public function output() { global $vbulletin; $vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_UINT)); // verify the userid exists, don't want useless entries in our table. if ($vbulletin->GPC['userid'] and $vbulletin->GPC['userid'] != $vbulletin->userinfo['userid']) { if (!($userinfo = fetch_userinfo($vbulletin->GPC['userid']))) { standard_error(fetch_error('invalidid', $vbphrase['user'], $vbulletin->options['contactuslink'])); } // are we a member of this user's blog? if (!is_member_of_blog($vbulletin->userinfo, $userinfo)) { print_no_permission(); } $userid = $userinfo['userid']; /* Blog posting check */ if (!($userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !($userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'])) { print_no_permission(); } } else { $userinfo =& $vbulletin->userinfo; $userid = ''; /* Blog posting check, no guests! */ if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) or !($vbulletin->userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !$vbulletin->userinfo['userid']) { print_no_permission(); } } require_once DIR . '/includes/blog_functions_shared.php'; prepare_blog_category_permissions($userinfo, true); $globalcats = $this->construct_category($userinfo, 'global'); $localcats = $this->construct_category($userinfo, 'local'); return array('globalcategorybits' => $globalcats, 'localcategorybits' => $localcats); }
public function __construct() { //make sure that this gets initialized global $vbulletin; if (!$vbulletin->userinfo['blogcategorypermissions']) { require_once (DIR . '/includes/blog_functions_shared.php'); prepare_blog_category_permissions($vbulletin->userinfo, true); } }
protected function fetchCategoryPermissions() { if (!vB::$vbulletin->userinfo['blogcategorypermissions']) { require_once DIR . '/includes/blog_functions_shared.php'; prepare_blog_category_permissions(vB::$vbulletin->userinfo, true); } $return = array(); if (!empty(vB::$vbulletin->userinfo['blogcategorypermissions']['cantview'])) { $return['joinsql'] = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", vB::$vbulletin->userinfo['blogcategorypermissions']['cantview']) . "))"; if (vB::$vbulletin->userinfo['userid']) { $return['wheresql'] = "AND (cu.blogcategoryid IS NULL OR blog.userid = " . vB::$vbulletin->userinfo['userid'] . ")"; } else { $return['wheresql'] = "AND cu.blogcategoryid IS NULL"; } } return $return; }
function post_save_each($doquery = true) { $blogid = intval($this->fetch_field('blogid')); $userid = intval($this->fetch_field('userid')); $blogtextid = $this->fetch_field('blogtextid'); $postedby_userid = intval($this->fetch_field('postedby_userid')); require_once(DIR . '/vb/search/indexcontroller/queue.php'); vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogEntry', 'index', $blogid); vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogComment', 'group_data_change', $blogid); if (!$condition AND $this->info['addtags']) { // invalidate users tag cloud $dataman =& datamanager_init('Blog_User', $this->registry, ERRTYPE_SILENT); $info = array('bloguserid' => $userid); $dataman->set_existing($info); $dataman->set('tagcloud', ''); $dataman->save(); } $this->build_category_counters(); build_blog_stats(); // Insert entry for moderation if ($this->fetch_field('state') == 'moderation') { /*insert query*/ $this->dbobject->query_write(" INSERT IGNORE INTO " . TABLE_PREFIX . "blog_moderation (primaryid, type, dateline) VALUES ($blogid, 'blogid', " . TIMENOW . ") "); } // Insert entry for moderation if (!$this->condition AND ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft') OR $this->fetch_field('pending')) { $userinfo = array('bloguserid' => $userid); $userdata =& datamanager_init('Blog_user', $this->registry, ERRTYPE_SILENT); $userdata->set_existing($userinfo); if ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft') { $userdata->set($this->fetch_field('state'), $this->fetch_field('state') . ' + 1', false); } if ($this->fetch_field('pending')) { $userdata->set('pending', 'pending + 1', false); } $userdata->save(); } // Send Email Notification if (((!$this->condition AND !$this->fetch_field('pending')) OR $this->info['send_notification']) AND ($this->fetch_field('state') == 'visible' OR $this->fetch_field('state') == 'moderation') AND $this->registry->options['enableemail']) { $lastposttime = $this->dbobject->query_first(" SELECT MAX(dateline) AS dateline FROM " . TABLE_PREFIX . "blog AS blog WHERE blogid = $blogid AND dateline < " . $this->fetch_field('dateline') . " AND state = 'visible' "); $entrytitle = unhtmlspecialchars($this->fetch_field('title')); if (defined('VBBLOG_PERMS') AND $this->registry->userinfo['userid'] == $this->fetch_field('userid')) { $blogtitle = unhtmlspecialchars($this->registry->userinfo['blog_title']); $username = unhtmlspecialchars($this->registry->userinfo['username']); $userinfo =& $this->registry->userinfo; } else { if (!defined('VBBLOG_PERMS')) { // Tell the fetch_userinfo plugin that we need the blog fields in case this class is being called by a non blog script define('VBBLOG_PERMS', true); } $userinfo = fetch_userinfo($this->fetch_field('userid'), 1); cache_permissions($userinfo, false); $blogtitle = unhtmlspecialchars($userinfo['blog_title']); if ($userinfo['userid'] != $this->fetch_field('userid')) { $userinfo2 = fetch_userinfo($this->fetch_field('userid'), 1); $username = unhtmlspecialchars($userinfo2['username']); } else { $username = unhtmlspecialchars($userinfo['username']); } } require_once(DIR . '/includes/class_bbcode_alt.php'); $plaintext_parser = new vB_BbCodeParser_PlainText($this->registry, fetch_tag_list()); $pagetext_cache = array(); // used to cache the results per languageid for speed $pagetext_orig =& $this->fetch_field('pagetext', 'blog_text'); ($hook = vBulletinHook::fetch_hook('blog_user_notification_start')) ? eval($hook) : false; $useremails = $this->dbobject->query_read_slave(" SELECT user.*, blog_subscribeuser.blogsubscribeuserid, bm.blogmoderatorid, ignored.relationid AS ignoreid, buddy.relationid AS buddyid, bu.isblogmoderator, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid FROM " . TABLE_PREFIX . "blog_subscribeuser AS blog_subscribeuser INNER JOIN " . TABLE_PREFIX . "user AS user ON (blog_subscribeuser.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "blog_moderator AS bm ON (bm.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = $userid AND buddy.relationid = user.userid AND buddy.type = 'buddy') LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = $userid AND ignored.relationid = user.userid AND ignored.type = 'ignore') LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = user.userid) WHERE blog_subscribeuser.bloguserid = $userid AND " . ($userid == $postedby_userid ? "blog_subscribeuser.userid <> $userid AND" : "") . " blog_subscribeuser.type = 'email' AND user.usergroupid <> 3 AND user.lastactivity >= " . intval($lastposttime['dateline']) . " "); vbmail_start(); $setoptions = $this->fetch_field('options'); $evalemail = array(); while ($touser = $this->dbobject->fetch_array($useremails)) { cache_permissions($touser, false); // only send private entries to contacts and moderators if ($setoptions["{$this->bitfields['options']['private']}"] AND !