Recent Topics

Display admin|stats only for blogs you can post in

Started by on Aug 10, 2005 – Contents updated: Aug 10, 2005

Aug 10, 2005 02:30    

Based on a how-to post by nate_02631, this hack limits the stats that any given blogger can see in the back office on the stats tab. Basically what it does is says "you can't see stats for a blog you can't post into unless you are level 10 in which case you can see everything". That means the default condition of showing stats for blog "none" (which is blog 0 inside the code) will now show an empty page. The list of blogs across the top of the stats page will show blogs the blogger can post into - post with ANY status by the way. It's a neat little hack that exists in 4 parts in 1 file.

Open admin/b2stats.php and look for this bit:

require(dirname(__FILE__) . '/_menutop.php');
?>
<a href="b2stats.php?show=<?php echo $show ?>&amp;blog=0" class="<?php echo ( 0 == $blog ) ? 'CurrentBlog' : 'OtherBlog' ?>"><?php echo T_('None') ?></a>
<?php
for( $curr_blog_ID=blog_list_start('stub');

and change it to this:

require(dirname(__FILE__) . '/_menutop.php');
// HACK ONE
if( $current_User->get('level') == 10 ) { 
	$show_zero_stats = 'show_zeros'; ?>
	<a href="b2stats.php?show=<?php echo $show ?>&amp;blog=0" class="<?php echo ( 0 == $blog ) ? 'CurrentBlog' : 'OtherBlog' ?>"><?php echo T_('None') ?></a>
	<?php
	} else {
	$show_zero_stats = 'dont_show';
	}
// END HACK ONE
for( $curr_blog_ID=blog_list_start('stub');

That stops the "none" option from showing up if you are not level 10 and sets up the ability to display the data later on.

A couple of lines later find this bit:

			 $curr_blog_ID=blog_list_next('stub') )
	{
		?>
		<a href="b2stats.php?show=<?php echo $show blah blah blah

and change it to this:

			 $curr_blog_ID=blog_list_next('stub') )
	{
// HACK TWO
	 	if( ! $current_User->check_perm( 'blog_post_statuses', 'any', false, $curr_blog_ID ) ) continue;
// END HACK TWO
		?>
		<a href="b2stats.php?show=<?php echo $show blah blah blah

What this does is check the blogger's permissions to see if they are allowed to post in the next blog in the bloglist. If they can they get the link - if not then they don't. (I added the blah blah blah because I cut a line in half)

Hack 3 is really neato! Scroll down and find:

	<li><!-- Yes, this empty UL is needed! It's a DOUBLE hack for correct CSS display --></li>
</ul>
<div class="pt">
	<div class="panelblocktabs">

and change it to:

	<li><!-- Yes, this empty UL is needed! It's a DOUBLE hack for correct CSS display --></li>
</ul>
<?php // HACK THREE
if( $blog > 0 ) {
	$show_zero_stats = 'show_zeros';
	}
switch( $show_zero_stats ) {
case 'dont_show':
break;
default;
// END HACK THREE ?>
<div class="pt">
	<div class="panelblocktabs">

This is the part that lets level 10 people see the "none" stats and excludes those who are not level 10 and can't post in any given blog.

Finally, close the new switch near the end of the file by finding:

</div>
<?php
require( dirname(__FILE__).'/_footer.php' );

and changing it to:

</div>
<?php 
// HACK FOUR
} // end of $show_zero_stats switch
// END HACK FOUR
require( dirname(__FILE__).'/_footer.php' );

That's it! I did it on a test installation of v12+p with one dummy user and found it to be functional. I think maybe group permissions might over-ride the hackage but I'm not sure. In other words, putting a blogger in the admin group might let them see stats for "none" but I dunno. Didn't test in that much detail.

Have fun, EdB

Aug 10, 2005 15:52

Very nice, Edb!

It didn't take quite as much hacking as I though it would ;) I do have a couple of suggestions:

For one, as a level 10 admin, I would like to have access to ALL the blogs stats buttons, and not just the one's I have added my admin account to as a member/poster. So I changed part TWO of the hack from:

if( ! $current_User->check_perm( 'blog_post_statuses', 'any', false, $curr_blog_ID ) ) continue;


to:

if( ! $current_User->check_perm( 'blog_post_statuses', 'any', false, $curr_blog_ID ) && $current_User->get('level') < 10 ) continue;

SECURITY ALERT: The other (more important) detail is that while a regular blogger will now only see the stats button for their blog(s), they still can access any other blogs stats (provided they know the blog ID) by simply changing the ID at the end of the query string for the stats page. I added a simple permission check just after where you see:

// Check permission:
$current_User->check_perm( 'stats', 'view', true );


add the following:

// NJW MOD - Part 2a
if( ! $current_User->check_perm( 'blog_post_statuses', 'any', false, $blog ) && $current_User->get('level') < 10 ) {
    echo '<P>&nbsp;&nbsp;You do not have permission to view that blog\'s stats.</P>';
    require( dirname(__FILE__).'/_footer.php' );
    exit;
}		
// END NJW MOD - Part 2a


That will make sure the blogger has permission to see just their stats. Again, as a Level 10 user you can see everybody's stats.

Thanks again, Edb. I've done numerous hacks, modules, etc... for other O/S projects (Postnuke, OsCommerce). Nice to be on the other side of the fence for a change!

Aug 13, 2005 03:11

Thanks for the updates. I'll incorporate them into my blog post when I get a round toit.

Mar 26, 2007 22:21

I know this post has cobwebs on it, but I am finally upgrading from my .9 b2evo to 1.93 and was interested in having the same stats functionality.

The code for the stats seems to have changed significantly, and I seem to be having trouble coming up with the logic for the same hack. Has anyone come up with a solution for the newest b2 (or maybe a plugin)? (a little surprised it's not offered as an option for a multi-blog)

(hack above being allowing access (and rendering buttons for) only stats which user has permission to post in - unless they're a level 10 user in which case they can see all stats).

Any help is appreciated :)

Apr 05, 2007 19:55

Hi - anyone have a solution so that logged in blogger can see only stats for blogs they have permission to post to?

(v. 1.9+)


Form is loading...

Community CMS – This forum is powered by b2evolution CMS, a complete engine for your website.