Blog Documentation Try Vanilla Cloud
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Who's Online

This discussion is related to the Who's Online addon.
1235

Comments

  • MinisweeperMinisweeper New
    Try a 'u' instead of the 'i'
  • circuitcircuit
    perfect. thank you.
  • circuitcircuit
    ooh, another idea:

    say the timeout is set at 15 mins. it'd be nice to be able to style the users active within the last minute as one colour (let's say black), within 5 dark grey, 10 mid grey, and so on.

    when ordered correctly, the username would fade away!

    i haven't got the skills for this but if anyone can teach me i'll try it out! :)


    edit: and maybe it'll work via ajax eh? ;P
  • blizeHblizeH ✭✭
    Wouldn't using Ajax add unnecessary strain to the server?
  • circuitcircuit
    it's just a 'what if', i wasn't entirely serious, hence the liil' wink at the end.
  • StashStash
    You could do it without AJAX, just by wrapping older names in a class (eg. new, old, older) and then adding a little CSS.
  • circuitcircuit
    yeah, that's that i thought, i'm not sure i have the skills to do it but it would be cool.
    (sorry, the ajax suggestion was a separate thing and i might have confused the issue a little.)
  • nknk
    Props to Mr Do, thanks for the updated version.
  • skubeskube
    Is there an easy way to change the order? (i.e. Order by most recently online instead of listing by User ID)
  • LoOkOuTLoOkOuT
    Any update on this airlock? I'm having issues with this putting a strain on our server; any chance we could have a look at your version?
  • skubeskube
    Is there an easy way to count the number of users currently online?
  • klipklip New
    I'd like to use this add-on (my users request this function), but the latest version from Mr Do gives me 404 and airlock silents.

    Any news, please?
  • SlashedZeroSlashedZero
    I, too, would like to know if an official update could be made. I'm a bit lost with all of the hacks above :/
  • brandoncbrandonc
    two things.

    first, there's a fairly serious sql-injection problem with some of the queries in this extension. the contents of the IpHistoryID cookie are not being escaped before being used in a database query.

    here's a quick-fix diff: 

    --- WhosOnline-2007-03-14/WhosOnline/default.php    2007-03-14 16:58:58.000000000 -0700
    +++ WhosOnline-2007-03-14-fixed/WhosOnline/default.php  2008-04-09 09:04:34.000000000 -0700


         if (isset($_COOKIE['IpHistoryID'])) {
           $s->SetMainTable("IpHistory", "i");
    -      $s->AddWhere("i", "IpHistoryID", "", $_COOKIE['IpHistoryID'], "=");
    +      $s->AddWhere("i", "IpHistoryID", "", FormatStringForDatabaseInput($_COOKIE['IpHistoryID']), "=");
           $this->Context->Database->Delete($s, $this->Name, "UpdateDateLastActive", "An error occurred while deleting guest pr
    ofile");
           setcookie('IpHistoryID', '', time() - 3600);
         }

           $s->Clear();
           $s->SetMainTable("IpHistory", "i");
           $s->AddFieldNameValue("DateLogged", "now()", 0);
    -      $s->AddWhere("i", "IpHistoryID", "", $_COOKIE['IpHistoryID'], "=");
    +      $s->AddWhere("i", "IpHistoryID", "", FormatStringForDatabaseInput($_COOKIE['IpHistoryID']), "=");
           $result = $this->Context->Database->Update($s, $this->Name, "UpdateGuestLastActive", "An error occurred while loggin
    g user data.");
         } else {
           $my_ip = GetRemoteIp(1);

    second, if you want to order by date last active (most recently active at the top), add the line: 

        $s->AddOrderBy("DateLastActive", "u", "desc");
    after the AddWhere statement on line 31.
  • WandererWanderer
    What's this line all about... ???

  • MinisweeperMinisweeper New
    That's part of the diff output. It means at line 120 take out the next 7 lines and replace them with the new 7.
  • HamedHamed
    and what happens when you do that?
  • MinisweeperMinisweeper New
    It solves the possible SQL injection stuff he was talking about.
  • blizeHblizeH ✭✭
    Many thanks for the neat changes; just tried it though and got this:
    Parse error: parse error, unexpected '-', expecting T_VARIABLE or '$' in /hsphere/local/home/z3std3si/zestdesign.net/_msc/php/extensions/WhosOnline/default.php on line 119
    Which bits exactly did I have to copy, and to where? I copied all of the above code to line 120 but didn't have much luck unfortunately ^

    Cheers
  • timfiretimfire
    blizeH,

    If I understood brandonc correctly, you really only have to change these two lines:
    old:[line 105] $s->AddWhere("i", "IpHistoryID", "", $_COOKIE['IpHistoryID'], "="); [line 123] $s->AddWhere("i", "IpHistoryID", "", $_COOKIE['IpHistoryID'], "=");
    new:[line 105] $s->AddWhere("i", "IpHistoryID", "", FormatStringForDatabaseInput($_COOKIE['IpHistoryID']), "="); [line 123] $s->AddWhere("i", "IpHistoryID", "", FormatStringForDatabaseInput($_COOKIE['IpHistoryID']), "=");
Sign In or Register to comment.