public function output() { global $vbulletin; $vbulletin->input->clean_array_gpc('r', array('userid' => TYPE_UINT)); // verify the userid exists, don't want useless entries in our table. if ($vbulletin->GPC['userid'] and $vbulletin->GPC['userid'] != $vbulletin->userinfo['userid']) { if (!($userinfo = fetch_userinfo($vbulletin->GPC['userid']))) { standard_error(fetch_error('invalidid', $vbphrase['user'], $vbulletin->options['contactuslink'])); } // are we a member of this user's blog? if (!is_member_of_blog($vbulletin->userinfo, $userinfo)) { print_no_permission(); } $userid = $userinfo['userid']; /* Blog posting check */ if (!($userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !($userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'])) { print_no_permission(); } } else { $userinfo =& $vbulletin->userinfo; $userid = ''; /* Blog posting check, no guests! */ if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) or !($vbulletin->userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost']) or !$vbulletin->userinfo['userid']) { print_no_permission(); } } require_once DIR . '/includes/blog_functions_shared.php'; prepare_blog_category_permissions($userinfo, true); $globalcats = $this->construct_category($userinfo, 'global'); $localcats = $this->construct_category($userinfo, 'local'); return array('globalcategorybits' => $globalcats, 'localcategorybits' => $localcats); }
protected function fetchCanViewBlogComment($blogtextid) { if (!($blogtextrecord = $this->content['blogtext'][$blogtextid])) { return false; } $blogrecord = $this->content['blog'][$blogtextrecord['blogid']]; $state = array('visible'); if (can_moderate_blog('canmoderatecomments') or is_member_of_blog(vB::$vbulletin->userinfo, $blogrecord)) { $state[] = 'moderation'; } if (!in_array($blogtextrecord['state'], $state)) { return false; } return $this->fetchCanViewBlogEntry($blogtextrecord['blogid']); }
function post_save_each($doquery = true) { $blogid = intval($this->fetch_field('blogid')); $userid = intval($this->fetch_field('userid')); $blogtextid = $this->fetch_field('blogtextid'); $postedby_userid = intval($this->fetch_field('postedby_userid')); require_once(DIR . '/vb/search/indexcontroller/queue.php'); vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogEntry', 'index', $blogid); vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogComment', 'group_data_change', $blogid); if (!$condition AND $this->info['addtags']) { // invalidate users tag cloud $dataman =& datamanager_init('Blog_User', $this->registry, ERRTYPE_SILENT); $info = array('bloguserid' => $userid); $dataman->set_existing($info); $dataman->set('tagcloud', ''); $dataman->save(); } $this->build_category_counters(); build_blog_stats(); // Insert entry for moderation if ($this->fetch_field('state') == 'moderation') { /*insert query*/ $this->dbobject->query_write(" INSERT IGNORE INTO " . TABLE_PREFIX . "blog_moderation (primaryid, type, dateline) VALUES ($blogid, 'blogid', " . TIMENOW . ") "); } // Insert entry for moderation if (!$this->condition AND ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft') OR $this->fetch_field('pending')) { $userinfo = array('bloguserid' => $userid); $userdata =& datamanager_init('Blog_user', $this->registry, ERRTYPE_SILENT); $userdata->set_existing($userinfo); if ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft') { $userdata->set($this->fetch_field('state'), $this->fetch_field('state') . ' + 1', false); } if ($this->fetch_field('pending')) { $userdata->set('pending', 'pending + 1', false); } $userdata->save(); } // Send Email Notification if (((!$this->condition AND !$this->fetch_field('pending')) OR $this->info['send_notification']) AND ($this->fetch_field('state') == 'visible' OR $this->fetch_field('state') == 'moderation') AND $this->registry->options['enableemail']) { $lastposttime = $this->dbobject->query_first(" SELECT MAX(dateline) AS dateline FROM " . TABLE_PREFIX . "blog AS blog WHERE blogid = $blogid AND dateline < " . $this->fetch_field('dateline') . " AND state = 'visible' "); $entrytitle = unhtmlspecialchars($this->fetch_field('title')); if (defined('VBBLOG_PERMS') AND $this->registry->userinfo['userid'] == $this->fetch_field('userid')) { $blogtitle = unhtmlspecialchars($this->registry->userinfo['blog_title']); $username = unhtmlspecialchars($this->registry->userinfo['username']); $userinfo =& $this->registry->userinfo; } else { if (!defined('VBBLOG_PERMS')) { // Tell the fetch_userinfo plugin that we need the blog fields in case this class is being called by a non blog script define('VBBLOG_PERMS', true); } $userinfo = fetch_userinfo($this->fetch_field('userid'), 1); cache_permissions($userinfo, false); $blogtitle = unhtmlspecialchars($userinfo['blog_title']); if ($userinfo['userid'] != $this->fetch_field('userid')) { $userinfo2 = fetch_userinfo($this->fetch_field('userid'), 1); $username = unhtmlspecialchars($userinfo2['username']); } else { $username = unhtmlspecialchars($userinfo['username']); } } require_once(DIR . '/includes/class_bbcode_alt.php'); $plaintext_parser = new vB_BbCodeParser_PlainText($this->registry, fetch_tag_list()); $pagetext_cache = array(); // used to cache the results per languageid for speed $pagetext_orig =& $this->fetch_field('pagetext', 'blog_text'); ($hook = vBulletinHook::fetch_hook('blog_user_notification_start')) ? eval($hook) : false; $useremails = $this->dbobject->query_read_slave(" SELECT user.*, blog_subscribeuser.blogsubscribeuserid, bm.blogmoderatorid, ignored.relationid AS ignoreid, buddy.relationid AS buddyid, bu.isblogmoderator, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid FROM " . TABLE_PREFIX . "blog_subscribeuser AS blog_subscribeuser INNER JOIN " . TABLE_PREFIX . "user AS user ON (blog_subscribeuser.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "blog_moderator AS bm ON (bm.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = $userid AND buddy.relationid = user.userid AND buddy.type = 'buddy') LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = $userid AND ignored.relationid = user.userid AND ignored.type = 'ignore') LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = user.userid) WHERE blog_subscribeuser.bloguserid = $userid AND " . ($userid == $postedby_userid ? "blog_subscribeuser.userid <> $userid AND" : "") . " blog_subscribeuser.type = 'email' AND user.usergroupid <> 3 AND user.lastactivity >= " . intval($lastposttime['dateline']) . " "); vbmail_start(); $setoptions = $this->fetch_field('options'); $evalemail = array(); while ($touser = $this->dbobject->fetch_array($useremails)) { cache_permissions($touser, false); // only send private entries to contacts and moderators if ($setoptions["{$this->bitfields['options']['private']}"] AND !$touser['buddyid'] AND !$touser['blogmoderatorid'] AND !is_member_of_blog($touser, $userinfo)) { continue; } if (!($this->registry->usergroupcache["$touser[usergroupid]"]['genericoptions'] & $this->registry->bf_ugp_genericoptions['isnotbannedgroup'])) { continue; } if ($this->fetch_field('state') == 'moderation') { if ($touser['userid'] != $userid AND !can_moderate_blog('canmoderateentries', $touser)) { continue; } } if (!empty($this->info['categories'])) { prepare_blog_category_permissions($touser); if (array_intersect($touser['blogcategorypermissions']['cantview'], $this->info['categories']) AND $userinfo['userid'] != $touser['userid']) { continue; } } if (!($touser['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { continue; } else if ( !$touser['blogmoderatorid'] AND !($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel']) AND !($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['ismoderator']) AND (!$userinfo['ignore_canviewmyblog'] OR !$touser['ignoreid']) AND (!$userinfo['buddy_canviewmyblog'] OR !$touser['buddyid']) AND (!$userinfo['member_canviewmyblog'] OR (!$userinfo['buddy_canviewmyblog'] AND $touser['budyid']) OR (!$userinfo['ignore_canviewmyblog'] AND $touser['ignoreid'])) AND !is_member_of_blog($touser, $userinfo) ) { continue; } $touser['username'] = unhtmlspecialchars($touser['username']); $touser['languageid'] = iif($touser['languageid'] == 0, $this->registry->options['languageid'], $touser['languageid']); $touser['auth'] = md5($touser['userid'] . $touser['blogsubscribeuserid'] . $touser['salt'] . COOKIE_SALT); if (empty($evalemail)) { $email_texts = $this->dbobject->query_read_slave(" SELECT text, languageid, fieldname FROM " . TABLE_PREFIX . "phrase WHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'blog_user_notify' "); while ($email_text = $this->dbobject->fetch_array($email_texts)) { $emails["$email_text[languageid]"]["$email_text[fieldname]"] = $email_text['text']; } require_once(DIR . '/includes/functions_misc.php'); foreach ($emails AS $languageid => $email_text) { // lets cycle