Fix who is online access not it will check chamilo settings

api_get_setting('showonline', 'world') api_get_setting('showonline', 'users') api_get_setting('showonline', 'course')
8 years ago · d400657bfa
parent 95433c05f3
commit d400657bfa
3 changed files with 56 additions and 45 deletions
--- a/main/inc/ajax/online.ajax.php
+++ b/main/inc/ajax/online.ajax.php
@ -12,11 +12,15 @@ switch ($action) {
        echo returnNotificationMenu();
        break;
    case 'load_online_user':
+        $access = accessToWhoIsOnline();
+
+        if (!$access) {
+            exit;
+        }
        $images_to_show = MAX_ONLINE_USERS;
        $page = intval($_REQUEST['online_page_nr']);
        $max_page = ceil(who_is_online_count() / $images_to_show);
        $page_rows = ($page - 1) * MAX_ONLINE_USERS;
-
        if (!empty($max_page) && $page <= $max_page) {
            if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
                $user_list = who_is_online_in_this_course(
--- a/main/inc/lib/banner.lib.php
+++ b/main/inc/lib/banner.lib.php
@ -200,6 +200,25 @@ function return_logo($theme = '')
    );
 }

+/**
+ * Check if user have access to "who is online" page
+ * @return bool
+ */
+function accessToWhoIsOnline()
+{
+    $user_id = api_get_user_id();
+    $course_id = api_get_course_int_id();
+    $access = false;
+    if ((api_get_setting('showonline', 'world') == 'true' && !$user_id) ||
+        (api_get_setting('showonline', 'users') == 'true' && $user_id) ||
+        (api_get_setting('showonline', 'course') == 'true' && $user_id && $course_id)
+    ) {
+        $access = true;
+    }
+
+    return $access;
+}
+
 /**
 * Return HTML string of a list as <li> items.
 *
@ -208,19 +227,11 @@ function return_logo($theme = '')
 function returnNotificationMenu()
 {
    $courseInfo = api_get_course_info();
-    $course_id = 0;
-    if (!empty($courseInfo)) {
-        $course_id = $courseInfo['code'];
-    }
-
    $user_id = api_get_user_id();
    $sessionId = api_get_session_id();
    $html = '';

-    if ((api_get_setting('showonline', 'world') == 'true' && !$user_id) ||
-        (api_get_setting('showonline', 'users') == 'true' && $user_id) ||
-        (api_get_setting('showonline', 'course') == 'true' && $user_id && $course_id)
-    ) {
+    if (accessToWhoIsOnline()) {
        $number = getOnlineUsersCount();
        $number_online_in_course = getOnlineUsersInCourseCount($user_id, $courseInfo);

--- a/whoisonline.php
+++ b/whoisonline.php
@ -8,7 +8,6 @@ if (!isset($_GET['cidReq'])) {
    $cidReset = true;
 }

-// including necessary files
 require_once './main/inc/global.inc.php';

 if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
@ -20,48 +19,45 @@ $social_right_content = '';
 $whoisonline_list = '';
 $social_search = '';
 $userId = api_get_user_id();
+$access = accessToWhoIsOnline();

-// This if statement prevents users accessing the who's online feature when it has been disabled.
-if ((api_get_setting('showonline', 'world') == 'true' && !$userId) ||
-    ((api_get_setting('showonline', 'users') == 'true' ||
-        api_get_setting('showonline', 'course') == 'true') && $userId)
-) {
-    if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
-        $user_list = who_is_online_in_this_course(
-            0,
-            MAX_ONLINE_USERS,
-            api_get_user_id(),
-            api_get_setting('time_limit_whosonline'),
-            $_GET['cidReq']
-        );
-    } else {
-        $user_list = who_is_online(0, MAX_ONLINE_USERS);
-    }
+if (!$access) {
+    api_not_allowed(true);
+}

-    if ($user_list) {
-        if (!isset($_GET['id'])) {
-            if (api_get_setting('allow_social_tool') == 'true') {
-                if (!api_is_anonymous()) {
-                    $query = isset($_GET['q']) ? $_GET['q'] : null;
-                    $social_search = UserManager::get_search_form($query);
-                }
+if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
+    $user_list = who_is_online_in_this_course(
+        0,
+        MAX_ONLINE_USERS,
+        api_get_user_id(),
+        api_get_setting('time_limit_whosonline'),
+        $_GET['cidReq']
+    );
+} else {
+    $user_list = who_is_online(0, MAX_ONLINE_USERS);
+}
+
+if ($user_list) {
+    if (!isset($_GET['id'])) {
+        if (api_get_setting('allow_social_tool') == 'true') {
+            if (!api_is_anonymous()) {
+                $query = isset($_GET['q']) ? $_GET['q'] : null;
+                $social_search = UserManager::get_search_form($query);
            }
-            $social_right_content .= SocialManager::display_user_list($user_list);
        }
+        $social_right_content .= SocialManager::display_user_list($user_list);
    }
+}

-    $whoisonline_list .= SocialManager::display_user_list($user_list);
+$whoisonline_list .= SocialManager::display_user_list($user_list);

-    if (isset($_GET['id'])) {
-        if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
-            header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
-            exit;
-        } else {
-            $social_right_content .= SocialManager::display_individual_user($_GET['id']);
-        }
+if (isset($_GET['id'])) {
+    if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
+        header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
+        exit;
+    } else {
+        $social_right_content .= SocialManager::display_individual_user($_GET['id']);
    }
-} else {
-    api_not_allowed(true);
 }

 $tpl = new Template(get_lang('UsersOnLineList'));