Disable referer validation on install if it is not possible to determine correct...
[phpbb.git] / phpBB / viewonline.php
1 <?php
2 /**
4 * @package phpBB3
5 * @version $Id$
6 * @copyright (c) 2005 phpBB Group
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
9 */
11 /**
12 * @ignore
14 define('IN_PHPBB', true);
15 if (!defined('PHPBB_ROOT_PATH')) define('PHPBB_ROOT_PATH', './');
16 if (!defined('PHP_EXT')) define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1));
17 include(PHPBB_ROOT_PATH . 'common.' . PHP_EXT);
19 // Start session management
20 $user->session_begin();
21 $auth->acl($user->data);
22 $user->setup('memberlist');
24 // Get and set some variables
25 $mode = request_var('mode', '');
26 $session_id = request_var('s', '');
27 $start = request_var('start', 0);
28 $sort_key = request_var('sk', 'b');
29 $sort_dir = request_var('sd', 'd');
30 $show_guests= ($config['load_online_guests']) ? request_var('sg', 0) : 0;
32 // Can this user view profiles/memberlist?
33 if (!$auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel'))
35 if ($user->data['user_id'] != ANONYMOUS)
37 trigger_error('NO_VIEW_USERS');
40 login_box('', $user->lang['LOGIN_EXPLAIN_VIEWONLINE']);
43 $sort_key_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_JOINED'], 'c' => $user->lang['SORT_LOCATION']);
44 $sort_key_sql = array('a' => 'u.username_clean', 'b' => 's.session_time', 'c' => 's.session_page');
46 // Sorting and order
47 if (!isset($sort_key_text[$sort_key]))
49 $sort_key = 'b';
52 $order_by = $sort_key_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
54 // Whois requested
55 if ($mode == 'whois' && $auth->acl_get('a_') && $session_id)
57 include(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT);
59 $sql = 'SELECT u.user_id, u.username, u.user_type, s.session_ip
60 FROM ' . USERS_TABLE . ' u, ' . SESSIONS_TABLE . " s
61 WHERE s.session_id = '" . $db->sql_escape($session_id) . "'
62 AND u.user_id = s.session_user_id";
63 $result = $db->sql_query($sql);
65 if ($row = $db->sql_fetchrow($result))
67 $template->assign_var('WHOIS', user_ipwhois($row['session_ip']));
69 $db->sql_freeresult($result);
71 // Output the page
72 page_header($user->lang['WHO_IS_ONLINE']);
74 $template->set_filenames(array(
75 'body' => 'viewonline_whois.html')
77 make_jumpbox(append_sid('viewforum'));
79 page_footer();
82 // Forum info
83 $sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
85 ORDER BY left_id ASC';
86 $result = $db->sql_query($sql, 600);
88 $forum_data = array();
89 while ($row = $db->sql_fetchrow($result))
91 $forum_data[$row['forum_id']] = $row;
93 $db->sql_freeresult($result);
95 $guest_counter = 0;
97 // Get number of online guests (if we do not display them)
98 if (!$show_guests)
100 if ($db->count_distinct)
102 $sql = 'SELECT COUNT(DISTINCT session_ip) as num_guests
104 WHERE session_user_id = ' . ANONYMOUS . '
105 AND session_time >= ' . (time() - ($config['load_online_time'] * 60));
107 else
109 $sql = 'SELECT COUNT(session_ip) as num_guests
110 FROM (
111 SELECT DISTINCT session_ip
113 WHERE session_user_id = ' . ANONYMOUS . '
114 AND session_time >= ' . (time() - ($config['load_online_time'] * 60)) .
115 ')';
116 break;
118 $result = $db->sql_query($sql);
119 $guest_counter = (int) $db->sql_fetchfield('num_guests');
120 $db->sql_freeresult($result);
123 // Get user list
124 $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_type, u.user_colour, s.session_id, s.session_time, s.session_page, s.session_ip, s.session_browser, s.session_viewonline