through our array of notify phrases $text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody']))); $text_message = replace_template_variables($text_message); $text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject']))); $text_subject = replace_template_variables($text_subject); $evalemail["$languageid"] = ' $message = "' . $text_message . '"; $subject = "' . $text_subject . '"; '; } } // parse the page text into plain text, taking selected language into account if (!isset($pagetext_cache["$touser[languageid]"])) { $plaintext_parser->set_parsing_language($touser['languageid']); $pagetext_cache["$touser[languageid]"] = $plaintext_parser->parse($pagetext_orig); } $pagetext = $pagetext_cache["$touser[languageid]"]; ($hook = vBulletinHook::fetch_hook('blog_user_notification_message')) ? eval($hook) : false; eval(iif(empty($evalemail["$touser[languageid]"]), $evalemail["-1"], $evalemail["$touser[languageid]"])); vbmail($touser['email'], $subject, $message); } unset($plaintext_parser, $pagetext_cache); vbmail_end(); } $this->post_save_each_blogtext($doquery); if ($this->fetch_field('dateline') <= TIMENOW) { $this->insert_dupehash($this->fetch_field('blogid')); } if ($this->condition AND $this->info['emailupdate'] == 'none' AND ($userid != $this->registry->userinfo['userid'] OR ($userid == $this->registry->userinfo['userid'] AND $this->existing['entrysubscribed']))) { $this->dbobject->query_write(" DELETE FROM " . TABLE_PREFIX . "blog_subscribeentry WHERE blogid = $blogid AND userid = $userid "); } else if ($this->info['emailupdate'] == 'email' OR $this->info['emailupdate'] == 'usercp') { $this->dbobject->query_write(" REPLACE INTO " . TABLE_PREFIX . "blog_subscribeentry (blogid, dateline, type, userid) VALUES ($blogid, " . TIMENOW . ", '" . $this->info['emailupdate'] . "', $userid) "); } ($hook = vBulletinHook::fetch_hook('blog_fpdata_postsave')) ? eval($hook) : false; }
$saveparsed .= ','; } $saveparsed .= "({$comment['blogtextid']}, " . intval($bloginfo['lastcomment']) . ', ' . intval($response_handler->parsed_cache['has_images']) . ", '" . $db->escape_string($response_handler->parsed_cache['text']) . "', " . intval(STYLEID) . ", " . intval(LANGUAGEID) . ")"; } if ($comment['dateline'] > $displayed_dateline) { $displayed_dateline = $comment['dateline']; } if ($comment['state'] == 'deleted' or $ignore["{$comment['userid']}"]) { // be aware $factory->create can change $response['state'] $show['quickload'] = true; } } $show['delete'] = true; $show['undelete'] = true; $show['approve'] = true; $show['inlinemod'] = (($show['delete'] or $show['approve'] or $show['undelete']) and (can_moderate_blog() or !empty($userinfo) and is_member_of_blog($vbulletin->userinfo, $userinfo))); if ($userinfo) { $blogheader = parse_blog_description($userinfo); $sidebar =& build_user_sidebar($userinfo, $month, $year); $navbits[fetch_seo_url('blog', array('userid' => $userinfo['userid'], 'title' => $blogheader['title']))] = $blogheader['title']; } else { $sidebar =& build_overview_sidebar(); } if ($type) { $navbits[] = $vbphrase[$type . '_comments']; } else { $navbits[] = $vbphrase['comments']; } if ($vbulletin->options['quickedit']) { $show['quickedit'] = true; $templater = vB_Template::create('editor_clientscript');
/** * Prepare any data needed for the output * * @param string The id of the block * @param array Options specific to the block */ function prepare_output($id = '', $options = array()) { global $show, $vbphrase; if (!$this->registry->userinfo['userid']) { prepare_blog_category_permissions($this->registry->userinfo); } $show['lastentry'] = true; $this->block_data['entries'] = vb_number_format($this->profile->userinfo['entries']); $this->block_data['lastblogtitle'] = ''; $this->block_data['lastblogdate'] = $vbphrase['never']; $this->block_data['lastblogtime'] = ''; $memberblogs = explode(',', $this->profile->userinfo['memberblogids']); if (count($memberblogs) > 1) { $sqland = array( "bu.bloguserid IN (" . $this->profile->userinfo['memberblogids'] . ")" ); if (!($this->registry->userinfo['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) { $sqland[] = "bu.bloguserid = " . $this->registry->userinfo['userid']; } if (!