[Depreciated] Simple viewonline.php changes I made
Posted: Mon Dec 12, 2022 10:14 am
Replace this:
With:
This hardcode removes the permissions basis on who can access viewonline and instead hardcodes that guests and bots cannot access it, regardless of the permission setting. I made this change to allow guests and bots to view groups and profiles in the ACP via the permissions system, while still blocking their ability to see the full who is online list.
Code: Select all
// Can this user view profiles/memberlist?
if (!$auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel'))
{
if ($user->data['user_id'] != ANONYMOUS)
{
send_status_line(403, 'Forbidden');
trigger_error('NO_VIEW_USERS');
}
login_box('', $user->lang['LOGIN_EXPLAIN_VIEWONLINE']);
}
Code: Select all
// Can this user view profiles/memberlist?
// Edited: Guests/bots cannot view online-list, but everyone else can. No longer permission based.
if ($user->data['user_id'] == ANONYMOUS)
{
login_box('', $user->lang['LOGIN_EXPLAIN_VIEWONLINE']);
}
if ($user->data['is_bot'])
{
send_status_line(403, 'Forbidden');
trigger_error('NO_VIEW_USERS');
}