How to create a 'Super Administrative' Password for member login site

We maintain a website built on LAMP stack that allows members to log into their profile. While we have an admin interface to handle most tasks, there are times it is 'necessary' to log in "as" the member and see what they are seeing.

We have a very secure and thorough salting and verification login process for members but my thought is the following statement is not too secure:

开发者_StackOverflow社区sql = SELECT * FROM userlogins WHERE username = :user

(run the users entered password through the salt process)
$userpasswordentered = undisclosed salt process of ($_POST['password']);

if($userpasswordentered == value retrieved from userlogins above OR $_POST['password'] == 'hardcodedpw') {

    log user in
}

Is there a real 'safe' way to create a 'super' password that would allow me to log into any user account given a valid username was given?

I would implement some sort of "user impersonation" feature. So basically, from your admin account, you can enter / search for a user ID, and then call the "log user in" code as if that user had logged in. This will log the admin user out, but they will now be impersonating the customer as requested.

Personally though, if I have a user/edit action, then the code does the following:

//check for an admin user
if ($current_user->role == 'admin')
    //admins have to specify customers to edit
    if (isset($_GET['id']))
        $user_id = $_GET['id'];
    else
        //if no customer is specified, return a 404
        http_404();
else
    //customers can only see their own details
    $user_id = $current_user->id;

//get the user details to edit
$user_to_edit = $repository->get_user($user_id);

That way, the admin user gets to stay logged in, and you get to control how much of the customer's stuff the admin user can mess with.