($this->registry->userinfo['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewown']) AND $this->registry->userinfo['userid']) { $sqland[] = "bu.bloguserid <> " . $this->registry->userinfo['userid']; } if (trim($this->registry->options['globalignore']) != '') { require_once(DIR . '/includes/functions_bigthree.php'); if ($coventry = fetch_coventry('string') AND !can_moderate_blog()) { $sqland[] = "bu.bloguserid NOT IN ($coventry)"; } } $sqlor = array(); $sqljoin = array(); if (!can_moderate_blog()) { if ($this->registry->userinfo['userid']) { $sqlor[] = "bu.bloguserid IN (" . $this->registry->userinfo['memberblogids'] . ")"; $sqlor[] = "(options_ignore & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL)"; $sqlor[] = "(options_buddy & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)"; $sqlor[] = "(options_member & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " .$this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL) AND (options_ignore & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR ignored.relationid IS NULL))"; $sqland[] = "(" . implode(" OR ", $sqlor) . ")"; $sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = bu.bloguserid AND buddy.relationid = " . $this->registry->userinfo['userid'] . " AND buddy.type = 'buddy')"; $sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = bu.bloguserid AND ignored.relationid = " . $this->registry->userinfo['userid'] . " AND ignored.type = 'ignore')"; } else { $sqland[] = "options_guest & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; $sqland[] = "~blog.options & " . $this->registry->bf_misc_vbblogoptions['private']; } } if ($this->registry->userinfo['userid'] AND in_coventry($this->registry->userinfo['userid'], true)) { $sqlfields[] = "IF(blog_tachyentry.userid IS NULL, blog.lastcomment, blog_tachyentry.lastcomment) AS lastcomment"; $sqlfields[] = "IF(blog_tachyentry.userid IS NULL, blog.lastcommenter, blog_tachyentry.lastcommenter) AS lastcommenter"; $sqlfields[] = "IF(blog_tachyentry.userid IS NULL, blog.lastblogtextid, blog_tachyentry.lastblogtextid) AS lastblogtextid"; $sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "blog_tachyentry AS blog_tachyentry ON (blog_tachyentry.blogid = bu.lastblogid AND blog_tachyentry.userid = " . $this->registry->userinfo['userid'] . ")"; $sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog_text.blogtextid = IF(blog_tachyentry.userid IS NULL, blog.lastblogtextid, blog_tachyentry.lastblogtextid))"; } else { $sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog_text.blogtextid = bu.lastblogtextid)"; } $temp = $show['inlinemod']; $show['inlinemod'] = false; $blogs = $this->registry->db->query_read_slave(" SELECT user.*, IF(bu.title, bu.title, user.username) AS blogtitle, user.userid, user.username, bu.lastblog, bu.lastblogid AS lastblogid, bu.lastblogtitle, bu.lastcomment, bu.lastblogtextid AS lastblogtextid, bu.lastcommenter, bu.options_member, bu.options_buddy, bu.ratingnum, bu.ratingtotal, bu.title, bu.entries, bu.comments, bu.title, blog.categories, blog2.categories AS categories_lastcomment FROM " . TABLE_PREFIX . "blog_user AS bu LEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = bu.bloguserid) LEFT JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blogid = bu.lastblogid) " . (!empty($sqljoin) ? implode("\r\n", $sqljoin) : "") . " LEFT JOIN " . TABLE_PREFIX . "blog AS blog2 ON (blog2.blogid = blog_text.blogid) WHERE " . implode("\r\n\tAND ", $sqland) . " "); while ($blog = $this->registry->db->fetch_array($blogs)) { $blog = array_merge($blog, convert_bits_to_array($blog['options'], $this->registry->bf_misc_useroptions)); $blog = array_merge($blog, convert_bits_to_array($blog['adminoptions'], $this->registry->bf_misc_adminoptions)); $show['private'] = false; if (can_moderate() AND $blog['userid'] != $this->registry->userinfo['userid']) { $membercanview = $blog['options_member'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; $buddiescanview = $blog['options_buddy'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; if (!$membercanview AND (!$blog['buddyid'] OR !$buddiescanview)) { $show['private'] = true; } } $blog['entries'] = vb_number_format($blog['entries']); $blog['comments'] = vb_number_format($blog['comments']); $blog['lastentrydate'] = vbdate($this->registry->options['dateformat'], $blog['lastblog'], true); $blog['lastentrytime'] = vbdate($this->registry->options['timeformat'], $blog['lastblog']); $blog['entrytitle'] = fetch_trimmed_title($blog['lastblogtitle'], 20); if ($blog['title']) { $blog['title'] = fetch_trimmed_title($blog['title'], 50); } $lastentrycats = explode(',', $blog['categories']); $lastcommentcats = explode(',', $blog['categories_lastcomment']); $show['lastentry'] = array_intersect($this->registry->userinfo['blogcategorypermissions']['cantview'], $lastentrycats) ? false : true; $show['lastcomment'] = array_intersect($this->registry->userinfo['blogcategorypermissions']['cantview'], $lastcommentcats) ? false : true; $templater = vB_Template::create('blog_blog_row'); $templater->register('blog', $blog); $templater->register('thread', $thread); $groupbits .