Skip to:
Content
Pages
Categories
Search
Top
Bottom

User Statistics

  • @ajtruckle

    Participant

    I know I asked about this before and the decision was to pull the plugin off line. But this is not a solution for me.

    The drawback with the user statistics plugin is that if a user is not logged in they can see the usernames of all logged in people for last 24 hours. The can’t view their profiles though. None-the-less, a non logged in user should not see the user statistics.

    I don’t know how to fix this plugin to rectify that. I need a resolution or an alternative plugin that works and is not commercial.

    Thanks.

Viewing 25 replies - 1 through 25 (of 52 total)
  • @jurry66

    Participant

    yes thats the big bug i am also looking the answer from developers.

    @ajtruckle

    Participant

    Yes. I wish I had enough confidence to delve in with this issue myself. It seems it is going to be a simple fix:

    display stats = no
    is user logged in?
      is user forum role not blocked?
        display stats = yes
    
    if display stats = yes
      show stats

    That would be the simplest solution.

    @robin-w

    Moderator

    The drawback with the user statistics plugin is that if a user is not logged in they can see the usernames of all logged in people for last 24 hours.

    are you sure that this is not a ‘caching’ problem? either on server or your pc ?

    does it just disappear after 24 hours and exactly 24 hours?

    @ajtruckle

    Participant

    I am very sure! Easy to test too. Started Firefox and initiated a private browser. Navigated to my site (where no user is logged in), clicked on the forum (where I have 1 pubic forum with FAQ info) and the stats show.

    @ajtruckle

    Participant

    Look at the function build_html():

            // Actually build all of this HTML
            function build_html() {
                
                $this->sort_users();
                $data = $this->stats_builder();
                $HTMLOutput = "";
                
    			//if (is_user_logged_in())  {
    
    				foreach( $data as $key => $html ) {
    				   $HTMLOutput .= "<div class='bbpas-" . $key . "' id='bbpas-" . $key . "'>" . $html . "</div>";
    				}
                //}
    			
                return $HTMLOutput;
            }

    It calls sort_users(); That in turn does a select query to get a list of active users:

            private function sort_users() {            
                
                // Set the active users
                $this->_activeUsers = $this->get_ActiveUsers();
                
                // Work out the longest time possible for a user to be classed as active
                $active_timeframe = strtotime( $this->_sqlTime ) - ( $this->parent->option['user_inactivity_time'] * 60 );

    At no point can I see anywhere that it checks to see if the active user is logged in and not blogged in the forum. It should be doing these tests because it should not be exposing user names.

    You can see it with my site if you use private mode.

    This has to be fixable and I don’t understand why it was never implemented in the first place really. I just don’t know how to do it.

    @ajtruckle

    Participant

    Notice this code is actually commented out?

    //if (is_user_logged_in()) {

    That must have been done for a reason.

    @robin-w

    Moderator

    since the plugin is not being maintained, suggest you just edit that file to take out the comment out !!

    so change

    //if (is_user_logged_in())  {
    
    				foreach( $data as $key => $html ) {
    				   $HTMLOutput .= "<div class='bbpas-" . $key . "' id='bbpas-" . $key . "'>" . $html . "</div>";
    				}
                //}

    to

    if (is_user_logged_in())  {
    
    				foreach( $data as $key => $html ) {
    				   $HTMLOutput .= "<div class='bbpas-" . $key . "' id='bbpas-" . $key . "'>" . $html . "</div>";
    				}
                }

    @ajtruckle

    Participant

    I confirm that that works. No if no one is logged in it will not show the user statistics.

    The only outstanding issue IMHO is that we should somehow test if the user is not “blocked” because I don’t think a blocked user should have the right to see the stats or any log activity.

    How do we test if the user is “blocked”?

    @robin-w

    Moderator

    add an additional if statement

    if ( is_bbpress() && ! current_user_can( 'spectate' ) )

    if they can’t spectate then they are blocked

    @ajtruckle

    Participant

    Thanks, so something like this:

    // Actually build all of this HTML
    function build_html() {
        
        $this->sort_users();
        $data = $this->stats_builder();
        $HTMLOutput = "";
        
    	if (is_user_logged_in())  {
    		if ( is_bbpress() && current_user_can( 'spectate' ) ) {
    			foreach( $data as $key => $html ) {
    			   $HTMLOutput .= "<div class='bbpas-" . $key . "' id='bbpas-" . $key . "'>" . $html . "</div>";
    			}
    		}
        }
    	
        return $HTMLOutput;
    }

    Yes?

    @robin-w

    Moderator

    that should do it

    @ajtruckle

    Participant

    Thanks. 🙂

    Why can’t those changes be put into the official plugin and it be reactivated in the plugin directory?

    @robin-w

    Moderator

    if you can find someone who is willing to clone the plugin, learn how to upload, maintain and then answer the support forum questions for free, then no reason why it should not be made live again.

    @ajtruckle

    Participant

    I can’t help because I am not in a position to offer support. Not enough knowledge. Be like in a rowing boat without a paddle!

    @robin-w

    Moderator

    🙂

    @fikadeg517

    Participant

    yes its work fine now thanks.

    @spencer987

    Participant

    This definitely works, thanks for the useful info.

    @xirife4479

    Participant

    first, i try this will not work but then i read again and put this code again its works fine thanks.

    @legete5123

    Participant

    i try on my cricket website its work fine.

    @gunivortus

    Participant

    Because I am a complete stranger to PHP and will certainly not have the foolhardiness to open and write any PGP file (I even do not know which file is concerned here)… is this topic above meanwhile solved in the plugin itself?

    @robin-w

    Moderator

    which plugin are we talking about ?

    @ajtruckle

    Participant

    I think he is on about the statistics one where you showed me the needed code changes and said someone clone the plugin.

    @robin-w

    Moderator

    I never saw which plugin that was – you posted a function from it, so I never needed to see what it was called 🙂

    @ajtruckle

    Participant

    @robin-w

    Moderator

    ah thanks – so not available for download, but presume you have a copy ?

Viewing 25 replies - 1 through 25 (of 52 total)
  • You must be logged in to reply to this topic.
Skip to toolbar