125 FROM ' . USERS_TABLE . ' u, ' . SESSIONS_TABLE . ' s
126 WHERE u.user_id = s.session_user_id
127 AND s.session_time >= ' . (time() - ($config['load_online_time'] * 60)) .
128 ((!$show_guests) ? ' AND s.session_user_id <> ' . ANONYMOUS : '') . '
129 ORDER BY ' . $order_by;
130 $result = $db->sql_query($sql);
132 $prev_id = $prev_ip = $user_list = array();
133 $logged_visible_online = $logged_hidden_online = $counter = 0;
135 while ($row = $db->sql_fetchrow($result))
137 if ($row['user_id'] != ANONYMOUS && !isset($prev_id[$row['user_id']]))
139 $view_online = $s_user_hidden = false;
140 $user_colour = ($row['user_colour']) ? ' style="color:#' . $row['user_colour'] . '" class="username-coloured"' : '';
142 $username_full = ($row['user_type'] != USER_IGNORE) ? get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']) : '<span' . $user_colour . '>' . $row['username'] . '</span>';
144 if (!$row['session_viewonline'])
146 $view_online = ($auth->acl_get('u_viewonline')) ? true : false;
147 $logged_hidden_online++;
149 $username_full = '<em>' . $username_full . '</em>';
150 $s_user_hidden = true;
152 else
154 $view_online = true;
155 $logged_visible_online++;
158 $prev_id[$row['user_id']] = 1;
160 if ($view_online)
162 $counter++;
165 if (!$view_online || $counter > $start + $config['topics_per_page'] || $counter <= $start)
167 continue;
170 else if ($show_guests && $row['user_id'] == ANONYMOUS && !isset($prev_ip[$row['session_ip']]))
172 $prev_ip[$row['session_ip']] = 1;
173 $guest_counter++;
174 $counter++;
176 if ($counter > $start + $config['topics_per_page'] || $counter <= $start)
178 continue;
181 $s_user_hidden = false;
182 $username_full = get_username_string('full', $row['user_id'], $user->lang['GUEST']);
184 else
186 continue;
189 preg_match('#^([a-z/]+)#i', $row['session_page'], $on_page);
190 if (!sizeof($on_page))
192 $on_page[1] = '';
195 switch ($on_page[1])
197 case 'index':
198 $location = $user->lang['INDEX'];
199 $location_url = append_sid('index');
200 break;
202 case 'adm/index':
203 $location = $user->lang['ACP'];
204 $location_url = append_sid('index');
205 break;
207 case 'posting':
208 case 'viewforum':
209 case 'viewtopic':
210 preg_match('#_f_=([0-9]+)x#i', $row['session_page'], $forum_id);
211 $forum_id = (sizeof($forum_id)) ? (int) $forum_id[1] : 0;
213 if ($forum_id && $auth->acl_get('f_list', $forum_id))
215 $location = '';
216 $location_url = append_sid('viewforum', 'f=' . $forum_id);
218 if ($forum_data[$forum_id]['forum_type'] == FORUM_LINK)
220 $location = sprintf($user->lang['READING_LINK'], $forum_data[$forum_id]['forum_name']);
221 break;
224 switch ($on_page[1])
226 case 'posting':
227 preg_match('#mode=([a-z]+)#', $row['session_page'], $on_page);
228 $posting_mode = (!empty($on_page[1])) ? $on_page[1] : '';
230 switch ($posting_mode)
232 case 'reply':
233 case 'quote':
234 $location = sprintf($user->lang['REPLYING_MESSAGE'], $forum_data[$forum_id]['forum_name']);
235 break;
237 default:
238 $location = sprintf($user->lang['POSTING_MESSAGE'], $forum_data[$forum_id]['forum_name']);
239 break;
241 break;
243 case 'viewtopic':
244 $location = sprintf($user->lang['READING_TOPIC'], $forum_data[$forum_id]['forum_name']);
245 break;
247 case 'viewforum':