$touser['buddyid'] AND !$touser['blogmoderatorid'] AND !is_member_of_blog($touser, $userinfo)) { continue; } if (!($this->registry->usergroupcache["$touser[usergroupid]"]['genericoptions'] & $this->registry->bf_ugp_genericoptions['isnotbannedgroup'])) { continue; } if ($this->fetch_field('state') == 'moderation') { if ($touser['userid'] != $userid AND !can_moderate_blog('canmoderateentries', $touser)) { continue; } } if (!empty($this->info['categories'])) { prepare_blog_category_permissions($touser); if (array_intersect($touser['blogcategorypermissions']['cantview'], $this->info['categories']) AND $userinfo['userid'] != $touser['userid']) { continue; } } if (!($touser['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { continue; } else if ( !$touser['blogmoderatorid'] AND !($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel']) AND !($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['ismoderator']) AND (!$userinfo['ignore_canviewmyblog'] OR !$touser['ignoreid']) AND (!$userinfo['buddy_canviewmyblog'] OR !$touser['buddyid']) AND (!$userinfo['member_canviewmyblog'] OR (!$userinfo['buddy_canviewmyblog'] AND $touser['budyid']) OR (!$userinfo['ignore_canviewmyblog'] AND $touser['ignoreid'])) AND !is_member_of_blog($touser, $userinfo) ) { continue; } $touser['username'] = unhtmlspecialchars($touser['username']); $touser['languageid'] = iif($touser['languageid'] == 0, $this->registry->options['languageid'], $touser['languageid']); $touser['auth'] = md5($touser['userid'] . $touser['blogsubscribeuserid'] . $touser['salt'] . COOKIE_SALT); if (empty($evalemail)) { $email_texts = $this->dbobject->query_read_slave(" SELECT text, languageid, fieldname FROM " . TABLE_PREFIX . "phrase WHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'blog_user_notify' "); while ($email_text = $this->dbobject->fetch_array($email_texts)) { $emails["$email_text[languageid]"]["$email_text[fieldname]"] = $email_text['text']; } require_once(DIR . '/includes/functions_misc.php'); foreach ($emails AS $languageid => $email_text) { // lets cycle through our array of notify phrases $text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody']))); $text_message = replace_template_variables($text_message); $text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject']))); $text_subject = replace_template_variables($text_subject); $evalemail["$languageid"] = ' $message = "' . $text_message . '"; $subject = "' . $text_subject . '"; '; } } // parse the page text into plain text, taking selected language into account if (!isset($pagetext_cache["$touser[languageid]"])) { $plaintext_parser->set_parsing_language($touser['languageid']); $pagetext_cache["$touser[languageid]"] = $plaintext_parser->parse($pagetext_orig); } $pagetext = $pagetext_cache["$touser[languageid]"]; ($hook = vBulletinHook::fetch_hook('blog_user_notification_message')) ? eval($hook) : false; eval(iif(empty($evalemail["$touser[languageid]"]), $evalemail["-1"], $evalemail["$touser[languageid]"])); vbmail($touser['email'], $subject, $message); } unset($plaintext_parser, $pagetext_cache); vbmail_end(); } $this->post_save_each_blogtext($doquery); if ($this->fetch_field('dateline') <= TIMENOW) { $this->insert_dupehash($this->fetch_field('blogid')); } if ($this->condition AND $this->info['emailupdate'] == 'none' AND ($userid != $this->registry->userinfo['userid'] OR ($userid == $this->registry->userinfo['userid'] AND $this->existing['entrysubscribed']))) { $this->dbobject->query_write(" DELETE FROM " . TABLE_PREFIX . "blog_subscribeentry WHERE blogid = $blogid AND userid = $userid "); } else if ($this->info['emailupdate'] == 'email' OR $this->info['emailupdate'] == 'usercp') { $this->dbobject->query_write(" REPLACE INTO " . TABLE_PREFIX . "blog_subscribeentry (blogid, dateline, type, userid) VALUES ($blogid, " . TIMENOW . ", '" . $this->info['emailupdate'] . "', $userid) "); } ($hook = vBulletinHook::fetch_hook('blog_fpdata_postsave')) ? eval($hook) : false; }
/** * Prepare any data needed for the output * * @param string The id of the block * @param array Options specific to the block */ function prepare_output($id = '', $options = array()) { global $show, $vbphrase; if (!$this->registry->userinfo['userid']) { prepare_blog_category_permissions($this->registry->userinfo); } $show['lastentry'] = true; $this->block_data['entries'] = vb_number_format($this->profile->userinfo['entries']); $this->block_data['lastblogtitle'] = ''; $this->block_data['lastblogdate'] = $vbphrase['never']; $this->block_data['lastblogtime'] = ''; $memberblogs = explode(',', $this->profile->userinfo['memberblogids']); if (count($memberblogs) > 1) { $sqland = array( "bu.bloguserid IN (" . $this->profile->userinfo['memberblogids'] . ")" ); if (!($this->registry->userinfo['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { $sqland[] = "bu.bloguserid = " . $this->registry->userinfo['userid']; } if (!($this->registry->userinfo['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewown']) AND $this->registry->userinfo['userid']) { $sqland[] = "bu.bloguserid <> " . $this->registry->userinfo['userid']; } if (trim($this->registry->options['globalignore']) != '') { require_once(DIR . '/includes/functions_bigthree.php'); if ($coventry = fetch_coventry('string') AND !can_moderate_blog()) { $sqland[] = "bu.bloguserid NOT IN ($coventry)"; } } $sqlor = array(); $sqljoin = array(); if (!can_moderate_blog()) { if ($this->registry->userinfo['userid']) { $sqlor[] = "bu.bloguserid IN (" . $this->registry->userinfo['memberblogids'] . ")"; $sqlor[] = "(options_ignore & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL)"; $sqlor[] = "(options_buddy & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)"; $sqlor[] = "(options_member & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " .$this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL) AND (options_ignore & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR ignored.relationid IS NULL))"; $sqland[] = "(" . implode(" OR ", $sqlor) . ")"; $sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = bu.bloguserid AND buddy.relationid = " . $this->registry->userinfo['userid'] . " AND buddy.type = 'buddy')"; $sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = bu.bloguserid AND ignored.relationid = " . $this->registry->userinfo['userid'] . " AND ignored.type = 'ignore')"; } else { $sqland[] = "options_guest & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; $sqland[] = "~blog.options & " . $this->registry->bf_misc_vbblogoptions['private']; } } if ($this->registry->userinfo['userid'] AND in_coventry($this->registry->userinfo['userid'], true)) { $sqlfields[] = "IF(blog_tachyentry.userid IS NULL, blog.lastcomment, blog_tachyentry.lastcomment) AS lastcomment"; $sqlfields[] = "IF(blog_tachyentry.userid IS NULL, blog.lastcommenter, blog_tachyentry.lastcommenter) AS lastcommenter"; $sqlfields[] = "IF(blog_tachyentry.userid IS NULL, blog.lastblogtextid, blog_tachyentry.lastblogtextid) AS lastblogtextid"; $sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "blog_tachyentry AS blog_tachyentry ON (blog_tachyentry.blogid = bu.lastblogid AND blog_tachyentry.userid = " . $this->registry->userinfo['userid'] . ")"; $sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog_text.blogtextid = IF(blog_tachyentry.userid IS NULL, blog.lastblogtextid, blog_tachyentry.lastblogtextid))"; } else { $sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog_text.blogtextid = bu.lastblogtextid)"; } $temp = $show['inlinemod']; $show['inlinemod'] = false; $blogs = $this->registry->db->query_read_slave(" SELECT user.*, IF(bu.title, bu.title, user.username) AS blogtitle, user.userid, user.username, bu.lastblog, bu.lastblogid AS lastblogid, bu.lastblogtitle, bu.lastcomment, bu.lastblogtextid AS lastblogtextid, bu.lastcommenter, bu.options_member, bu.options_buddy, bu.ratingnum, bu.ratingtotal, bu.title, bu.entries, bu.comments, bu.title, blog.categories, blog2.categories AS categories_lastcomment FROM " . TABLE_PREFIX . "blog_user AS bu LEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = bu.bloguserid) LEFT JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blogid = bu.lastblogid) " . (!empty($sqljoin) ? implode("\r\n", $sqljoin) : "") . " LEFT JOIN " . TABLE_PREFIX . "blog AS blog2 ON (blog2.blogid = blog_text.blogid) WHERE " . implode("\r\n\tAND ", $sqland) . " "); while ($blog = $this->registry->db->fetch_array($blogs)) { $blog = array_merge($blog, convert_bits_to_array($blog['options'], $this->registry->bf_misc_useroptions)); $blog = array_merge($blog, convert_bits_to_array($blog['adminoptions'], $this->registry->bf_misc_adminoptions)); $show['private'] = false; if (can_moderate() AND $blog['userid'] != $this->registry->userinfo['userid']) { $membercanview = $blog['options_member'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; $buddiescanview = $blog['options_buddy'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; if (!$membercanview AND (!$blog['buddyid'] OR !$buddiescanview)) { $show['private'] = true; } } $blog['entries'] = vb_number_format($blog['entries']); $blog['comments'] = vb_number_format($blog['comments']); $blog['lastentrydate'] = vbdate($this->registry->options['dateformat'], $blog['lastblog'], true); $blog['lastentrytime'] = vbdate($this->registry->options['timeformat'], $blog['lastblog']); $blog['entrytitle'] = fetch_trimmed_title($blog['lastblogtitle'], 20); if ($blog['title']) { $blog['title'] = fetch_trimmed_title($blog['title'], 50); } $lastentrycats = explode(',', $blog['categories']); $lastcommentcats = explode(',', $blog['categories_lastcomment']); $show['lastentry'] = array_intersect($this->registry->userinfo['blogcategorypermissions']['cantview'], $lastentrycats) ? false : true; $show['lastcomment'] = array_intersect($this->registry->userinfo['blogcategorypermissions']['cantview'], $lastcommentcats) ? false : true; $templater = vB_Template::create('blog_blog_row'); $templater->register('blog', $blog); $templater->register('thread', $thread); $groupbits .= $templater->render(); } $this->block_data['groupblogs'] = $groupbits; $show['inlinemod'] = $temp; } if (!in_coventry($this->profile->userinfo['userid']) AND ($this->profile->userinfo['lastblog'])) { $sql_and = array(); $state = array('visible'); $sql_and[] = "blog.state IN('" . implode("', '", $state) . "')"; $sql_and[] = "blog.dateline <= " . TIMENOW; $sql_and[] = "blog.pending = 0"; $sql_and[] = "blog.userid = " . $this->profile->userinfo['userid']; if (!can_moderate_blog() AND $this->profile->userinfo['userid'] != $this->registry->userinfo['userid'] AND !$bloginfo['buddyid']) { $sql_and[] = "~blog.options & " . $this->registry->bf_misc_vbblogoptions['private']; } if (!empty($this->registry->userinfo['blogcategorypermissions']['cantview']) AND $this->profile->userinfo['userid'] != $this->registry->userinfo['userid']) { $joinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $this->registry->userinfo['blogcategorypermissions']['cantview']) . "))"; $sql_and[] = "cu.blogcategoryid IS NULL"; } $blogids = array(); $blogs = $this->registry->db->query_read_slave(" SELECT blog.blogid, blog.attach FROM " . TABLE_PREFIX . "blog AS blog $joinsql WHERE " . implode("\r\n\tAND ", $sql_and) . " ORDER BY blog.dateline DESC LIMIT 5 "); while ($blog = $this->registry->db->fetch_array($blogs)) { $blogids[] = $blog['blogid']; $attachcount += $blog['attach']; } if ($blogids) { // Query Attachments if ($attachcount) { require_once(DIR . '/packages/vbattach/attach.php'); $attach = new vB_Attach_Display_Content($this->registry, 'vBBlog_BlogEntry'); $postattach = $attach->fetch_postattach(0, $blogids); } $this->block_data['lastblogtitle'] = $this->profile->userinfo['lastblogtitle']; $this->block_data['lastblogdate'] = vbdate($this->registry->options['dateformat'], $this->profile->userinfo['lastblog']); $this->block_data['lastblogtime'] = vbdate($this->registry->options['timeformat'], $this->profile->userinfo['lastblog'], true); $categories = array(); $cats = $this->registry->db->query_read_slave(" SELECT blogid, title, blog_category.blogcategoryid, blog_categoryuser.userid, blog_category.userid AS creatorid FROM " . TABLE_PREFIX . "blog_categoryuser AS blog_categoryuser LEFT JOIN " . TABLE_PREFIX . "blog_category AS blog_category ON (blog_category.blogcategoryid = blog_categoryuser.blogcategoryid) WHERE blogid IN (" . implode(',', $blogids) . ") ORDER BY blogid, displayorder "); while ($cat = $this->registry->db->fetch_array($cats)) { $categories["$cat[blogid]"][] = $cat; } require_once(DIR . '/includes/class_bbcode_blog.php'); require_once(DIR . '/includes/class_blog_entry.php'); $bbcode = new vB_BbCodeParser_Blog_Snippet($this->registry, fetch_tag_list()); $factory = new vB_Blog_EntryFactory($this->registry, $bbcode, $categories); $first = true; // Last Five Entries $entries = $this->registry->db->query_read_slave(" SELECT blog.*, blog.options AS blogoptions, blog_text.pagetext, blog_text.allowsmilie, blog_text.ipaddress, blog_text.reportthreadid, blog_text.ipaddress AS blogipaddress, user.*, userfield.*, usertextfield.* " . (($this->registry->options['threadvoted'] AND $this->registry->userinfo['userid']) ? ', blog_rate.vote' : '') . " " . (!($this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canseehiddencustomfields']) ? $this->registry->profilefield['hidden'] : "") . " " . (($this->registry->options['threadmarking'] AND $this->registry->userinfo['userid']) ? ", blog_read.readtime AS blogread, blog_userread.readtime AS bloguserread" : "") . " FROM " . TABLE_PREFIX . "blog AS blog INNER JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog_text.blogtextid = blog.firstblogtextid) LEFT JOIN " . TABLE_PREFIX . "user AS user ON (blog.