_user_id, $new_token, $old_token );
When a user switches off, the
switch_off_user
hook is called:/** * Fires when a user switches off. * * @since 0.6.0 * @since 1.4.0 The `$old_token` parameter was added. * * @param int $old_user_id The ID of the user switching off. * @param string $old_token The token of the session of the user switching off. */ do_action( 'switch_off_user', $old_user_id, $old_token );
When a user switches to another account, switches off, or switches back, the
user_switching_redirect_to
filter is applied to the location that they get redirected to:/** * Filters the redirect location after a user switches to another account or switches off. * * @since 1.7.0 * * @param string $redirect_to The target redirect location, or an empty string if none is specified. * @param string|null $redirect_type The redirect type, see the `user_switching::REDIRECT_*` constants. * @param WP_User|null $new_user The user being switched to, or null if there is none. * @param WP_User|null $old_user The user being switched from, or null if there is none. */ return apply_filters( 'user_switching_redirect_to', $redirect_to, $redirect_type, $new_user, $old_user );
In addition, User Switching respects the following filters from WordPress core when appropriate:
login_redirect
when switching to another user.logout_redirect
when switching off.
-
How can I report a security bug?
-
You can report security bugs through the official User Switching Vulnerability Disclosure Program on Patchstack. The Patchstack team helps validate, triage, and handle any security vulnerabilities.
-
Do you accept donations?
-
I am accepting sponsorships via the GitHub Sponsors program and any support you can give will help me maintain this plugin and keep it free for everyone.
Recenzii
Contributori și dezvoltatori
„Comutare utilizatori” este un software open-source. La acest modul au contribuit următoarele persoane.
Contributori„Comutare utilizatori” a fost tradus în 48 de locale. Mulțumim traducătorilor pentru contribuția lor.
Tradu „Comutare utilizatori” în limba ta.
Te interesează dezvoltarea?
Răsfoiește codul, vezi depozitarul SVN, sau abonează-te la jurnalul de dezvoltare prin RSS.
Istoric modificări
1.8.0 (22 July 2024)
- Adds a ‘Switch back’ link to some access denied messages within the admin area.
- Confirms support for WordPress 6.6.
1.7.3 (21 February 2024)
- Confirm support for PHP 8.3
- Fix compatibility with BuddyPress version 12
- Add configuration for the Live Preview feature on wordpress.org
1.7.2 (16 November 2023)
- Confirm support for WordPress 6.4
- Reinstate the missing plugin readme file
1.7.1 (16 November 2023)
- Fix the redirect type parameter passed to the
user_switching_redirect_to
filter - Increase the minimum supported version of PHP to 7.4
1.7.0 (30 July 2022)
- Redirect to the current post, term, user, or comment being edited when switching off
- Clean up some user-facing messages
- Apply basic styling to the Switch Back link that appears in the footer
- Use a better placement for the Switch To menu on bbPress profiles
- Use a more appropriate HTTP response code if switching off fails
- Exclude
.editorconfig
from dist ZIP
1.6.0 (24 June 2022)
- Add a ‘Switch To’ link to the order screen in WooCommerce
- Add a ‘Switch back’ link to the My Account screen and the login screen in WooCommerce
1.5.8 (2 October 2021)
- Avoid a fatal if the
interim-login
query parameter is present on a page other than wp-login.php.
1.5.7 (12 May 2021)
- Fix some issues that could lead to PHP errors given a malformed cookie.
- Fix documentation.
1.5.6 (18 September 2020)
- Add a class to the table row on the user edit screen.
- Updated docs.
1.5.5 (22 June 2020)
- Added the
user_switching_in_footer
filter to disable output in footer on front end. - Documentation additions and improvements.
1.5.4 (7 February 2020)
- Fix a cookie issue caused by Jetpack 8.1.1 which prevented switching back to the original user.
1.5.3 (5 November 2019)
- Remove usage of a method that’s been deprecated in WordPress 5.3
1.5.2 (16 August 2019)
- Set the correct
lang
attribute on User Switching’s admin notice. - Move the WooCommerce session forgetting to an action callback so it can be unhooked if necessary.
1.5.1 (16 June 2019)
- Add appropriate HTTP response codes to the error states.
- Display User Switching’s messages in the original user’s locale.
- Increase the priority of the hook that sets up the cookie constants. See #40.
- Don’t attempt to output the ‘Switch To’ link on author archives when the queried object isn’t a user. See #39.
1.5.0 (23 March 2019)
- Add support for forgetting WooCommerce sessions when switching between users. Requires WooCommerce 3.6+.
Earlier versions
For the changelog of earlier versions, please refer to the releases page on GitHub.