248 $location = sprintf($user->lang['READING_FORUM'], $forum_data[$forum_id]['forum_name']);
249 break;
252 else
254 $location = $user->lang['INDEX'];
255 $location_url = append_sid('index');
257 break;
259 case 'search':
260 $location = $user->lang['SEARCHING_FORUMS'];
261 $location_url = append_sid('search');
262 break;
264 case 'faq':
265 $location = $user->lang['VIEWING_FAQ'];
266 $location_url = append_sid('faq');
267 break;
269 case 'viewonline':
270 $location = $user->lang['VIEWING_ONLINE'];
271 $location_url = append_sid('viewonline');
272 break;
274 case 'memberlist':
275 $location = (strpos($row['session_page'], 'mode=viewprofile') !== false) ? $user->lang['VIEWING_MEMBER_PROFILE'] : $user->lang['VIEWING_MEMBERS'];
276 $location_url = append_sid('memberlist');
277 break;
279 case 'mcp':
280 $location = $user->lang['VIEWING_MCP'];
281 $location_url = append_sid('index');
282 break;
284 case 'ucp':
285 $location = $user->lang['VIEWING_UCP'];
287 // Grab some common modules
288 $url_params = array(
289 'mode=register' => 'VIEWING_REGISTER',
290 'i=pm&mode=compose' => 'POSTING_PRIVATE_MESSAGE',
292 'i=profile&' => 'CHANGING_PROFILE',
293 'i=prefs&' => 'CHANGING_PREFERENCES',
296 foreach ($url_params as $param => $lang)
298 if (strpos($row['session_page'], $param) !== false)
300 $location = $user->lang[$lang];
301 break;
305 $location_url = append_sid('index');
306 break;
308 case 'download/file':
309 $location = $user->lang['DOWNLOADING_FILE'];
310 $location_url = append_sid('index');
311 break;
313 case 'report':
314 $location = $user->lang['REPORTING_POST'];
315 $location_url = append_sid('index');
316 break;
318 default:
319 $location = $user->lang['INDEX'];
320 $location_url = append_sid('index');
321 break;
324 $template->assign_block_vars('user_row', array(
325 'USERNAME' => $row['username'],
326 'USERNAME_COLOUR' => $row['user_colour'],
327 'USERNAME_FULL' => $username_full,
328 'LASTUPDATE' => $user->format_date($row['session_time']),
329 'FORUM_LOCATION' => $location,
330 'USER_IP' => ($auth->acl_get('a_')) ? (($mode == 'lookup' && $session_id == $row['session_id']) ? gethostbyaddr($row['session_ip']) : $row['session_ip']) : '',
331 'USER_BROWSER' => ($auth->acl_get('a_user')) ? $row['session_browser'] : '',
333 'U_USER_PROFILE' => ($row['user_type'] != USER_IGNORE) ? get_username_string('profile', $row['user_id'], '') : '',
334 'U_USER_IP' => append_sid('viewonline', 'mode=lookup' . (($mode != 'lookup' || $row['session_id'] != $session_id) ? '&amp;s=' . $row['session_id'] : '') . "&amp;sg=$show_guests&amp;start=$start&amp;sk=$sort_key&amp;sd=$sort_dir"),
335 'U_WHOIS' => append_sid('viewonline', 'mode=whois&amp;s=' . $row['session_id']),
336 'U_FORUM_LOCATION' => $location_url,
338 'S_USER_HIDDEN' => $s_user_hidden,
339 'S_GUEST' => ($row['user_id'] == ANONYMOUS) ? true : false,
340 'S_USER_TYPE' => $row['user_type'],
343 $db->sql_freeresult($result);
344 unset($prev_id, $prev_ip);
346 // Generate reg/hidden/guest online text
347 $vars_online = array(
348 'REG' => array('logged_visible_online', 'l_r_user_s'),
349 'HIDDEN'=> array('logged_hidden_online', 'l_h_user_s'),
350 'GUEST' => array('guest_counter', 'l_g_user_s')
353 foreach ($vars_online as $l_prefix => $var_ary)
