[Depreciated] Simple viewonline.php changes I made

Post by **Dimetrodon** » Mon Dec 12, 2022 10:14 am

Replace this:

// Can this user view profiles/memberlist?
if (!$auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel'))
{
	if ($user->data['user_id'] != ANONYMOUS)
	{
		send_status_line(403, 'Forbidden');
		trigger_error('NO_VIEW_USERS');
	}

	login_box('', $user->lang['LOGIN_EXPLAIN_VIEWONLINE']);
}

With:

Code: Select all

// Can this user view profiles/memberlist? 
// Edited: Guests/bots cannot view online-list, but everyone else can. No longer permission based.

if ($user->data['user_id'] == ANONYMOUS)
	{
		login_box('', $user->lang['LOGIN_EXPLAIN_VIEWONLINE']);
	}

if ($user->data['is_bot'])
	{
		send_status_line(403, 'Forbidden');
		trigger_error('NO_VIEW_USERS');
	}

This hardcode removes the permissions basis on who can access viewonline and instead hardcodes that guests and bots cannot access it, regardless of the permission setting. I made this change to allow guests and bots to view groups and profiles in the ACP via the permissions system, while still blocking their ability to see the full who is online list.

Post by **Dimetrodon** » Sat Dec 24, 2022 11:31 pm

I'm undoing this change, as I elected to set the permissions for guests and bots back to default, where they cannot view anything in the memberlist.

The PhpBB Zone: Dimetrodon's Corner
For all things phpBB3.

[Depreciated] Simple viewonline.php changes I made

[Depreciated] Simple viewonline.php changes I made

Re: [Depreciated] Simple viewonline.php changes I made