The PhpBB Zone: Dimetrodon's Corner

For all things phpBB3.
https://thephpbbzone.pktriot.net/

[Depreciated] Simple viewonline.php changes I made

https://thephpbbzone.pktriot.net/viewtopic.php?t=36

Page 1 of 1

[Depreciated] Simple viewonline.php changes I made

Posted: Mon Dec 12, 2022 10:14 am
by Dimetrodon
Replace this:

Code: Select all

// Can this user view profiles/memberlist?
if (!$auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel'))
{
	if ($user->data['user_id'] != ANONYMOUS)
	{
		send_status_line(403, 'Forbidden');
		trigger_error('NO_VIEW_USERS');
	}

	login_box('', $user->lang['LOGIN_EXPLAIN_VIEWONLINE']);
}
With:

Code: Select all

// Can this user view profiles/memberlist? 
// Edited: Guests/bots cannot view online-list, but everyone else can. No longer permission based.

if ($user->data['user_id'] == ANONYMOUS)
	{
		login_box('', $user->lang['LOGIN_EXPLAIN_VIEWONLINE']);
	}

if ($user->data['is_bot'])
	{
		send_status_line(403, 'Forbidden');
		trigger_error('NO_VIEW_USERS');
	}
This hardcode removes the permissions basis on who can access viewonline and instead hardcodes that guests and bots cannot access it, regardless of the permission setting. I made this change to allow guests and bots to view groups and profiles in the ACP via the permissions system, while still blocking their ability to see the full who is online list.

Re: [Depreciated] Simple viewonline.php changes I made

Posted: Sat Dec 24, 2022 11:31 pm
by Dimetrodon
I'm undoing this change, as I elected to set the permissions for guests and bots back to default, where they cannot view anything in the memberlist.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited