Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Who's Online

This discussion is related to the Who's Online addon.


  • Try a 'u' instead of the 'i'
  • perfect. thank you.
  • ooh, another idea:

    say the timeout is set at 15 mins. it'd be nice to be able to style the users active within the last minute as one colour (let's say black), within 5 dark grey, 10 mid grey, and so on.

    when ordered correctly, the username would fade away!

    i haven't got the skills for this but if anyone can teach me i'll try it out! :)

    edit: and maybe it'll work via ajax eh? ;P
  • Wouldn't using Ajax add unnecessary strain to the server?
  • it's just a 'what if', i wasn't entirely serious, hence the liil' wink at the end.
  • You could do it without AJAX, just by wrapping older names in a class (eg. new, old, older) and then adding a little CSS.
  • yeah, that's that i thought, i'm not sure i have the skills to do it but it would be cool.
    (sorry, the ajax suggestion was a separate thing and i might have confused the issue a little.)
  • Props to Mr Do, thanks for the updated version.
  • Is there an easy way to change the order? (i.e. Order by most recently online instead of listing by User ID)
  • Any update on this airlock? I'm having issues with this putting a strain on our server; any chance we could have a look at your version?
  • Is there an easy way to count the number of users currently online?
  • I'd like to use this add-on (my users request this function), but the latest version from Mr Do gives me 404 and airlock silents.

    Any news, please?
  • I, too, would like to know if an official update could be made. I'm a bit lost with all of the hacks above :/
  • two things.

    first, there's a fairly serious sql-injection problem with some of the queries in this extension. the contents of the IpHistoryID cookie are not being escaped before being used in a database query.

    here's a quick-fix diff:

    --- WhosOnline-2007-03-14/WhosOnline/default.php 2007-03-14 16:58:58.000000000 -0700
    +++ WhosOnline-2007-03-14-fixed/WhosOnline/default.php 2008-04-09 09:04:34.000000000 -0700

    if (isset($_COOKIE['IpHistoryID'])) {
    $s->SetMainTable("IpHistory", "i");
    - $s->AddWhere("i", "IpHistoryID", "", $_COOKIE['IpHistoryID'], "=");
    + $s->AddWhere("i", "IpHistoryID", "", FormatStringForDatabaseInput($_COOKIE['IpHistoryID']), "=");
    $this->Context->Database->Delete($s, $this->Name, "UpdateDateLastActive", "An error occurred while deleting guest pr
    setcookie('IpHistoryID', '', time() - 3600);

    $s->SetMainTable("IpHistory", "i");
    $s->AddFieldNameValue("DateLogged", "now()", 0);
    - $s->AddWhere("i", "IpHistoryID", "", $_COOKIE['IpHistoryID'], "=");
    + $s->AddWhere("i", "IpHistoryID", "", FormatStringForDatabaseInput($_COOKIE['IpHistoryID']), "=");
    $result = $this->Context->Database->Update($s, $this->Name, "UpdateGuestLastActive", "An error occurred while loggin
    g user data.");
    } else {
    $my_ip = GetRemoteIp(1);

    second, if you want to order by date last active (most recently active at the top), add the line:

    $s->AddOrderBy("DateLastActive", "u", "desc");
    after the AddWhere statement on line 31.
  • What's this line all about... ???

  • That's part of the diff output. It means at line 120 take out the next 7 lines and replace them with the new 7.
  • and what happens when you do that?
  • It solves the possible SQL injection stuff he was talking about.
  • Many thanks for the neat changes; just tried it though and got this:
    Parse error: parse error, unexpected '-', expecting T_VARIABLE or '$' in /hsphere/local/home/z3std3si/ on line 119
    Which bits exactly did I have to copy, and to where? I copied all of the above code to line 120 but didn't have much luck unfortunately ^

  • blizeH,

    If I understood brandonc correctly, you really only have to change these two lines:
    old:[line 105] $s->AddWhere("i", "IpHistoryID", "", $_COOKIE['IpHistoryID'], "="); [line 123] $s->AddWhere("i", "IpHistoryID", "", $_COOKIE['IpHistoryID'], "=");
    new:[line 105] $s->AddWhere("i", "IpHistoryID", "", FormatStringForDatabaseInput($_COOKIE['IpHistoryID']), "="); [line 123] $s->AddWhere("i", "IpHistoryID", "", FormatStringForDatabaseInput($_COOKIE['IpHistoryID']), "=");
Sign In or Register to comment.