355 switch ($$var_ary[0])
357 case 0:
358 $$var_ary[1] = $user->lang[$l_prefix . '_USERS_ZERO_ONLINE'];
359 break;
361 case 1:
362 $$var_ary[1] = $user->lang[$l_prefix . '_USER_ONLINE'];
363 break;
365 default:
366 $$var_ary[1] = $user->lang[$l_prefix . '_USERS_ONLINE'];
367 break;
370 unset($vars_online);
372 $pagination = generate_pagination(append_sid('viewonline', "sg=$show_guests&amp;sk=$sort_key&amp;sd=$sort_dir"), $counter, $config['topics_per_page'], $start);
374 // Grab group details for legend display
375 if ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel'))
377 $sql = 'SELECT group_id, group_name, group_colour, group_type
379 WHERE group_legend = 1
380 ORDER BY group_name ASC';
382 else
384 $sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_type
385 FROM ' . GROUPS_TABLE . ' g
387 ON (
388 g.group_id = ug.group_id
389 AND ug.user_id = ' . $user->data['user_id'] . '
390 AND ug.user_pending = 0
392 WHERE g.group_legend = 1
393 AND (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $user->data['user_id'] . ')
394 ORDER BY g.group_name ASC';
396 $result = $db->sql_query($sql);
398 $legend = '';
399 while ($row = $db->sql_fetchrow($result))
401 if ($row['group_name'] == 'BOTS')
403 $legend .= (($legend != '') ? ', ' : '') . '<span style="color:#' . $row['group_colour'] . '">' . $user->lang['G_BOTS'] . '</span>';
405 else
407 $legend .= (($legend != '') ? ', ' : '') . '<a style="color:#' . $row['group_colour'] . '" href="' . append_sid('memberlist', 'mode=group&amp;g=' . $row['group_id']) . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</a>';
410 $db->sql_freeresult($result);
412 // Refreshing the page every 60 seconds...
413 meta_refresh(60, append_sid('viewonline', "sg=$show_guests&amp;sk=$sort_key&amp;sd=$sort_dir&amp;start=$start"));
415 // Send data to template
416 $template->assign_vars(array(
417 'TOTAL_REGISTERED_USERS_ONLINE' => sprintf($l_r_user_s, $logged_visible_online) . sprintf($l_h_user_s, $logged_hidden_online),
418 'TOTAL_GUEST_USERS_ONLINE' => sprintf($l_g_user_s, $guest_counter),
419 'LEGEND' => $legend,
420 'PAGINATION' => $pagination,
421 'PAGE_NUMBER' => on_page($counter, $config['topics_per_page'], $start),
423 'U_SORT_USERNAME' => append_sid('viewonline', 'sk=a&amp;sd=' . (($sort_key == 'a' && $sort_dir == 'a') ? 'd' : 'a') . '&amp;sg=' . ((int) $show_guests)),
424 'U_SORT_UPDATED' => append_sid('viewonline', 'sk=b&amp;sd=' . (($sort_key == 'b' && $sort_dir == 'a') ? 'd' : 'a') . '&amp;sg=' . ((int) $show_guests)),
425 'U_SORT_LOCATION' => append_sid('viewonline', 'sk=c&amp;sd=' . (($sort_key == 'c' && $sort_dir == 'a') ? 'd' : 'a') . '&amp;sg=' . ((int) $show_guests)),
427 'U_SWITCH_GUEST_DISPLAY' => append_sid('viewonline', 'sg=' . ((int) !$show_guests)),
428 'L_SWITCH_GUEST_DISPLAY' => ($show_guests) ? $user->lang['HIDE_GUESTS'] : $user->lang['DISPLAY_GUESTS'],
429 'S_SWITCH_GUEST_DISPLAY' => ($config['load_online_guests']) ? true : false)
432 // We do not need to load the who is online box here. ;)
433 $config['load_online'] = false;
435 // Output the page
436 page_header($user->lang['WHO_IS_ONLINE']);
438 $template->set_filenames(array(
439 'body' => 'viewonline_body.html')
441 make_jumpbox(append_sid('viewforum'));
443 page_footer();