rock.ru/forum
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1259469303b1f39ec4d2a2a5e2d70e5b5eddd61c
forum/Sources/Who.php

367 lines
14 KiB
PHP
Raw Blame History

<?php
/******************************************************************************
* Who.php *
*******************************************************************************
* SMF: Simple Machines Forum *
* Open-Source Project Inspired by Zef Hemel (zef@zefhemel.com) *
* =========================================================================== *
* Software Version: SMF 1.0 *
* Software by: Simple Machines (http://www.simplemachines.org) *
* Copyright 2001-2004 by: Lewis Media (http://www.lewismedia.com) *
* Support, News, Updates at: http://www.simplemachines.org *
*******************************************************************************
* This program is free software; you may redistribute it and/or modify it *
* under the terms of the provided license as published by Lewis Media. *
* *
* This program is distributed in the hope that it is and will be useful, *
* but WITHOUT ANY WARRANTIES; without even any implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
* *
* See the "license.txt" file for details of the Simple Machines license. *
* The latest version can always be found at http://www.simplemachines.org. *
******************************************************************************/
if (!defined('SMF'))
die('Hacking attempt...');
/* This file is mainly concerned, or that is to say only concerned, with the
Who's Online list. It contains only the following function:
void Who()
- prepares the who's online data for the Who template.
- uses the Who template (main sub template.) and language file.
- requires the who_view permission.
- is enabled with the who_enabled setting.
- is accessed via ?action=who.
Adding actions to the Who's Online list:
---------------------------------------------------------------------------
Adding actions to this list is actually relatively easy....
- for actions anyone should be able to see, just add a string named
whoall_ACTION. (where ACTION is the action used in index.php.)
- for actions that have a subaction which should be represented
differently, use whoall_ACTION_SUBACTION.
- for actions that include a topic, and should be restricted, use
whotopic_ACTION.
- for actions that use a message, by msg or quote, use whopost_ACTION.
- for administrator-only actions, use whoadmin_ACTION.
- for actions that should be viewable only with certain permissions,
use whoallow_ACTION and add a list of possible permissions to the
$allowedActions array, using ACTION as the key.
*/
// Who's online, and what are they doing?
function Who()
{
global $db_prefix, $context, $scripturl, $user_info, $txt, $modSettings, $ID_MEMBER, $themeUser;
// Permissions, permissions, permissions.
isAllowedTo('who_view');
// You can't do anything if this is off.
if (empty($modSettings['who_enabled']))
fatal_lang_error('who_off', false);
// Load both the 'Who' language file and template.
loadTemplate('Who');
loadLanguage('Who');
// Actions that require a specific permission level.
$allowedActions = array(
'admin' => array('moderate_forum', 'manage_membergroups', 'manage_bans', 'admin_forum', 'manage_permissions', 'send_mail', 'manage_attachments', 'manage_smileys', 'manage_boards', 'edit_news'),
'ban' => array('manage_bans'),
'boardrecount' => array('admin_forum'),
'calendar' => array('calendar_view'),
'editnews' => array('edit_news'),
'mailing' => array('send_mail'),
'maintain' => array('admin_forum'),
'manageattachments' => array('manage_attachments'),
'manageboards' => array('manage_boards'),
'mlist' => array('view_mlist'),
'optimizetables' => array('admin_forum'),
'repairboards' => array('admin_forum'),
'search' => array('search_posts'),
'search2' => array('search_posts'),
'sendtopic' => array('send_topic'),
'setcensor' => array('moderate_forum'),
'setreserve' => array('moderate_forum'),
'stats' => array('view_stats'),
'viewErrorLog' => array('admin_forum'),
'viewmembers' => array('moderate_forum'),
);
// Setup the linktree and page title.
$context['page_title'] = $txt['who_title'];
$context['linktree'][] = array(
'url' => $scripturl . '?action=who',
'name' => $txt['who_title']
);
// Load up the guest user.
$themeUser[0] = array(
'id' => 0,
'name' => $txt[28],
'group' => $txt[28],
'href' => '',
'link' => $txt[28],
'email' => $txt[28],
'is_guest' => true
);
// These are done to later query these in large chunks. (instead of one by one.)
$topic_ids = array();
$profile_ids = array();
$board_ids = array();
// Sort out... the column sorting.
$sort_methods = array(
'user' => 'mem.realName',
'time' => 'lo.logTime'
);
// By default order by last time online.
if (!isset($_REQUEST['sort']) || !isset($sort_methods[$_REQUEST['sort']]))
{
$context['sort_by'] = 'time';
$_REQUEST['sort'] = 'lo.logTime';
}
// Otherwise default to ascending.
else
{
$context['sort_by'] = $_REQUEST['sort'];
$_REQUEST['sort'] = $sort_methods[$_REQUEST['sort']];
}
$context['sort_direction'] = isset($_REQUEST['asc']) ? 'up' : 'down';
// Get the total amount of members online.
