Drupal 7 makes it harder to mess with sessions.uid in order to hack into a site. Let's make a drush command which basically does:

drush php-eval "echo user_pass_reset_url(user_load(1));"

Note that this will not actually reset the uid 1 password as long as you don't specify a new password in the user form, and the uid will never know someone logged in as uid 1.

CommentFileSizeAuthor
#2 942642_1_drush_uli.patch2.12 KBscor

Comments

greg.1.anderson’s picture

greg.1.anderson commented

I'm confused. You're calling user_pass_reset_url, but you don't want to reset the password? Is user_load(1) all you really want? Are you looking for drush --uid=1 (supported)?

scor’s picture

scor commented
Status: Active » Needs review
StatusFileSize
new 942642_1_drush_uli.patch2.12 KB

introducing drush user-login - alias drush uli which default to displaying a link for login in as uid 1.

scor’s picture

scor commented

I don't want to reset the password, I just want a URL so I can log into the site without creating an account, hacking the user table. I might have no account on the site and I might never want to have an account on the site.

The name user_pass_reset_url() is kind of misleading, it does not in fact reset the password, it allows you to reset the password if you like, by logging in and filling the new password in the form. Not something you would do in the context of drush user-login.

moshe weitzman’s picture

moshe weitzman commented

See #837058: Login-link, a command to generate a one-time use login-link from Drush. I declined this command earlier but it makes sense now that we have user commands. Also, this patch is briefer. Perhaps review whats there and lets proceed with our best effort.

scor’s picture

scor commented
Title: Add command allowing to log in as uid 1 » Add command allowing to impersonate

It's kind of like the masquerade module except that you don't want to install a new module, nor have the need to be a registered user on the site. My use case is where I maintain a site and I don't want to go through the whole login process etc.

scor’s picture

scor commented
Title: Add command allowing to impersonate » Add command allowing to impersonate as any user

didn't finish to rename this issue to something more generic.

scor’s picture

scor commented

agree with Moshe re best effort. No need to try to fix the uri issue here, people can set it via drushrc, or worst case they can just use the relevant portion of the one time login link. not a big deal.

greg.1.anderson’s picture

greg.1.anderson commented

Now I see what you're getting at. Haven't tried it out, but the code looks good. I agree that just ignoring the base url issue is the best. I like #2 better than #837058: Login-link, a command to generate a one-time use login-link from Drush without reservation.

moshe weitzman’s picture

moshe weitzman commented
Status: Needs review » Fixed

committed with one more example. nice work.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.