/**
 * Plugin Name: Login as Customer
 * Description: Secure user‑switch plugin with audit log, role‑based restrictions, and modern UI. No activation or licensing required.
 * Version: 1.0
 * Author: Recipe Codes
 * Author URI: http://recipe.codes
 * Text Domain: userswitchpro
 * Domain Path: /languages
 * Requires at least: 6.0
 * Tested up to: 6.5
 * License: GPL2
 */

declare(strict_types=1);

if ( ! defined( 'ABSPATH' ) ) {
    exit; // Exit if accessed directly.
}

// Define plugin constants.
define( 'USERSWITCH_PRO_SECURE_DIR', plugin_dir_path( __FILE__ ) );
define( 'USERSWITCH_PRO_SECURE_URL', plugin_dir_url( __FILE__ ) );

// Include security helper functions.
require_once USERSWITCH_PRO_SECURE_DIR . 'includes/security-helper.php';

/** Activation hook – create audit table. */
/** Activation hook – create audit table. */
register_activation_hook( __FILE__, 'userswitch_pro_activate' );

function userswitch_pro_activate() {
    global $wpdb;
    $table_name = $wpdb->prefix . 'userswitch_audit';
    $charset_collate = $wpdb->get_charset_collate();
    $sql = "CREATE TABLE IF NOT EXISTS {$table_name} (
        id BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,
        admin_id BIGINT(20) UNSIGNED NOT NULL,
        target_user_id BIGINT(20) UNSIGNED NOT NULL,
        action varchar(50) NOT NULL,
        ip_address varchar(100) NOT NULL,
        log_timestamp datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
        PRIMARY KEY  (id)
    ) {$charset_collate};";
    require_once ABSPATH . 'wp-admin/includes/upgrade.php';
    dbDelta( $sql );
}
?>
    global $wpdb;
    $table_name = $wpdb->prefix . 'userswitch_audit';
    $charset_collate = $wpdb->get_charset_collate();
    $sql = "CREATE TABLE IF NOT EXISTS {$table_name} (\n        id BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,\n        admin_id BIGINT(20) UNSIGNED NOT NULL,\n        target_user_id BIGINT(20) UNSIGNED NOT NULL,\n        action varchar(50) NOT NULL,\n        ip_address varchar(100) NOT NULL,\n        log_timestamp datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,\n        PRIMARY KEY  (id)\n    ) {$charset_collate};";
    require_once ABSPATH . 'wp-admin/includes/upgrade.php';
    dbDelta( $sql );
} );

/** Uninstall hook – drop audit table. */
/** Uninstall hook – drop audit table. */
register_uninstall_hook( __FILE__, 'userswitch_pro_uninstall' );

function userswitch_pro_uninstall() {
    global $wpdb;
    $table_name = $wpdb->prefix . 'userswitch_audit';
    $wpdb->query( "DROP TABLE IF EXISTS {$table_name}" );
}
?>
    global $wpdb;
    $table_name = $wpdb->prefix . 'userswitch_audit';
    $wpdb->query( "DROP TABLE IF EXISTS {$table_name}" );
} );

/** Initialise admin functionality – only for users with proper capability. */
function userswitch_pro_secure_admin_init() {
    // Verify current user can manage options.
    loginas_capability_check();

    // Enqueue admin assets when on our plugin pages.
    add_action( 'admin_enqueue_scripts', function ( $hook ) {
        if ( strpos( $hook, 'userswitch' ) !== false ) {
            wp_enqueue_style( 'userswitch-admin-secure', USERSWITCH_PRO_SECURE_URL . 'assets/css/admin-css-secure.css', [], '1.0' );
            // Select2 for searchable dropdowns.
            wp_enqueue_script( 'select2', 'https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/js/select2.min.js', ['jquery'], '4.0.13', true );
            wp_enqueue_style( 'select2-css', 'https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/css/select2.min.css', [], '4.0.13' );
        }
    } );

    // Load the settings page implementation.
    require_once USERSWITCH_PRO_SECURE_DIR . 'admin/setting.php';
    if ( class_exists( 'userswitch_admin_setting_pro' ) ) {
        new userswitch_admin_setting_pro();
    }
}
add_action( 'admin_init', 'userswitch_pro_secure_admin_init' );