$request = db_query("
SELECT COUNT(lo.ID_MEMBER)
FROM {$db_prefix}log_online AS lo
LEFT JOIN {$db_prefix}members AS mem ON (lo.ID_MEMBER = mem.ID_MEMBER)" . (!allowedTo('moderate_forum') ? "
WHERE IFNULL(mem.showOnline, 1) = 1" : ''), __FILE__, __LINE__);
list ($totalMembers) = mysql_fetch_row($request);
mysql_free_result($request);
// Prepare some page index variables.
$context['start'] = $_REQUEST['start'];
$context['page_index'] = constructPageIndex($scripturl . '?action=who;sort=' . $context['sort_by'] . (isset($_REQUEST['asc']) ? ';asc' : ''), $context['start'], $totalMembers, $modSettings['defaultMaxMembers']);
// Look for people online, provided they don't mind if you see they are.
$request = db_query("
SELECT
UNIX_TIMESTAMP(lo.logTime) AS logTime, lo.ID_MEMBER, INET_NTOA(lo.ip) AS ip, lo.url,
mem.realName, IFNULL(mem.showOnline, 1) AS showOnline, lo.session, mg.onlineColor
FROM {$db_prefix}log_online AS lo
LEFT JOIN {$db_prefix}members AS mem ON (lo.ID_MEMBER = mem.ID_MEMBER)
LEFT JOIN {$db_prefix}membergroups AS mg ON (mg.ID_GROUP = IF(mem.ID_GROUP = 0, mem.ID_POST_GROUP, mem.ID_GROUP))" . (!allowedTo('moderate_forum') ? "
WHERE IFNULL(mem.showOnline, 1) = 1" : '') . "
ORDER BY $_REQUEST[sort] " . (isset($_REQUEST['asc']) ? 'ASC' : 'DESC') . "
LIMIT $context[start], $modSettings[defaultMaxMembers]", __FILE__, __LINE__);
$context['members'] = array();
$member_ids = array();
while ($row = mysql_fetch_assoc($request))
{
// Get the request parameters..
$actions = @unserialize($row['url']);
if ($actions === false)
continue;
// By default, anyone can view this topic.
$can_view = true;
// Find out what topic they are accessing.
if (isset($actions['topic']))
$topic = (int) $actions['topic'];
elseif (isset($actions['from']))
$topic = (int) $actions['from'];
else
$topic = 0;
// Find out what message they are accessing.
if (isset($actions['msg']))
$msgid = (int) $actions['msg'];
elseif (isset($actions['quote']))
$msgid = (int) $actions['quote'];
else
$msgid = 0;
// Check if there was no action or the action is display.
if (!isset($actions['action']) || $actions['action'] == 'display')
{
// It's a topic! Must be!
if (isset($actions['topic']))
{
// Assume they can't view it, and queue it up for later.
$action = $txt['who_hidden'];
$topic_ids[$topic][] = array($row['session'], $txt['who_topic']);
}
// It's a board!
elseif (isset($actions['board']))
{
// Hide first, show later.
$action = $txt['who_hidden'];
$board_ids[$actions['board']][] = array($row['session'], $txt['who_board']);
}
// It's the board index!! It must be!
else
$action = $txt['who_index'];
}
// Probably an error or some goon?
elseif ($actions['action'] == '')
$action = $txt['who_index'];
// Some other normal action...?
else
{
// Viewing/editing a profile.
if ($actions['action'] == 'profile' || $actions['action'] == 'profile2')
{
// Whose? Their own?
if (empty($actions['u']))
$actions['u'] = $row['ID_MEMBER'];
$action = $txt['who_hidden'];
$profile_ids[(int) $actions['u']][] = array($row['session'], $actions['action'] == 'profile' ? $txt['who_viewprofile'] : $txt['who_profile']);
}
elseif (($actions['action'] == 'post' || $actions['action'] == 'post2') && empty($actions['topic']) && isset($actions['board']))
{
$action = $txt['who_hidden'];
$board_ids[(int) $actions['board']][] = array($row['session'], isset($actions['poll']) ? $txt['who_poll'] : $txt['who_post']);
}
// A subaction anyone can view... if the language string is there, show it.
elseif (isset($actions['sa']) && isset($txt['whoall_' . $actions['action'] . '_' . $actions['sa']]))
$action = $txt['whoall_' . $actions['action'] . '_' . $actions['sa']];
// An action any old fellow can look at. (if ['whoall_' . $action] exists, we know everyone can see it.)
elseif (isset($txt['whoall_' . $actions['action']]))
$action = $txt['whoall_' . $actions['action']];
// Viewable if and only if they can see the board...
