Permalink
Browse files

Fix who is online access not it will check chamilo settings

api_get_setting('showonline', 'world')
api_get_setting('showonline', 'users')
api_get_setting('showonline', 'course')
  • Loading branch information...
jmontoyaa committed May 31, 2018
1 parent 95433c0 commit d400657bfa7ca08ca7a26abb73f607244cc48e73
Showing with 56 additions and 45 deletions.
  1. +5 −1 main/inc/ajax/online.ajax.php
  2. +20 −9 main/inc/lib/banner.lib.php
  3. +31 −35 whoisonline.php
@@ -12,11 +12,15 @@
echo returnNotificationMenu();
break;
case 'load_online_user':
$access = accessToWhoIsOnline();
if (!$access) {
exit;
}
$images_to_show = MAX_ONLINE_USERS;
$page = intval($_REQUEST['online_page_nr']);
$max_page = ceil(who_is_online_count() / $images_to_show);
$page_rows = ($page - 1) * MAX_ONLINE_USERS;
if (!empty($max_page) && $page <= $max_page) {
if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
$user_list = who_is_online_in_this_course(
@@ -200,6 +200,25 @@ function return_logo($theme = '')
);
}
/**
* Check if user have access to "who is online" page
* @return bool
*/
function accessToWhoIsOnline()
{
$user_id = api_get_user_id();
$course_id = api_get_course_int_id();
$access = false;
if ((api_get_setting('showonline', 'world') == 'true' && !$user_id) ||
(api_get_setting('showonline', 'users') == 'true' && $user_id) ||
(api_get_setting('showonline', 'course') == 'true' && $user_id && $course_id)
) {
$access = true;
}
return $access;
}
/**
* Return HTML string of a list as <li> items.
*
@@ -208,19 +227,11 @@ function return_logo($theme = '')
function returnNotificationMenu()
{
$courseInfo = api_get_course_info();
$course_id = 0;
if (!empty($courseInfo)) {
$course_id = $courseInfo['code'];
}
$user_id = api_get_user_id();
$sessionId = api_get_session_id();
$html = '';
if ((api_get_setting('showonline', 'world') == 'true' && !$user_id) ||
(api_get_setting('showonline', 'users') == 'true' && $user_id) ||
(api_get_setting('showonline', 'course') == 'true' && $user_id && $course_id)
) {
if (accessToWhoIsOnline()) {
$number = getOnlineUsersCount();
$number_online_in_course = getOnlineUsersInCourseCount($user_id, $courseInfo);
@@ -8,7 +8,6 @@
$cidReset = true;
}
// including necessary files
require_once './main/inc/global.inc.php';
if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
@@ -20,48 +19,45 @@
$whoisonline_list = '';
$social_search = '';
$userId = api_get_user_id();
$access = accessToWhoIsOnline();
// This if statement prevents users accessing the who's online feature when it has been disabled.
if ((api_get_setting('showonline', 'world') == 'true' && !$userId) ||
((api_get_setting('showonline', 'users') == 'true' ||
api_get_setting('showonline', 'course') == 'true') && $userId)
) {
if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
$user_list = who_is_online_in_this_course(
0,
MAX_ONLINE_USERS,
api_get_user_id(),
api_get_setting('time_limit_whosonline'),
$_GET['cidReq']
);
} else {
$user_list = who_is_online(0, MAX_ONLINE_USERS);
}
if (!$access) {
api_not_allowed(true);
}
if ($user_list) {
if (!isset($_GET['id'])) {
if (api_get_setting('allow_social_tool') == 'true') {
if (!api_is_anonymous()) {
$query = isset($_GET['q']) ? $_GET['q'] : null;
$social_search = UserManager::get_search_form($query);
}
if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
$user_list = who_is_online_in_this_course(
0,
MAX_ONLINE_USERS,
api_get_user_id(),
api_get_setting('time_limit_whosonline'),
$_GET['cidReq']
);
} else {
$user_list = who_is_online(0, MAX_ONLINE_USERS);
}
if ($user_list) {
if (!isset($_GET['id'])) {
if (api_get_setting('allow_social_tool') == 'true') {
if (!api_is_anonymous()) {
$query = isset($_GET['q']) ? $_GET['q'] : null;
$social_search = UserManager::get_search_form($query);
}
$social_right_content .= SocialManager::display_user_list($user_list);
}
$social_right_content .= SocialManager::display_user_list($user_list);
}
}
$whoisonline_list .= SocialManager::display_user_list($user_list);
$whoisonline_list .= SocialManager::display_user_list($user_list);
if (isset($_GET['id'])) {
if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
exit;
} else {
$social_right_content .= SocialManager::display_individual_user($_GET['id']);
}
if (isset($_GET['id'])) {
if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
exit;
} else {
$social_right_content .= SocialManager::display_individual_user($_GET['id']);
}
} else {
api_not_allowed(true);
}
$tpl = new Template(get_lang('UsersOnLineList'));

1 comment on commit d400657

@ywarnier

This comment has been minimized.

Copy link
Member

ywarnier commented on d400657 May 31, 2018

👍

Please sign in to comment.