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid) " . (($this->registry->options['threadmarking'] AND $this->registry->userinfo['userid']) ? " LEFT JOIN " . TABLE_PREFIX . "blog_read AS blog_read ON (blog_read.blogid = blog.blogid AND blog_read.userid = " . $this->registry->userinfo['userid'] . ") LEFT JOIN " . TABLE_PREFIX . "blog_userread AS blog_userread ON (blog_userread.bloguserid = blog.userid AND blog_userread.userid = " . $this->registry->userinfo['userid'] . ") " : "") . " " . (($this->registry->options['threadvoted'] AND $this->registry->userinfo['userid']) ? "LEFT JOIN " . TABLE_PREFIX . "blog_rate AS blog_rate ON (blog_rate.blogid = blog.blogid AND blog_rate.userid = " . $this->registry->userinfo['userid'] . ")" : '') . " WHERE blog.blogid IN (" . implode(',', $blogids) . ") ORDER BY blog.dateline DESC LIMIT 5 "); while ($blog = $this->registry->db->fetch_array($entries)) { if ($first) { $show['latestentry'] = true; $first = false; } else { $show['latestentry'] = false; } $entry_handler =& $factory->create($blog, '_Profile'); $entry_handler->cachable = false; $entry_handler->excerpt = true; $entry_handler->attachments = $postattach["$blog[blogid]"]; $this->block_data['latestentries'] .= $entry_handler->construct(); } // Comments $state = array('visible'); $commentstate = array('visible'); $sql_and = array(); $sql_and[] = "blog.state IN('" . implode("', '", $state) . "')"; $sql_and[] = "blog.dateline <= " . TIMENOW; $sql_and[] = "blog.pending = 0"; $sql_and[] = "blog_text.state IN('" . implode("', '", $commentstate) . "')"; $sql_and[] = "blog.firstblogtextid <> blog_text.blogtextid"; $sql_and[] = "blog_text.bloguserid = " . $this->profile->userinfo['userid']; if (!can_moderate_blog() AND !is_member_of_blog($this->registry->userinfo, $this->profile->userinfo) AND !$bloginfo['buddyid']) { $sql_and[] = "~blog.options & " . $this->registry->bf_misc_vbblogoptions['private']; } if (!empty($this->registry->userinfo['blogcategorypermissions']['cantview']) AND $this->profile->userinfo['userid'] != $this->registry->userinfo['userid']) { $joinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $this->registry->userinfo['blogcategorypermissions']['cantview']) . "))"; $sql_and[] = "cu.blogcategoryid IS NULL"; } $this->registry->options['vbblog_snippet'] = 20; require_once(DIR . '/includes/class_blog_response.php'); $bbcode = new vB_BbCodeParser_Blog_Snippet_Featured($this->registry, fetch_tag_list()); $factory = new vB_Blog_ResponseFactory($this->registry, $bbcode, $bloginfo); $comments = $this->registry->db->query_read_slave(" SELECT blog_text.username AS postusername, blog_text.ipaddress AS blogipaddress, blog_text.state, blog_text.blogtextid, blog_text.title, blog_text.dateline, blog_text.pagetext, blog_text.allowsmilie, blog.userid AS blog_userid, blog.blogid, blog.title AS entrytitle, blog.state AS blog_state, blog.firstblogtextid, blog.options AS blogoptions, blog_user.memberids, blog_user.memberblogids, blog.postedby_userid, blog.postedby_username, user2.usergroupid AS blog_usergroupid, user2.infractiongroupids AS blog_inractiongroupids, user2.membergroupids AS blog_membergroupids, user.*, blog_user.title AS blogtitle, IF(user.displaygroupid = 0, user.usergroupid, user.displaygroupid) AS displaygroupid, user.infractiongroupid, options_ignore, options_buddy, options_member, options_guest, blog.userid AS blog_userid, blog.state AS blog_state, blog.firstblogtextid " . ($this->registry->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . " " . (($this->registry->options['threadmarking'] AND $this->registry->userinfo['userid']) ? ", blog_read.readtime AS blogread, blog_userread.readtime AS bloguserread" : "") . " " . ($vbulletin->userinfo['userid'] ? ", gm.permissions AS grouppermissions" : "") . " FROM " . TABLE_PREFIX . "blog_text AS blog_text LEFT JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blogid = blog_text.blogid) LEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = blog_text.userid) LEFT JOIN " . TABLE_PREFIX . "user AS user2 ON (user2.userid = blog.userid) LEFT JOIN " . TABLE_PREFIX . "blog_user AS blog_user ON (blog_user.bloguserid = blog.userid) " . (($this->registry->options['threadmarking'] AND $this->registry->userinfo['userid']) ? " LEFT JOIN " . TABLE_PREFIX . "blog_read AS blog_read ON (blog_read.blogid = blog.blogid AND blog_read.userid = " . $this->registry->userinfo['userid'] . ") LEFT JOIN " . TABLE_PREFIX . "blog_userread AS blog_userread ON (blog_userread.bloguserid = blog.userid AND blog_userread.userid = " . $this->registry->userinfo['userid'] . ") " : "") . " " . ($vbulletin->userinfo['userid'] ? "LEFT JOIN " . TABLE_PREFIX . "blog_groupmembership AS gm ON (blog.userid = gm.bloguserid AND gm.userid = " . $vbulletin->userinfo['userid'] . ")" : '') . " " . ($this->registry->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . " $joinsql WHERE " . implode("\r\n\tAND ", $sql_and) . " ORDER BY blog_text.dateline DESC LIMIT 5 "); while ($comment = $this->registry->db->fetch_array($comments)) { $bloginfo = array( 'blogid' => $comment['blogid'], 'userid' => $comment['blog_userid'], 'state' => $comment['blog_state'], 'firstblogtextid' => $comment['firstblogtextid'], 'blogread' => $comment['blogread'], 'bloguserread' => $comment['bloguserread'], 'usergroupid' => $comment['blog_usergroupid'], 'infractiongroupids' => $comment['blog_infractiongroupids'], 'membergroupids' => $comment['blog_membergroupids'], 'memberids' => $comment['memberids'], 'memberblogids' => $comment['memberblogids'], 'postedby_userid' => $comment['postedby_userid'], 'postedby_username' => $comment['postedby_username'], 'grouppermissions' => $comment['grouppermissions'], ); cache_permissions($bloginfo, false); $response_handler->bloginfo =& $bloginfo; $response_handler =& $factory->create($comment, 'Comment_Profile'); $response_handler->cachable = false; $response_handler->linkblog = true; $this->block_data['commentsreceived'] .= $response_handler->construct(); } } } }
public function getData() { $vbulletin =& $this->registry; if ($this->config['blogentries_userids']) { $userids = explode(',', $this->config['blogentries_userids']); $useridsql = ''; if (intval($userids[0])) { $useridsql = " AND blog.userid IN (-1"; foreach ((array) $userids as $userid) { $useridsql .= "," . intval($userid); } $useridsql .= ")"; } } require_once DIR . '/includes/blog_functions_shared.php'; prepare_blog_category_permissions($this->registry->userinfo); $catjoin = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid)"; if ($this->config['blogentries_catids']) { $catidsql = ''; if (!in_array(-2, $this->config['blogentries_catids'])) { if (in_array(-1, $this->config['blogentries_catids'])) { $catidsql .= " AND (cu.blogcategoryid IS NULL OR cu.blogcategoryid IN (-1"; } else { $catidsql .= " AND (cu.blogcategoryid IN (-1"; } foreach ($this->config['blogentries_catids'] as $catid) { $catidsql .= ",{$catid}"; } $catidsql .= "))"; if (!empty($this->registry->userinfo['blogcategorypermissions']['cantview'])) { $catidsql .