elseif (isset($txt['whotopic_' . $actions['action']]))
{
$action = $txt['who_hidden'];
$topic_ids[$topic][] = array($row['session'], $txt['whotopic_' . $actions['action']]);
}
elseif (isset($txt['whopost_' . $actions['action']]))
{
$result = db_query("
SELECT m.ID_TOPIC, m.subject
FROM {$db_prefix}boards AS b, {$db_prefix}messages AS m
WHERE $user_info[query_see_board]
AND m.ID_MSG = $msgid
AND m.ID_BOARD = b.ID_BOARD
LIMIT 1", __FILE__, __LINE__);
list ($ID_TOPIC, $subject) = mysql_fetch_row($result);
$action = sprintf($txt['whopost_' . $actions['action']], $ID_TOPIC, $subject);
mysql_free_result($result);
$can_view = !empty($ID_TOPIC);
}
// Viewable only by administrators.. (if it starts with whoadmin, it's admin only!)
elseif (allowedTo('moderate_forum') && isset($txt['whoadmin_' . $actions['action']]))
$action = $txt['whoadmin_' . $actions['action']];
// Viewable by permission level.
elseif (isset($allowedActions[$actions['action']]))
{
$action = $txt['whoallow_' . $actions['action']];
$can_view = allowedTo($allowedActions[$actions['action']]);
}
// Unlisted or unknown action.
else
$action = $txt['who_unknown'];
}
// Send the information to the template.
$context['members'][$row['session']] = array(
'id' => $row['ID_MEMBER'],
'ip' => allowedTo('moderate_forum') ? $row['ip'] : '',
// It is *going* to be today, so why keep that information in there?
'time' => strtr(timeformat($row['logTime']), array($txt['smf10'] => '')),
'timestamp' => $row['logTime'],
'action' => $can_view || allowedTo('moderate_forum') ? $action : $txt['who_hidden'],
'query' => $actions,
'is_hidden' => $row['showOnline'] == 0,
'color' => empty($row['onlineColor']) ? '' : $row['onlineColor']
);
$member_ids[$row['session']] = $row['ID_MEMBER'];
}
mysql_free_result($request);
// Load the user data for these members.
loadMemberData($member_ids);
// Load topic names.
if (!empty($topic_ids))
{
$result = db_query("
SELECT t.ID_TOPIC, m.subject
FROM {$db_prefix}boards AS b, {$db_prefix}topics AS t, {$db_prefix}messages AS m
WHERE $user_info[query_see_board]
AND t.ID_TOPIC IN (" . implode(', ', array_keys($topic_ids)) . ")
AND t.ID_BOARD = b.ID_BOARD
AND m.ID_MSG = t.ID_FIRST_MSG
LIMIT " . count($topic_ids), __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
// Show the topic's subject for each of the actions.
foreach ($topic_ids[$row['ID_TOPIC']] as $session_text) {
$context['members'][$session_text[0]]['action'] = sprintf($session_text[1], $row['ID_TOPIC'], censorText($row['subject']));
}
}
mysql_free_result($result);
}
// Load board names.
if (!empty($board_ids))
{
$result = db_query("
SELECT b.ID_BOARD, b.name
FROM {$db_prefix}boards AS b
WHERE $user_info[query_see_board]
AND b.ID_BOARD IN (" . implode(', ', array_keys($board_ids)) . ")
LIMIT " . count($board_ids), __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
// Put the board name into the string for each member...
foreach ($board_ids[$row['ID_BOARD']] as $session_text)
$context['members'][$session_text[0]]['action'] = sprintf($session_text[1], $row['ID_BOARD'], $row['name']);
}
mysql_free_result($result);
}
// Load member names for the profile.
if (!empty($profile_ids))
{
$result = db_query("
SELECT ID_MEMBER, realName
FROM {$db_prefix}members
WHERE ID_MEMBER IN (" . implode(', ', array_keys($profile_ids)) . ")
LIMIT " . count($profile_ids), __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
// If they aren't allowed to view this person's profile, skip it.
if (!allowedTo('profile_view_any') && ($ID_MEMBER != $row['ID_MEMBER'] || !allowedTo('profile_view_own')))
continue;
// Set their action on each - session/text to sprintf.
foreach ($profile_ids[$row['ID_MEMBER']] as $session_text)
$context['members'][$session_text[0]]['action'] = sprintf($session_text[1], $row['ID_MEMBER'], $row['realName']);
}
mysql_free_result($result);
}
// Put it in the context variables.
foreach ($context['members'] as $i => $member)
{
if ($member['id'] != 0)
$member['id'] = loadMemberContext($member['id']) ? $member['id'] : 0;
// Keep the IP that came from the database.
$themeUser[$member['id']]['ip'] = $member['ip'];
$context['members'][$i] += $themeUser[$member['id']];
}
// Some people can't send personal messages...
$context['can_send_pm'] = allowedTo('pm_send');
}
?>
Reference in New Issue View Git Blame Copy Permalink