log in as invisible

I'm playing around with the idea of having my admin account always log in as invisible, so in /pages/mudules/login.php I changed:
to:
That seems to work fine until the current session expires. When I subsequently go back to my site I am logged in, as expected, but admin is no longer invisible.

Looking at the following code for invisible logins, I noticed that although 'session_invisible'=>1 is set in the DB, ['session_invisible']=0 is set in the session cache.
I'm assuming that ['session_invisible']=0 is a bug and that it should be ['session_invisible']=1. If not, why is it set to 0?

I have also looked at the invisibility related code in functions handle_active_login() of users_active_actions.php and create_session() of users_inactive_occasionals.php, and I don't think I need to do anything there.

Any thoughts?

Interested in this. I recall that in 'older' versions Admin had the ability to be the 'only' invisible user, but that changed (and I commented at the time) to an 'all-or-nothing' approach.

Waiting …

 

Fletch said

Interested in this. I recall that in 'older' versions Admin had the ability to be the 'only' invisible user, but that changed (and I commented at the time) to an 'all-or-nothing' approach.

I wouldn't have thought that an 'all-or-nothing' approach was particularly logical to have. I can understand maybe a desire to give users an option of a bit more privacy, but it does take away from the community spirit/aim.

For example, if I see a lot of named users online I sometimes effectively stay on longer (i.e. because I return sooner) as it brings the communication closer to real-time. As I am on the other side of the planet to most members the post-reply cycle can really get drawn out otherwise.

Admins are by their very nature special, and if they see a need to be able to log in invisibly then they should be able to do so without having to give everyone else that option.

temp1024 said

Admins are by their very nature special, and if they see a need to be able to log in invisibly then they should be able to do so without having to give everyone else that option.

I recall that was the original point I made. There are times when I am 'administering' when I don't wish to be whistled-up for a chat, or something similar. Also, it helps to be invisible when trying to keep an eye on the known/suspected 'dodgy' characters when they are on line, observing their behaviour when they don't see 'Administrator' logged on!

Hope you can crack this one.

 

Issues:

• The session cache bug you found is real (so bug if persistent cache enabled)
• There's no way to leave invisibility without killing the session
• No way of remembering invisibility setting between sessions

Availability of invisibility to non-staff won't be considered. But can be templated in if needed (that's not secure, but I personally wouldn't worry about that – none of this is a site security feature).

I will post a hotfix in a few minutes.

https://github.com/chrisgraham/ocPortal/commit/e0d51a3

Thanks Chris.

One minor change to login.php is needed though.

Your code allows members to toggle 'invisible' even when is_on_invisibility has not been enabled on the site.

To fix, just need to make it conditional, i.e. change:
to:

I've also noticed that the side_users_online block is not being refreshed properly when invisibility is toggled (i.e. by navigating to /pg/login/invisible) although the users online block in the forum is fine.

temp1024 said

Thanks Chris.

One minor change to login.php is needed though.

Your code allows members to toggle 'invisible' even when is_on_invisibility has not been enabled on the site.

To fix, just need to make it conditional, i.e. change:

Code (php)

                $visible=(array_key_exists(get_session_id(),$GLOBALS['SESSION_CACHE'])) && ($GLOBALS['SESSION_CACHE'][get_session_id()]['session_invisible']==0);
 

to:

Code (php)

                if(get_option('is_on_invisibility')=='1')
                {
                        $visible=(array_key_exists(get_session_id(),$GLOBALS['SESSION_CACHE'])) && ($GLOBALS['SESSION_CACHE'][get_session_id()]['session_invisible']==0);
                }
                else
                {
                        $visible=false;
                }
 

I've also noticed that the side_users_online block is not being refreshed properly when invisibility is toggled (i.e. by navigating to /pg/login/invisible) although the users online block in the forum is fine.

This issue has been filed on the tracker in issue #647, with a fix.

@Chris - Thanks

@Fletch - After applying Chris' patches, you can now allow admins to log in invisibly by making a couple of changes to /pages/mudules/login.php .

1st change is in my first post.

2nd change is to replace:
with:

Then once admin is logged in they can toggle invisibility off/on by navigating to /pg/login/invisible .

The global invisibility option is still available.

And if anyone want to say give a specific user group the power of invisibility, then only those two changes need to be tweaked.

temp1024 said

@Fletch - After applying Chris' patches, you can now …

   … I've suddenly gone invisible …

Fletch said

… I've suddenly gone invisible …

Who said that?

[RESOLVED] … ?

Fletch said

[RESOLVED] … ?

I guess so……I've be a little lax in that department lately.

 

Not many in here I'd 'suggest' that to.

I could have used a Frank Campion "Walk with me…", but I suspect you don't have time for that, either!

 

Fletch said

I could have used a Frank Campion "Walk with me…"

If you did I would have thought to myself "I don't understand….O.K. this must be Fletch's revenge for giving him the run-around in the Bob thread. I confused him, so he confuses me."

Ahhhhhhh...

Australian medical drama All Saints - Channel7

Dr. Frank Campion	John Howard	Director of Emergency	April 2004 -> present	265 -> ###
Dr. Frank Campion is one of All Saints main characters and one of All Saints hospital's top doctors. He, as head of the emergency department, is a fantastic doctor and has had extensive training in the field. To the doctors and nurses of the ED, he is demanding, pushing and sometimes abusive but he always makes his patients his top priority. Frank became particularly attached to his intern, Bart West, when Bart was shot and Frank felt it was his fault; it was then that we saw first-hand how supportive and kind Frank could be to his staff. Frank has been married once, to his ex-wife, and engaged one, to Eve Ballantyne whom he went to great lengths to win over. This engagement ended when Eve became pregnant and they discovered their baby had spina bifida, Eve decided to have the pregnancy terminated and Frank objected. She left town as Frank would not support her decision. Dr.Frank campion has a daughter named Kathleen Campion with Dr. Alison Newell his ex-wife.

That explains it. Australian drama…Never watch it as I can't stand any of the modern stuff from down-under.

Fletch said

[RESOLVED] … ?

Spoke a little too soon Fletch

My first post need a little tweak. As it currently stands admins invisibility will be lost if the admin need to confirm their login, which typically happens when the admin tries to go into the admin zone after some inactivity or in a freshly opened browser.

So I have changed:
to:

I'll also change the first post to reflect this new code.

temp1024 said

… So I have changed: >>>>

to: >>>>

I'll also change the first post to reflect this new code.

 

@Chris, I left invisible admin logged in overnight and when I loaded the first page this morning I was still logged in (as expected) but I was visible again.

Looks like the sessions are not being recreated properly.