Fix who is online access not it will check chamilo settings

api_get_setting('showonline', 'world')
api_get_setting('showonline', 'users')
api_get_setting('showonline', 'course')

Author: jmontoyaa

main/inc/ajax/online.ajax.php

@@ -12,11 +12,15 @@
         echo returnNotificationMenu();
         break;
     case 'load_online_user':
+        $access = accessToWhoIsOnline();
+
+        if (!$access) {
+            exit;
+        }
         $images_to_show = MAX_ONLINE_USERS;
         $page = intval($_REQUEST['online_page_nr']);
         $max_page = ceil(who_is_online_count() / $images_to_show);
         $page_rows = ($page - 1) * MAX_ONLINE_USERS;
-
         if (!empty($max_page) && $page <= $max_page) {
             if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
                 $user_list = who_is_online_in_this_course(

main/inc/lib/banner.lib.php

@@ -200,6 +200,25 @@ function return_logo($theme = '')
     );
 }
 
+/**
+ * Check if user have access to "who is online" page
+ * @return bool
+ */
+function accessToWhoIsOnline()
+{
+    $user_id = api_get_user_id();
+    $course_id = api_get_course_int_id();
+    $access = false;
+    if ((api_get_setting('showonline', 'world') == 'true' && !$user_id) ||
+        (api_get_setting('showonline', 'users') == 'true' && $user_id) ||
+        (api_get_setting('showonline', 'course') == 'true' && $user_id && $course_id)
+    ) {
+        $access = true;
+    }
+
+    return $access;
+}
+
 /**
  * Return HTML string of a list as <li> items.
  *
@@ -208,19 +227,11 @@ function return_logo($theme = '')
 function returnNotificationMenu()
 {
     $courseInfo = api_get_course_info();
-    $course_id = 0;
-    if (!empty($courseInfo)) {
-        $course_id = $courseInfo['code'];
-    }
-
     $user_id = api_get_user_id();
     $sessionId = api_get_session_id();
     $html = '';
 
-    if ((api_get_setting('showonline', 'world') == 'true' && !$user_id) ||
-        (api_get_setting('showonline', 'users') == 'true' && $user_id) ||
-        (api_get_setting('showonline', 'course') == 'true' && $user_id && $course_id)
-    ) {
+    if (accessToWhoIsOnline()) {
         $number = getOnlineUsersCount();
         $number_online_in_course = getOnlineUsersInCourseCount($user_id, $courseInfo);
 

whoisonline.php

@@ -8,7 +8,6 @@
     $cidReset = true;
 }
 
-// including necessary files
 require_once './main/inc/global.inc.php';
 
 if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
@@ -20,48 +19,45 @@
 $whoisonline_list = '';
 $social_search = '';
 $userId = api_get_user_id();
+$access = accessToWhoIsOnline();
 
-// This if statement prevents users accessing the who's online feature when it has been disabled.
-if ((api_get_setting('showonline', 'world') == 'true' && !$userId) ||
-    ((api_get_setting('showonline', 'users') == 'true' ||
-        api_get_setting('showonline', 'course') == 'true') && $userId)
-) {
-    if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
-        $user_list = who_is_online_in_this_course(
-            0,
-            MAX_ONLINE_USERS,
-            api_get_user_id(),
-            api_get_setting('time_limit_whosonline'),
-            $_GET['cidReq']
-        );
-    } else {
-        $user_list = who_is_online(0, MAX_ONLINE_USERS);
-    }
+if (!$access) {
+    api_not_allowed(true);
+}
 
-    if ($user_list) {
-        if (!isset($_GET['id'])) {
-            if (api_get_setting('allow_social_tool') == 'true') {
-                if (!api_is_anonymous()) {
-                    $query = isset($_GET['q']) ? $_GET['q'] : null;
-                    $social_search = UserManager::get_search_form($query);
-                }
+if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
+    $user_list = who_is_online_in_this_course(
+        0,
+        MAX_ONLINE_USERS,
+        api_get_user_id(),
+        api_get_setting('time_limit_whosonline'),
+        $_GET['cidReq']
+    );
+} else {
+    $user_list = who_is_online(0, MAX_ONLINE_USERS);
+}
+
+if ($user_list) {
+    if (!isset($_GET['id'])) {
+        if (api_get_setting('allow_social_tool') == 'true') {
+            if (!api_is_anonymous()) {
+                $query = isset($_GET['q']) ? $_GET['q'] : null;
+                $social_search = UserManager::get_search_form($query);
             }
-            $social_right_content .= SocialManager::display_user_list($user_list);
         }
+        $social_right_content .= SocialManager::display_user_list($user_list);
     }
+}
 
-    $whoisonline_list .= SocialManager::display_user_list($user_list);
+$whoisonline_list .= SocialManager::display_user_list($user_list);
 
-    if (isset($_GET['id'])) {
-        if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
-            header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
-            exit;
-        } else {
-            $social_right_content .= SocialManager::display_individual_user($_GET['id']);
-        }
+if (isset($_GET['id'])) {
+    if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
+        header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
+        exit;
+    } else {
+        $social_right_content .= SocialManager::display_individual_user($_GET['id']);
     }
-} else {
-    api_not_allowed(true);
 }
 
 $tpl = new Template(get_lang('UsersOnLineList'));