/** AJAX handler for switching to another user – respects role‑based restrictions and logs the action. */
function userswitch_pro_secure_switch_user() {
    // Verify nonce.
    if ( ! loginas_verify_nonce( 'userswitch_switch_user', 'userswitch_nonce' ) ) {
        wp_send_json_error( [ 'message' => __( 'Invalid request.', 'userswitchpro' ) ] );
    }

    $user_id = isset( $_POST['user_id'] ) ? absint( $_POST['user_id'] ) : 0;
    if ( ! $user_id ) {
        wp_send_json_error( [ 'message' => __( 'No user specified.', 'userswitchpro' ) ] );
    }

    // Role‑based restriction check.
    $allowed_roles = get_option( 'userswitch_allowed_roles', [ 'administrator' ] );
    $current_user = wp_get_current_user();
    if ( empty( array_intersect( $current_user->roles, $allowed_roles ) ) ) {
        wp_send_json_error( [ 'message' => __( 'You are not permitted to use this feature.', 'userswitchpro' ) ] );
    }

    // Log the action.
    global $wpdb;
    $wpdb->insert(
        $wpdb->prefix . 'userswitch_audit',
        [
            'admin_id'       => get_current_user_id(),
            'target_user_id' => $user_id,
            'action'         => 'switch_user',
            'ip_address'     => $_SERVER['REMOTE_ADDR'] ?? 'unknown',
        ],
        [ '%d', '%d', '%s', '%s' ]
    );