= " AND cu.blogcategoryid NOT IN (" . implode(", ", $this->registry->userinfo['blogcategorypermissions']['cantview']) . ")"; } } } if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { $sql_and[] = "blog.userid = " . $vbulletin->userinfo['userid']; } if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) and $vbulletin->userinfo['userid']) { $sql_and[] = "blog.userid <> " . $vbulletin->userinfo['userid']; } $state = array('visible'); if (can_moderate_blog('canmoderateentries')) { $state[] = 'moderation'; } $sql_and[] = "blog.state IN('" . implode("', '", $state) . "')"; $sql_and[] = "blog.dateline <= " . TIMENOW; $sql_and[] = "blog.pending = 0"; $sql_join = array(); $sql_or = array(); if (!can_moderate_blog()) { if ($vbulletin->userinfo['userid']) { $sql_or[] = "blog.userid = " . $vbulletin->userinfo['userid']; $sql_or[] = "(options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL)"; $sql_or[] = "(options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)"; $sql_or[] = "(options_member & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL) AND (options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR ignored.relationid IS NULL))"; $sql_and[] = "(" . implode(" OR ", $sql_or) . ")"; $sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = blog.userid AND buddy.relationid = " . $vbulletin->userinfo['userid'] . " AND buddy.type = 'buddy')"; $sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = blog.userid AND ignored.relationid = " . $vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore')"; $sql_and[] = "\n\t\t\t\t\t(blog.userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\t\t\tOR\n\t\t\t\t\t~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private'] . "\n\t\t\t\t\t\tOR\n\t\t\t\t\t(options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL))"; } else { $sql_and[] = "options_guest & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog']; $sql_and[] = "~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private']; } } $datecut = TIMENOW - $this->config['datecut'] * 86400; switch (intval($this->config['blogentries_type'])) { case 0: $ordersql = " blog.dateline DESC"; $datecutoffsql = " AND blog.dateline > {$datecut}"; break; case 1: $ordersql = " blog.lastcomment DESC"; $datecutoffsql = " AND blog.lastcomment > {$datecut}"; break; case 2: $ordersql = " blog.comments_visible DESC"; $datecutoffsql = " AND blog.dateline > {$datecut}"; break; case 3: $ordersql = " blog.views DESC"; $datecutoffsql = " AND blog.dateline > {$datecut}"; break; } // remove threads from users on the global ignore list if user is not a moderator $globalignore = ''; if (trim($this->registry->options['globalignore']) != '') { require_once DIR . '/includes/functions_bigthree.php'; if ($Coventry = fetch_coventry('string')) { $globalignore = "AND blog.userid NOT IN ({$Coventry}) "; } } $results = $this->registry->db->query_read_slave("\n\t\t\tSELECT blog.blogid, blog.comments_visible as replycount, blog.title, blog.lastcomment, blog.lastcommenter, blog.postedby_userid, blog.postedby_username, blog.dateline,\n\t\t\t\tblog_text.blogtextid, blog_text.pagetext AS message,\n\t\t\t\tblog_user.title as blogtitle, blog_user.description as blogdescription,\n\t\t\t\tuser.*\n\t\t\t\t" . ($this->registry->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . "\n\t\t\tFROM " . TABLE_PREFIX . "blog AS blog\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog_text.blogtextid = blog.firstblogtextid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog_user AS blog_user ON (blog_user.bloguserid = blog.userid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (blog.userid = user.userid)\n\t\t\t{$catjoin}\n\t\t\t" . (!empty($sql_join) ? implode("\r\n", $sql_join) : "") . "\n\t\t\t" . ($this->registry->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\t\tWHERE 1=1\n\t\t\t\t{$useridsql}\n\t\t\t\t{$catidsql}\n\t\t\t\t{$datecutoffsql}\n\t\t\t\t{$globalignore}\n\t\t\t\tAND " . implode("\r\n\tAND ", $sql_and) . "\n\t\t\tORDER BY{$ordersql}\n\t\t\tLIMIT 0," . intval($this->config['blogentries_limit']) . "\n\t\t"); while ($row = $this->registry->db->fetch_array($results)) { //$row['url'] = fetch_seo_url('entry', $row); // trim the title after fetching the url //$row['title'] = fetch_trimmed_title($row['title'], $this->config['blogentries_titlemaxchars']); //still need to censor the title $row['title'] = fetch_censored_text($row['title']); $row['blogtitle'] = $row['blogtitle'] ? $row['blogtitle'] : $row['username']; $row['date'] = vbdate($this->registry->options['dateformat'], $row['dateline'], true); $row['time'] = vbdate($this->registry->options['timeformat'], $row['dateline']); $row['lastpostdate'] = vbdate($this->registry->options['dateformat'], $row['lastcomment'], true); $row['lastposttime'] = vbdate($this->registry->options['timeformat'], $row['lastcomment']); $row['message'] = $this->get_summary($row['message'], $this->config['blogentries_messagemaxchars']); // get avatar $this->fetch_avatarinfo($row); $array[$row['blogid']] = $row; } return $array; }
private function getBlogs($type) { global $vbulletin, $VB_API_REQUESTS; $blogentries_catids = $this->verifycommaoption($vbulletin->options['mobilehomeblogcatids']); $blogentries_userids = $this->verifycommaoption($vbulletin->options['mobilehomebloguserids']); if ($blogentries_userids) { $useridsql = ''; $useridsql = " AND blog.userid IN (-1"; foreach ((array) $blogentries_userids as $userid) { $useridsql .= "," . intval($userid); } $useridsql .= ")"; } require_once DIR . '/includes/blog_functions_shared.php'; prepare_blog_category_permissions($vbulletin->userinfo); $catjoin = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid)"; if ($blogentries_catids) { $catidsql = ''; if (!in_array(-2, $blogentries_catids)) { if (in_array(-1, $blogentries_catids)) { $catidsql .= " AND (cu.blogcategoryid IS NULL OR cu.blogcategoryid IN (-1"; } else { $catidsql .= " AND (cu.blogcategoryid IN (-1"; } foreach ($blogentries_catids as $catid) { $catidsql .= ",{$catid}"; } $catidsql .= "))"; if (!empty($vbulletin->userinfo['blogcategorypermissions']['cantview'])) { $catidsql .= " AND cu.blogcategoryid NOT IN (" . implode(", ", $vbulletin->userinfo['blogcategorypermissions']['cantview']) . ")"; } } } if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { $sql_and[] = "blog.userid = " . $vbulletin->userinfo['userid']; } if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) and $vbulletin->userinfo['userid']) { $sql_and[] = "blog.userid <> " . $vbulletin->userinfo['userid']; } $state = array('visible'); if (can_moderate_blog('canmoderateentries')) { $state[] = 'moderation'; } $sql_and[] = "blog.state IN('" . implode("', '", $state) . "')"; $sql_and[] = "blog.dateline <= " . TIMENOW; $sql_and[] = "blog.pending = 0"; $sql_join = array(); $sql_or = array(); if (!can_moderate_blog()) { if ($vbulletin->userinfo['userid']) { $sql_or[] = "blog.userid = " . $vbulletin->userinfo['userid']; $sql_or[] = "(options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL)"; $sql_or[] = "(options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)"; $sql_or[] = "(options_member & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL) AND (options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR ignored.relationid IS NULL))"; $sql_and[] = "(" . implode(" OR ", $sql_or) . ")"; $sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = blog.userid AND buddy.relationid = " . $vbulletin->userinfo['userid'] . " AND buddy.type = 'buddy')"; $sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = blog.userid AND ignored.relationid = " . $vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore')"; $sql_and[] = "\n\t\t\t\t\t(blog.userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\t\t\tOR\n\t\t\t\t\t~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private'] . "\n\t\t\t\t\t\tOR\n\t\t\t\t\t(options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL))"; } else { $sql_and[] = "options_guest & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog']; $sql_and[] = "~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private']; } } if ($type != 'last') { $datecut = TIMENOW - $vbulletin->options['mobilehomeblogdatecut'] * 86400; } else { $datecut = $vbulletin->userinfo['lastvisit']; } switch ($type) { case 'new': $ordersql = " blog.dateline DESC"; $datecutoffsql = " AND blog.dateline > {$datecut}"; break; case 'top': $ordersql = " blog.views DESC"; $datecutoffsql = " AND blog.dateline > {$datecut}"; break; case 'last': $ordersql = " blog.lastcomment DESC"; $datecutoffsql = " AND blog.lastcomment > {$datecut}"; break; default: return null; } // remove threads from users on the global ignore list if user is not a moderator $globalignore = ''; if (trim($vbulletin->options['globalignore']) != '') { require_once DIR . '/includes/functions_bigthree.php'; if ($Coventry = fetch_coventry('string')) { $globalignore = "AND blog.userid NOT IN ({$Coventry}) "; } } $results = $vbulletin->db->query_read_slave("\n\t\t\tSELECT DISTINCT blog.blogid, blog.comments_visible as replycount, blog.title, blog.lastcomment, blog.lastcommenter, blog.postedby_userid, blog.postedby_username, blog.dateline, blog.views,\n\t\t\t\tblog_text.blogtextid, blog_text.pagetext AS message,\n\t\t\t\tblog_user.title as blogtitle, blog_user.description as blogdescription,\n\t\t\t\tuser.*\n\t\t\t\t" . ($vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . "\n\t\t\tFROM " . TABLE_PREFIX . "blog AS blog\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog_text.blogtextid = blog.firstblogtextid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog_user AS blog_user ON (blog_user.bloguserid = blog.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (blog.userid = user.userid)\n\t\t\t{$catjoin}\n\t\t\t" . (!empty($sql_join) ? implode("\r\n", $sql_join) : "") . "\n\t\t\t" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\t\tWHERE 1=1\n\t\t\t\t{$useridsql}\n\t\t\t\t{$catidsql}\n\t\t\t\t{$datecutoffsql}\n\t\t\t\t{$globalignore}\n\t\t\t\tAND " . implode("\r\n\tAND ", $sql_and) . "\n\t\t\tORDER BY{$ordersql}\n\t\t\tLIMIT 0, " . $vbulletin->options['mobilehomemaxitems'] . "\n\t\t"); $i = 0; while ($row = $vbulletin->db->fetch_array($results)) { $row['title'] = fetch_censored_text($row['title']); // get avatar $this->fetch_avatarinfo($row); $array[$i] = array('blogid' => $row['blogid'], 'title' => $row['title'], 'replycount' => $row['replycount'], 'viewcount' => $row['views'], 'userid' => $row['postedby_userid'], 'username' => $row['postedby_username'], 'avatarurl' => $row['avatarurl'], 'type' => 'blog', 'time' => $row['lastcomment']); if ($VB_API_REQUESTS['api_version'] > 1) { $array[$i]['lastposttime'] = $row['lastcomment']; } else { $array[$i]['lastpostdate'] = date($vbulletin->options['dateformat'], $row['lastcomment']); $array[$i]['lastposttime'] = date($vbulletin->options['timeformat'], $row['lastcomment']); } $i++; } return $array; }
/** * This function composes and executes the SQL query to generate the * blog data. * * @return array */ private function getComments() { require_once DIR . "/includes/functions_user.php"; if (!isset($this->config['days']) OR (! intval($this->config['days'])) ) { $this->config['days'] = 7; } if (!isset($this->config['count']) OR (! intval($this->config['count'])) ) { $this->config['count'] = 10; } if (!isset($this->config['messagemaxchars']) OR (! intval($this->config['messagemaxchars'])) ) { $this->config['messagemaxchars'] = 200; } //handle authors $useridsql = empty($this->config['postuserid']) ? '' : " AND(blog.userid IN (" . implode(',', array_keys($this->config['postuserid'])) . "))"; $useridsql .= empty($this->config['commentuserid']) ? '' : " AND(blog_text.userid IN (" . implode(',', array_keys($this->config['commentuserid'])) . "))"; //categories if (empty($this->config['categories'])) { $catjoin = ''; $categorysql = ''; } else { $catjoin = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid)"; $categorysql = " AND cu.blogcategoryid IN (" . implode(',', array_keys($this->config['categories'])) . ")"; } //and tags if (empty($this->config['taglist'])) { $tagjoin = ''; $tagsql = ''; } else { $tagjoin = "LEFT JOIN " . TABLE_PREFIX . "tagcontent AS tc ON (tc.contentid = blog.blogid AND tc.contenttypeid= " . vb_Types::instance()->getContentTypeID("vBBlog_BlogEntry") . ")"; $tagsql = " AND tc.tagid IN (" . implode(',', array_keys($this->config['taglist'])) . ")"; } $datecutoffsql = "AND (blog.dateline > " . (TIMENOW - (86400 * $this->config['days']) ). ")" ; require_once(DIR . '/includes/blog_functions_shared.php'); prepare_blog_category_permissions(vB::$vbulletin->userinfo); if (!(vB::$vbulletin->userinfo['permissions']['vbblog_general_permissions'] & vB::$vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { $sql_and[] = "blog.userid = " . vB::$vbulletin->userinfo['userid']; } $state = array('visible'); if (can_moderate_blog('canmoderateentries')) { $state[] = 'moderation'; } $sql_and[] = "blog.state IN('" . implode("', '", $state) . "')"; $sql_and[] = "blog.dateline <= " . TIMENOW; $sql_and[] = "blog.pending = 0"; $sql_join = array(); $sql_or = array(); if (!can_moderate_blog()) { if (vB::$vbulletin->userinfo['userid']) { $sql_or[] = "blog.userid = " . vB::$vbulletin->userinfo['userid']; $sql_or[] = "(options_ignore & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL)"; $sql_or[] = "(options_buddy & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)"; $sql_or[] = "(options_member & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL) AND (options_ignore & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR ignored.relationid IS NULL))"; $sql_and[] = "(" . implode(" OR ", $sql_or) . ")"; $sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = blog.userid AND buddy.relationid = " . vB::$vbulletin->userinfo['userid'] . " AND buddy.type = 'buddy')"; $sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = blog.userid AND ignored.relationid = " . vB::$vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore')"; $sql_and[] = " (blog.userid = " . vB::$vbulletin->userinfo['userid'] . " OR ~blog.options & " . vB::$vbulletin->bf_misc_vbblogoptions['private'] . " OR (options_buddy & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL))"; } else { $sql_and[] = "options_guest & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog']; $sql_and[] = "~blog.options & " . vB::$vbulletin->bf_misc_vbblogoptions['private']; } } $globalignore = ''; if (trim(vB::$vbulletin->options['globalignore']) != '') { require_once(DIR . '/includes/functions_bigthree.php'); if ($Coventry = fetch_coventry('string')) { $globalignore = "AND blog.userid NOT IN ($Coventry) "; } } $sql = "SELECT blog.blogid, blog.comments_visible as replycount, blog.title, blog.lastcomment, blog.lastcommenter, blog.postedby_userid, blog.postedby_username, blog.dateline, blog_text.blogtextid, blog_text.pagetext AS message, blog.ratingnum, blog.ratingtotal, blog.rating, blog.views, blog.postedby_userid AS userid, blog.postedby_username AS username, blog_user.title as blogtitle, blog_user.description as blogdescription, blog.trackback_visible, user.