yes thats the big bug i am also looking the answer from developers.
Yes. I wish I had enough confidence to delve in with this issue myself. It seems it is going to be a simple fix:
display stats = no
is user logged in?
is user forum role not blocked?
display stats = yes
if display stats = yes
show stats
That would be the simplest solution.
The drawback with the user statistics plugin is that if a user is not logged in they can see the usernames of all logged in people for last 24 hours.
are you sure that this is not a ‘caching’ problem? either on server or your pc ?
does it just disappear after 24 hours and exactly 24 hours?
I am very sure! Easy to test too. Started Firefox and initiated a private browser. Navigated to my site (where no user is logged in), clicked on the forum (where I have 1 pubic forum with FAQ info) and the stats show.
Look at the function build_html():
// Actually build all of this HTML
function build_html() {
$this->sort_users();
$data = $this->stats_builder();
$HTMLOutput = "";
//if (is_user_logged_in()) {
foreach( $data as $key => $html ) {
$HTMLOutput .= "<div class='bbpas-" . $key . "' id='bbpas-" . $key . "'>" . $html . "</div>";
}
//}
return $HTMLOutput;
}
It calls sort_users(); That in turn does a select query to get a list of active users:
private function sort_users() {
// Set the active users
$this->_activeUsers = $this->get_ActiveUsers();
// Work out the longest time possible for a user to be classed as active
$active_timeframe = strtotime( $this->_sqlTime ) - ( $this->parent->option['user_inactivity_time'] * 60 );
At no point can I see anywhere that it checks to see if the active user is logged in and not blogged in the forum. It should be doing these tests because it should not be exposing user names.
You can see it with my site if you use private mode.
This has to be fixable and I don’t understand why it was never implemented in the first place really. I just don’t know how to do it.
Notice this code is actually commented out?
//if (is_user_logged_in()) {
That must have been done for a reason.
since the plugin is not being maintained, suggest you just edit that file to take out the comment out !!
so change
//if (is_user_logged_in()) {
foreach( $data as $key => $html ) {
$HTMLOutput .= "<div class='bbpas-" . $key . "' id='bbpas-" . $key . "'>" . $html . "</div>";
}
//}
to
if (is_user_logged_in()) {
foreach( $data as $key => $html ) {
$HTMLOutput .= "<div class='bbpas-" . $key . "' id='bbpas-" . $key . "'>" . $html . "</div>";
}
}
I confirm that that works. No if no one is logged in it will not show the user statistics.
The only outstanding issue IMHO is that we should somehow test if the user is not “blocked” because I don’t think a blocked user should have the right to see the stats or any log activity.
How do we test if the user is “blocked”?
add an additional if statement
if ( is_bbpress() && ! current_user_can( 'spectate' ) )
if they can’t spectate then they are blocked
Thanks, so something like this:
// Actually build all of this HTML
function build_html() {
$this->sort_users();
$data = $this->stats_builder();
$HTMLOutput = "";
if (is_user_logged_in()) {
if ( is_bbpress() && current_user_can( 'spectate' ) ) {
foreach( $data as $key => $html ) {
$HTMLOutput .= "<div class='bbpas-" . $key . "' id='bbpas-" . $key . "'>" . $html . "</div>";
}
}
}
return $HTMLOutput;
}
Yes?
Thanks. 🙂
Why can’t those changes be put into the official plugin and it be reactivated in the plugin directory?
if you can find someone who is willing to clone the plugin, learn how to upload, maintain and then answer the support forum questions for free, then no reason why it should not be made live again.
I can’t help because I am not in a position to offer support. Not enough knowledge. Be like in a rowing boat without a paddle!
yes its work fine now thanks.
This definitely works, thanks for the useful info.
first, i try this will not work but then i read again and put this code again its works fine thanks.
i try on my cricket website its work fine.
Because I am a complete stranger to PHP and will certainly not have the foolhardiness to open and write any PGP file (I even do not know which file is concerned here)… is this topic above meanwhile solved in the plugin itself?
which plugin are we talking about ?
I think he is on about the statistics one where you showed me the needed code changes and said someone clone the plugin.
I never saw which plugin that was – you posted a function from it, so I never needed to see what it was called 🙂
ah thanks – so not available for download, but presume you have a copy ?
