Developer Hooks

Overview

The Login as User plugin provides several hooks (filters and actions) that allow developers to customize and extend the plugin's functionality. This documentation covers all available hooks, their parameters, and practical usage examples.

Core Plugin Filters

Redirect Control Filters

web357_login_as_user_login_redirect

Purpose: Filter the redirect URL after an administrator logs in as another user.

Parameters:

  • $redirect_to (string) - The URL to redirect to
  • $requested_redirect_to (string) - The originally requested redirect URL
  • $new_user (WP_User) - The user being logged in as

Example:

add_filter('web357_login_as_user_login_redirect', function($redirect_to, $requested_redirect_to, $new_user) {
    // Redirect customers to their account page
    if (in_array('customer', $new_user->roles)) {
        return home_url('/my-account/');
    }
    
    // Redirect editors to the posts page
    if (in_array('editor', $new_user->roles)) {
        return admin_url('edit.php');
    }
    
    return $redirect_to;
}, 10, 3);

web357_login_as_user_logout_redirect

Purpose: Filter the redirect URL after switching back to the original administrator account.

Parameters:

  • $redirect_to (string) - The URL to redirect to
  • $requested_redirect_to (string) - The originally requested redirect URL
  • $old_user (WP_User) - The original administrator user

Example:

add_filter('web357_login_as_user_logout_redirect', function($redirect_to, $requested_redirect_to, $old_user) {
    // Always redirect back to users page after switching back
    return admin_url('users.php');
}, 10, 3);

WooCommerce Integration Filters

web357_login_as_user_clear_cart_on_logout

Purpose: Control whether WooCommerce cart should be cleared during user switching operations.

Parameters:

  • $clear (boolean) - Whether to clear the cart (default: false)
  • $user_id (int) - The user ID being switched to/from
  • $current_user_id (int) - The current user ID

Example:

add_filter('web357_login_as_user_clear_cart_on_logout', function($clear, $user_id, $current_user_id) {
    // Never clear cart for VIP customers
    $user = get_userdata($user_id);
    if ($user && in_array('vip_customer', $user->roles)) {
        return false;
    }
    
    return $clear;
}, 10, 3);

web357_login_as_user_forget_wc_session

Purpose: Control whether WooCommerce session should be forgotten during user switching.

Parameters:

  • $forget (boolean) - Whether to forget the session (default: true)
  • $user_id (int) - The new user ID
  • $old_user_id (int) - The previous user ID

Example:

add_filter('web357_login_as_user_forget_wc_session', function($forget, $user_id, $old_user_id) {
    // Preserve session for testing purposes in development
    if (defined('WP_DEBUG') && WP_DEBUG) {
        return false;
    }
    
    return $forget;
}, 10, 3);

Settings and Validation Filters

validateSettings

Purpose: Filter and validate plugin settings before they are saved to the database.

Parameters:

  • $valid_fields (array) - The validated settings fields
  • $field_keys (array) - Array of field keys being validated

Example:

add_filter('validateSettings', function($valid_fields, $field_keys) {
    // Add custom validation for redirect URL
    if (isset($valid_fields['redirect_to']) && !empty($valid_fields['redirect_to'])) {
        // Ensure redirect URL doesn't contain admin paths
        if (strpos($valid_fields['redirect_to'], 'wp-admin') !== false) {
            $valid_fields['redirect_to'] = '';
            add_settings_error('login_as_user_options', 'invalid_redirect', 
                'Redirect URL cannot point to admin area.', 'error');
        }
    }
    
    return $valid_fields;
}, 10, 2);

WordPress Core Capability Filters

user_has_cap

Purpose: The plugin hooks into this WordPress core filter to dynamically grant the login_as_user capability.

Usage: This is handled internally by the plugin, but you can hook into it for custom permission logic.

map_meta_cap

Purpose: Maps the login_as_user meta capability to primitive capabilities.

Usage: Prevents users from switching to themselves by adding the do_not_allow capability.

Shortcode

[login_as_user]

Purpose: Display a login as user button anywhere on your site.

Attributes:

  • user_id (required) - The ID of the user to login as
  • redirect_to (optional) - Where to redirect after login
  • logout_redirect_url (optional) - Where to redirect after logout
  • button_name (optional) - Custom button text (supports $USER placeholder)

Examples:

<code>// Basic usage
[login_as_user user_id="123"]

// With custom redirect
[login_as_user user_id="123" redirect_to="/my-account"]

// With custom button text
[login_as_user user_id="123" button_name="Switch to $USER"]

// Complete example with all attributes
[login_as_user user_id="123" redirect_to="/my-account" logout_redirect_url="/admin-dashboard" button_name="Login as $USER"]

Integration Hooks

User Insights Plugin Integration

The plugin automatically integrates with the User Insights plugin through these filters:

  • usin_user_db_data - Adds login button to user data
  • usin_single_user_db_data - Adds login button to single user data
  • usin_fields - Configures field settings for the login button

Practical Usage Examples

Custom User Role Restrictions

// Prevent switching to users with sensitive roles
add_filter('web357_login_as_user_login_redirect', function($redirect_to, $requested_redirect_to, $new_user) {
    if (in_array('administrator', $new_user->roles)) {
        // Log the attempt
        error_log('Attempt to switch to administrator account: ' . $new_user->user_login);
        
        // Redirect to a safe page instead
        return home_url('/access-denied/');
    }
    
    return $redirect_to;
}, 10, 3);

Custom Logging

// Log all user switching activities
add_filter('web357_login_as_user_login_redirect', function($redirect_to, $requested_redirect_to, $new_user) {
    $current_user = wp_get_current_user();
    error_log(sprintf(
        'User Switch: %s (ID: %d) switched to %s (ID: %d)',
        $current_user->user_login,
        $current_user->ID,
        $new_user->user_login,
        $new_user->ID
    ));
    
    return $redirect_to;
}, 10, 3);

E-commerce Cart Preservation

// Always preserve carts for premium customers
add_filter('web357_login_as_user_clear_cart_on_logout', function($clear, $user_id, $current_user_id) {
    $user = get_userdata($user_id);
    
    // Check if user has premium membership
    if ($user && get_user_meta($user_id, 'premium_member', true)) {
        return false; // Don't clear cart
    }
    
    return $clear;
}, 10, 3);

Custom Settings Validation

// Add custom validation rules
add_filter('validateSettings', function($valid_fields, $field_keys) {
    // Validate custom redirect URLs
    if (isset($valid_fields['redirect_to'])) {
        $redirect = $valid_fields['redirect_to'];
        
        // Block redirects to external sites
        if (filter_var($redirect, FILTER_VALIDATE_URL) && 
            parse_url($redirect, PHP_URL_HOST) !== parse_url(home_url(), PHP_URL_HOST)) {
            $valid_fields['redirect_to'] = '';
            add_settings_error('login_as_user_options', 'external_redirect', 
                'External redirects are not allowed for security reasons.', 'error');
        }
    }
    
    return $valid_fields;
}, 10, 2);

Best Practices

Security Considerations

  • Always validate user permissions before allowing switches
  • Log user switching activities for audit trails
  • Be cautious with redirect URLs to prevent open redirect vulnerabilities
  • Consider rate limiting for user switching operations

Performance Tips

  • Use appropriate hook priorities to ensure proper execution order
  • Cache expensive operations when possible
  • Be mindful of database queries in hook callbacks

Compatibility

  • Test hooks with both free and pro versions of the plugin
  • Consider WooCommerce cart preservation settings when using cart-related hooks
  • Ensure compatibility with multisite installations
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us