* " . (vB::$vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . " FROM " . TABLE_PREFIX . "blog AS blog INNER JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON ((blog_text.blogid = blog.blogid) AND (blog_text.blogtextid <> blog.firstblogtextid)) INNER JOIN " . TABLE_PREFIX . "blog_user AS blog_user ON (blog_user.bloguserid = blog.userid) LEFT JOIN " . TABLE_PREFIX . "user AS user ON (blog_text.userid = user.userid) " . implode("\r\n\t ", $sql_join) . " $catjoin $tagjoin " . (vB::$vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . " WHERE 1=1 $useridsql $categorysql $tagsql $datecutoffsql $globalignore AND " . implode("\r\n\tAND ", $sql_and) . " ORDER BY blog_text.dateline DESC LIMIT 0," . $this->config['count'] ; $results = vB::$db->query_read($sql); $array = array(); $parser = new vBCms_BBCode_HTML(vB::$vbulletin, vBCms_BBCode_HTML::fetchCmsTags()); while ($blogcomment = vB::$db->fetch_array($results)) { $blogcomment['title'] = fetch_trimmed_title($blogcomment['title'], $this->config['blogentries_titlemaxchars']); $urlinfo = array('blogid' => $blogcomment['blogid'], 'blog_title' => $blogcomment['title']); $blogcomment['url'] = fetch_seo_url('entry', $urlinfo, array('bt' => $blogcomment['blogtextid'])) . "#comment" . $blogcomment['blogtextid'] ; $blogcomment['blogtitle'] = $blogcomment['blogtitle'] ? $blogcomment['blogtitle'] : $blogcomment['username']; $blogcomment['date'] = vbdate(vB::$vbulletin->options['dateformat'], $blogcomment['dateline'], true); $blogcomment['time'] = vbdate(vB::$vbulletin->options['timeformat'], $blogcomment['dateline']); $thread['lastpostdate'] = vbdate(vB::$vbulletin->options['dateformat'], $thread['lastcomment'], true); $thread['lastposttime'] = vbdate(vB::$vbulletin->options['timeformat'], $thread['lastcomment']); $blogcomment['message'] = $this->getSummary($blogcomment['message'], $this->config['messagemaxchars']); //get the avatar if (vB::$vbulletin->options['avatarenabled']) { $blogcomment['avatar'] = fetch_avatar_url($blogcomment['userid']); } else { $blogcomment['avatar'] = 0; } $blogcomment['tags'] = array(); $array[$blogcomment['blogtextid']] = $blogcomment; } //let's get the tags; if (!empty($array)) { $sql = "SELECT tag.tagid, tc.contentid, tag.tagtext FROM " . TABLE_PREFIX . "tagcontent AS tc INNER JOIN " . TABLE_PREFIX . "tag AS tag ON tag.tagid = tc.tagid WHERE tc.contentid IN (" . implode(',', array_keys($array)) . ") AND tc.contenttypeid= " . vb_Types::instance()->getContentTypeID("vBBlog_BlogEntry") ; if ($rst = vB::$db->query_read($sql)) { while ($record = vB::$db->fetch_array($rst)) { $array[$record['contentid']]['tags'][$record['tagid']] = $record['tagtext']; } } } return $array; }
/** * Build the blog statistics for sidebar * * @return void */ function build_blog_stats() { global $vbulletin; $blogstats = array(); $total_blog_users = $vbulletin->db->query_first_slave(" SELECT COUNT(DISTINCT userid) AS total FROM " . TABLE_PREFIX . "blog WHERE state = 'visible' "); $total_blog_entries = $vbulletin->db->query_first_slave(" SELECT COUNT(*) AS total FROM " . TABLE_PREFIX . "blog WHERE state = 'visible' AND dateline <= " . TIMENOW . " AND pending = 0 "); $entries_in_24hours = $vbulletin->db->query_first_slave(" SELECT COUNT(*) AS total FROM " . TABLE_PREFIX . "blog WHERE state = 'visible' AND (dateline > " . (TIMENOW - (24 * 3600)) . " AND dateline <= " . TIMENOW . ") AND pending = 0 "); if ($lastentry = $vbulletin->db->query_first_slave(" SELECT user.username, blog.userid, blog.title, blog.blogid, blog.categories, blog.postedby_username, blog.postedby_userid, bu.title AS blogtitle, bu.options_guest & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AS guestcanview FROM " . TABLE_PREFIX . "blog AS blog LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (blog.userid = bu.bloguserid) LEFT JOIN " . TABLE_PREFIX . "user AS user ON (blog.userid = user.userid) WHERE state = 'visible' AND dateline <= " . TIMENOW . " AND blog.pending = 0 AND ~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private'] . " AND bu.options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND bu.options_member & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " ORDER BY dateline DESC LIMIT 1 ")) { $blogstats['lastentry'] = $lastentry; $guestuser = array( 'userid' => 0, 'usergroupid' => 0, ); cache_permissions($guestuser, false); prepare_blog_category_permissions($guestuser); $entrycats = explode(',', $lastentry['categories']); if ( ( array_intersect($guestuser['blogcategorypermissions']['cantview'], $entrycats) OR !$lastentry['guestcanview'] ) AND $guestuser['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'] AND $guestuser['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers'] ) { $blogstats['lastentry']['guestcanview'] = false; if (!empty($guestuser['blogcategorypermissions']['cantview'])) { $joinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $guestuser['blogcategorypermissions']['cantview']) . "))"; $wheresql = "AND cu.blogcategoryid IS NULL"; } if ($lastentry_guest = $vbulletin->db->query_first_slave(" SELECT user.username, blog.userid, blog.title, blog.blogid, blog.categories, blog.postedby_userid, blog.postedby_username, bu.title AS blogtitle FROM " . TABLE_PREFIX . "blog AS blog LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (blog.userid = bu.bloguserid) LEFT JOIN " . TABLE_PREFIX . "user AS user ON (blog.userid = user.userid) $joinsql WHERE state = 'visible' AND dateline <= " . TIMENOW . " AND blog.pending = 0 AND ~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private'] . " AND bu.options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND bu.options_member & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND bu.options_guest & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " $wheresql ORDER BY dateline DESC LIMIT 1 ")) { $blogstats['lastentry_guest'] = $lastentry_guest; } } } $blogstats['total_blog_users'] = $total_blog_users['total']; $blogstats['total_blog_entries'] = $total_blog_entries['total']; $blogstats['entries_in_24hours'] = $entries_in_24hours['total']; build_datastore('blogstats', serialize($blogstats), 1); return $blogstats; }
exit; } // Check if blog is disabled, if so send off to forum home. Alternatively, show a "Blog is disabled" error message? if (!$vbulletin->products['vbblog']) { exec_header_redirect($vbulletin->options['forumhome'] . '.php'); } // Init vbblog array into the registry $vbulletin->vbblog = array(); $onload = ''; if (!$vbulletin->userinfo['userid']) { prepare_blog_category_permissions($vbulletin->userinfo); } if (!$vbulletin->options['enablehooks'] OR defined('DISABLE_HOOKS')) { standard_error(fetch_error('product_requires_plugin_system')); } // Check that the user can use the blog if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { if (!defined('VBBLOG_SKIP_PERMCHECK') AND (!$vbulletin->userinfo['userid'] OR !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']))) { if (defined('DIE_QUIETLY')) { exit;
