How to login as any user in Drupal site?

October 19, 2013 | 5 Comments | Submitted by sivaji

It is no surprise that production sites at times may work differently from dev / stage due to various factors. And in such circumstances, there is a need to login as real site user to be able to reproduce the issue. Of course it is not easy to fix a bug unless it is really reproduced by developer.

In one of my recent works, I found a simple trick using Drush to get access to real user account without distrubing his/her account credentials like login name, email, password, or similar.

The trick I used counts on drush user-login command, alias uli (which I learned from my earlier blog post's comments).

Assume sivaji (login name) is a real user in your Drupal site, and you are really in need to get access to this user account, then issue the below command,

$ drush uli sivaji

The output of the command will be a link, which you need to open in browser to get access of mentioned user account. The sample URL could be as below,

http://example.com/user/reset/135/1382091955/aINSi4tQ5XOSiYNE8JIc0qqIiIVhxngQuUr5P-2Negw/login

Make sure you are opening as anoymous user. If you are in multisite environment, the above command may not work, check Using Drush to administer multisite for the same.

Check out help for more advanced usage, as the above command can work with uid and email as well.

$ drush help uli
Display a one time login link for the given user account (defaults to uid 1).

Examples:
 drush user-login ryan node/add/blog       Displays and opens default web browser (if configured or detected) for a one-time login link for the user with the username ryan and 
                                           redirect to the path node/add/blog.                                                                                                  
 drush user-login --browser=firefox        Open firefox web browser, login as the user with the e-mail address drush@example.org and redirect to the path                       
 --mail=drush@example.org                  admin/settings/performance.                                                                                                          
 admin/settings/performance                                                                                                                                                     

Arguments:
 user                                      An optional uid, user name, or email address for the user to log in as. Default is to log in as uid 1. The uid/name/mail options take 
                                           priority if specified.                                                                                                                
 path                                      Optional path to redirect to after logging in.                                                                                        

Options:
 --browser                                 Optional value denotes which browser to use (defaults to operating system default). Set to 0 to suppress opening a browser. 
 --mail                                    A user mail address to log in as.                                                                                           
 --name                                    A user name to log in as.                                                                                                   
 --uid                                     A uid to log in as.                                                                                                         

Aliases: uli

Of course there is a flip side here! This resets the last login time :(

If this is not expected for your site's requirements, be prepared to workaround or refrain from using this trick.

Hope this helps. Happy Drupal hacking!

Comments

5 Comments

I like using the masquerade or devel modules to switch users but these should be avoided on production sites if possible so this is a nice alternative.

Masquerade is great for this. The only thing is to keep an eye on your sessions table. It can cause it to grow rather quickly.

sivaji's picture

Agreed. Masquerade and Devel modules are cool! But their default settings are not sane for production sites. Better not to have them in production sites for many obvious reasons.

Nice technique; I prefer session hacking which also helps when getting back into drupal-locked sites (especially when using alternate authentication methods). The approach can also be used to get in as any user. Log out; look at the sessions table, then log back in as user 1 or any account ID you do know. When it shows up in the sessions database table, modify the uid column associated with your session to be the uid you want. Refresh and you're in.

I use this often times when inheriting sites where people don't know the user login / email was from a past employee. In those situations (Where you are completely locked out) I just wipe the sessions table and login / create an account as a lesser user, then do the steps above to get in so I can recover things. Drush command line is certainly more elegant but that way but requires that be installed too which isn't always in the projects I get "gifted" :).

sivaji's picture

Sounds good. Session table hack is cool as well. Haven't tried that yet, but will certainly try when the need comes. Thanks for the tip!