    // Perform the actual switch – reuse original function if present.
    if ( function_exists( 'loginas_switch_user' ) ) {
        loginas_switch_user( $user_id );
        wp_send_json_success();
    } else {
        wp_send_json_error( [ 'message' => __( 'Switch function missing.', 'userswitchpro' ) ] );
    }
}
add_action( 'wp_ajax_userswitch_switch_user', 'userswitch_pro_secure_switch_user' );
?>
{"id":4797,"date":"2025-03-18T20:31:50","date_gmt":"2025-03-18T18:31:50","guid":{"rendered":"https:\/\/stedrinowear.com\/?post_type=product&#038;p=4797"},"modified":"2025-06-15T13:57:57","modified_gmt":"2025-06-15T11:57:57","slug":"bring-your-boord-tracksuit-boys","status":"publish","type":"product","link":"https:\/\/stedrinowear.com\/en\/bring-your-boord-tracksuit-boys\/","title":{"rendered":"\u062a\u0631\u0646\u062c BRING YOUR BOORD"},"content":{"rendered":"<p>\u0637\u0642\u0645 \u0648\u0644\u0627\u062f\u064a \u0635\u064a\u0641\u064a \u0639\u0645\u0644\u064a \u0648\u0639\u0635\u0631\u064a\u060c \u064a\u062a\u0643\u0648\u0646 \u0645\u0646 \u062a\u064a\u0634\u064a\u0631\u062a \u0642\u0637\u0646 \u0628\u0637\u0628\u0639\u0629 \u0634\u0628\u0627\u0628\u064a\u0629 \u0645\u0633\u062a\u0648\u062d\u0627\u0629 \u0645\u0646 \u0631\u064a\u0627\u0636\u0629 \u0627\u0644\u062a\u0632\u0644\u062c\u060c \u0648\u0628\u0646\u0637\u0644\u0648\u0646 \u0631\u064a\u0627\u0636\u064a \u0628\u0627\u0644\u0644\u0648\u0646 \u0627\u0644\u0643\u062d\u0644\u064a \u0628\u0631\u0628\u0627\u0637 \u062e\u0635\u0631 \u0645\u0631\u064a\u062d. \u062a\u0635\u0645\u064a\u0645 \u0645\u0631\u064a\u062d \u0648\u0645\u0646\u0627\u0633\u0628 \u0644\u0644\u062e\u0631\u0648\u062c\u0627\u062a \u0627\u0644\u064a\u0648\u0645\u064a\u0629 \u0648\u0627\u0644\u062d\u0631\u0643\u0629 \u0628\u062d\u0631\u064a\u0629.<\/p>","protected":false},"excerpt":{"rendered":"<p>\u0637\u0642\u0645 \u0648\u0644\u0627\u062f\u064a \u0635\u064a\u0641\u064a \u0639\u0645\u0644\u064a \u0648\u0639\u0635\u0631\u064a\u060c \u064a\u062a\u0643\u0648\u0646 \u0645\u0646 \u062a\u064a\u0634\u064a\u0631\u062a \u0642\u0637\u0646 \u0628\u0637\u0628\u0639\u0629 \u0634\u0628\u0627\u0628\u064a\u0629 \u0645\u0633\u062a\u0648\u062d\u0627\u0629 \u0645\u0646 \u0631\u064a\u0627\u0636\u0629 \u0627\u0644\u062a\u0632\u0644\u062c\u060c \u0648\u0628\u0646\u0637\u0644\u0648\u0646 \u0631\u064a\u0627\u0636\u064a \u0628\u0627\u0644\u0644\u0648\u0646 \u0627\u0644\u0643\u062d\u0644\u064a \u0628\u0631\u0628\u0627\u0637 \u062e\u0635\u0631 \u0645\u0631\u064a\u062d. \u062a\u0635\u0645\u064a\u0645 \u0645\u0631\u064a\u062d \u0648\u0645\u0646\u0627\u0633\u0628 \u0644\u0644\u062e\u0631\u0648\u062c\u0627\u062a \u0627\u0644\u064a\u0648\u0645\u064a\u0629 \u0648\u0627\u0644\u062d\u0631\u0643\u0629 \u0628\u062d\u0631\u064a\u0629.<\/p>","protected":false},"featured_media":4741,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"product_brand":[],"product_cat":[365,364],"product_tag":[249],"product-size":[],"class_list":["post-4797","product","type-product","status-publish","has-post-thumbnail","product_cat-boys","product_cat-home-wear","product_tag-training","first","instock","shipping-taxable","product-type-variable","has-default-attributes"],"pure_taxonomies":{"product_cat":[{"term_id":365,"name":"\u0627\u0648\u0644\u0627\u062f\u064a","slug":"boys","term_group":0,"term_taxonomy_id":365,"taxonomy":"product_cat","description":"","parent":364,"count":18,"filter":"raw","image":""},{"term_id":364,"name":"\u0644\u0628\u0633 \u0628\u064a\u062a","slug":"home-wear","term_group":0,"term_taxonomy_id":364,"taxonomy":"product_cat","description":"","parent":0,"count":48,"filter":"raw","image":""}],"product_tag":[{"term_id":249,"name":"\u062a\u0631\u064a\u0646\u0646\u062c","slug":"training","term_group":0,"term_taxonomy_id":249,"taxonomy":"product_tag","description":"","parent":0,"count":49,"filter":"raw","image":""}]},"_links":{"self":[{"href":"https:\/\/stedrinowear.com\/en\/wp-json\/wp\/v2\/product\/4797","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stedrinowear.com\/en\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/stedrinowear.com\/en\/wp-json\/wp\/v2\/types\/product"}],"replies":[{"embeddable":true,"href":"https:\/\/stedrinowear.com\/en\/wp-json\/wp\/v2\/comments?post=4797"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/stedrinowear.com\/en\/wp-json\/wp\/v2\/media\/4741"}],"wp:attachment":[{"href":"https:\/\/stedrinowear.com\/en\/wp-json\/wp\/v2\/media?parent=4797"}],"wp:term":[{"taxonomy":"product_brand","embeddable":true,"href":"https:\/\/stedrinowear.com\/en\/wp-json\/wp\/v2\/product_brand?post=4797"},{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/stedrinowear.com\/en\/wp-json\/wp\/v2\/product_cat?post=4797"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/stedrinowear.com\/en\/wp-json\/wp\/v2\/product_tag?post=4797"},{"taxonomy":"product-size","embeddable":true,"href":"https:\/\/stedrinowear.com\/en\/wp-json\/wp\/v2\/product-size?post=4797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}