/** * Fetches the SQL to be queried as part of a UNION ALL of an attachment query, verifying read permissions * * @param string SQL WHERE criteria * @param string Contents of the SELECT portion of the main query * * @return string */ protected function fetch_sql_ids($criteria, $selectfields) { $subwheresql = array( "a.contentid <> 0", ); $joinsql = array( "LEFT JOIN " . TABLE_PREFIX . "blog AS blog ON (a.contentid = blog.blogid)", "LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = blog.userid)", "LEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = blog.userid)", ); prepare_blog_category_permissions($this->registry->userinfo, true); if (!empty($this->registry->userinfo['blogcategorypermissions']['cantview'])) { $joinsql[] = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $this->registry->userinfo['blogcategorypermissions']['cantview']) . "))"; if ($vbulletin->userinfo['userid']) { $subwheresql[] = "(cu.blogcategoryid IS NULL OR blog.userid = " . $this->registry->userinfo['userid'] . ")"; } else { $subwheresql[] = "cu.blogcategoryid IS NULL"; } } if ($this->registry->userinfo['userid']) { if (!$this->registry->userinfo['memberblogids']) { $mb = $this->registry->db->query_first(" SELECT memberblogids, memberids FROM " . TABLE_PREFIX . "blog_user WHERE bloguserid = {$this->registry->userinfo['userid']} "); $this->registry->userinfo['memberblogids'] = $mb['memberblogids'] ? $mb['memberblogids'] : $this->registry->userinfo['userid']; $this->registry->userinfo['memberids'] = $mb ? $mb['memberids'] : $this->registry->userinfo['userid']; } } else { $this->registry->userinfo['memberblogids'] = 0; $this->registry->userinfo['memberblogids'] = 0; } if (!can_moderate_blog()) { if ($this->registry->userinfo['userid']) { $userlist_sql = array(); $userlist_sql[] = "a.userid = " . $this->registry->userinfo['userid']; $userlist_sql[] = "blog.userid IN (" . $this->registry->userinfo['memberblogids'] . ")"; $userlist_sql[] = "(options_ignore & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL)"; $userlist_sql[] = "(options_buddy & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)"; $userlist_sql[] = "(options_member & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL) AND (options_ignore & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR ignored.relationid IS NULL))"; $subwheresql[] = "(" . implode(" OR ", $userlist_sql) . ")"; $joinsql[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = bu.bloguserid AND buddy.relationid = " . $this->registry->userinfo['userid'] . " AND buddy.type = 'buddy')"; $joinsql[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = bu.bloguserid AND ignored.relationid = " . $this->registry->userinfo['userid'] . " AND ignored.type = 'ignore')"; $subwheresql[] = " ( a.userid = " . $this->registry->userinfo['userid'] . " OR blog.userid IN (" . $this->registry->userinfo['memberblogids'] . ") OR ~blog.options & " . $this->registry->bf_misc_vbblogoptions['private'] . " OR (options_buddy & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL) )"; } else { $subwheresql[] = "options_guest & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; $subwheresql[] = "~blog.options & " . $this->registry->bf_misc_vbblogoptions['private']; } $subwheresql[] = "blog.state <> 'deleted'"; } if (!can_moderate_blog('canmoderateentries')) { $subwheresql[] = "blog.state <> 'moderation'"; } $subwheresql[] = " ( ( blog.state <> 'draft' AND blog.pending = 0 ) OR blog.userid IN (" . $this->registry->userinfo['memberblogids'] . ") ) "; if (!can_moderate_blog('canmoderateentries')) { $subwheresql[] = " ( a.state <> 'moderation' OR blog.userid IN (" . $this->registry->userinfo['memberblogids'] . ") ) "; } if (!($this->registry->userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_cangetattach'])) { $subwheresql[] = "1 = 2"; } if (!($this->registry->userinfo['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewown'])) { $subwheresql[] = "a.userid = {$this->registry->userinfo['userid']}"; } if (!($this->registry->userinfo['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { $subwheresql[] = "a.userid <> {$this->registry->userinfo['userid']}"; } if ($this->registry->userinfo['userid']) { $joinsql[] = "LEFT JOIN " . TABLE_PREFIX . "blog_groupmembership AS gm ON (blog.userid = gm.bloguserid AND gm.userid = " . $this->registry->userinfo['userid'] . ")"; } return $this->fetch_sql_ids_specific($this->contenttypeid, $criteria, $selectfields, $subwheresql, $joinsql); }
public function fetch_tag_cloud_query_bits() { $joinsql['blog'] = "INNER JOIN " . TABLE_PREFIX . "blog AS blog ON (tagcontent.contentid = blog.blogid)"; $wheresql = array( "blog.dateline <= " . TIMENOW, "blog.pending = 0", "blog.state = 'visible'", "~blog.options & " . $this->registry->bf_misc_vbblogoptions['private'], ); if ($this->registry->options['vbblog_tagcloud_cachetype'] == 1) { $joinsql['blog_user'] = "******" . TABLE_PREFIX . "blog_user AS blog_user ON (blog.userid = blog_user.bloguserid)"; if ($this->registry->userinfo['userid']) { //user options $canviewblogflag = $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; $userlist_sql = array(); $userlist_sql[] = "(blog_user.options_ignore & $canviewblogflag " . " AND ignored.relationid IS NOT NULL)"; $userlist_sql[] = "(blog_user.options_buddy & $canviewblogflag " . " AND buddy.relationid IS NOT NULL)"; $userlist_sql[] = "( blog_user.options_member & $canviewblogflag AND (blog_user.options_buddy & $canviewblogflag OR buddy.relationid IS NULL) AND (blog_user.options_ignore & $canviewblogflag OR ignored.relationid IS NULL) )"; $wheresql[] = "(" . implode(" OR ", $userlist_sql) . ")"; $joinsql['buddy'] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = blog.userid AND buddy.relationid = " . $this->registry->userinfo['userid'] . " AND buddy.type = 'buddy')"; $joinsql['ignored'] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = blog.userid AND ignored.relationid = " . $this->registry->userinfo['userid'] . " AND ignored.type = 'ignore')"; //make sure that this gets initialized global $vbulletin; if (!$vbulletin->userinfo['blogcategorypermissions']) { require_once (DIR . '/includes/blog_functions_shared.php'); prepare_blog_category_permissions($this->registry->userinfo, true); } if (!empty($this->registry->userinfo['blogcategorypermissions']['cantview'])) { $joinsql['cu'] = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $this->registry->userinfo['blogcategorypermissions']['cantview']) . ") )"; $wheresql[] = "cu.blogcategoryid IS NULL"; } } else { $wheresql[] = "blog_user.options_guest & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; $wheresql[] = "~blog.options & " . $this->registry->bf_misc_vbblogoptions['private']; } } // remove blog entries that don't interest us require_once(DIR . '/includes/functions_bigthree.php'); if ($coventry = fetch_coventry('string')) { $wheresql[] = "blog.userid NOT IN ($coventry)"; } return array('join' => $joinsql, 'where' => $wheresql); }