= $templater->render(); } $this->block_data['groupblogs'] = $groupbits; $show['inlinemod'] = $temp; } if (!in_coventry($this->profile->userinfo['userid']) AND ($this->profile->userinfo['lastblog'])) { $sql_and = array(); $state = array('visible'); $sql_and[] = "blog.state IN('" . implode("', '", $state) . "')"; $sql_and[] = "blog.dateline <= " . TIMENOW; $sql_and[] = "blog.pending = 0"; $sql_and[] = "blog.userid = " . $this->profile->userinfo['userid']; if (!can_moderate_blog() AND $this->profile->userinfo['userid'] != $this->registry->userinfo['userid'] AND !$bloginfo['buddyid']) { $sql_and[] = "~blog.options & " . $this->registry->bf_misc_vbblogoptions['private']; } if (!empty($this->registry->userinfo['blogcategorypermissions']['cantview']) AND $this->profile->userinfo['userid'] != $this->registry->userinfo['userid']) { $joinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $this->registry->userinfo['blogcategorypermissions']['cantview']) . "))"; $sql_and[] = "cu.blogcategoryid IS NULL"; } $blogids = array(); $blogs = $this->registry->db->query_read_slave(" SELECT blog.blogid, blog.attach FROM " . TABLE_PREFIX . "blog AS blog $joinsql WHERE " . implode("\r\n\tAND ", $sql_and) . " ORDER BY blog.dateline DESC LIMIT 5 "); while ($blog = $this->registry->db->fetch_array($blogs)) { $blogids[] = $blog['blogid']; $attachcount += $blog['attach']; } if ($blogids) { // Query Attachments if ($attachcount) { require_once(DIR . '/packages/vbattach/attach.php'); $attach = new vB_Attach_Display_Content($this->registry, 'vBBlog_BlogEntry'); $postattach = $attach->fetch_postattach(0, $blogids); } $this->block_data['lastblogtitle'] = $this->profile->userinfo['lastblogtitle']; $this->block_data['lastblogdate'] = vbdate($this->registry->options['dateformat'], $this->profile->userinfo['lastblog']); $this->block_data['lastblogtime'] = vbdate($this->registry->options['timeformat'], $this->profile->userinfo['lastblog'], true); $categories = array(); $cats = $this->registry->db->query_read_slave(" SELECT blogid, title, blog_category.blogcategoryid, blog_categoryuser.userid, blog_category.userid AS creatorid FROM " . TABLE_PREFIX . "blog_categoryuser AS blog_categoryuser LEFT JOIN " . TABLE_PREFIX . "blog_category AS blog_category ON (blog_category.blogcategoryid = blog_categoryuser.blogcategoryid) WHERE blogid IN (" . implode(',', $blogids) . ") ORDER BY blogid, displayorder "); while ($cat = $this->registry->db->fetch_array($cats)) { $categories["$cat[blogid]"][] = $cat; } require_once(DIR . '/includes/class_bbcode_blog.php'); require_once(DIR . '/includes/class_blog_entry.php'); $bbcode = new vB_BbCodeParser_Blog_Snippet($this->registry, fetch_tag_list()); $factory = new vB_Blog_EntryFactory($this->registry, $bbcode, $categories); $first = true; // Last Five Entries $entries = $this->registry->db->query_read_slave(" SELECT blog.*, blog.options AS blogoptions, blog_text.pagetext, blog_text.allowsmilie, blog_text.ipaddress, blog_text.reportthreadid, blog_text.ipaddress AS blogipaddress, user.*, userfield.*, usertextfield.* " . (($this->registry->options['threadvoted'] AND $this->registry->userinfo['userid']) ? ', blog_rate.vote' : '') . " " . (!($this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canseehiddencustomfields']) ? $this->registry->profilefield['hidden'] : "") . " " . (($this->registry->options['threadmarking'] AND $this->registry->userinfo['userid']) ? ", blog_read.readtime AS blogread, blog_userread.readtime AS bloguserread" : "") . " FROM " . TABLE_PREFIX . "blog AS blog INNER JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog_text.blogtextid = blog.firstblogtextid) LEFT JOIN " . TABLE_PREFIX . "user AS user ON (blog.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid) " . (($this->registry->options['threadmarking'] AND $this->registry->userinfo['userid']) ? " LEFT JOIN " . TABLE_PREFIX . "blog_read AS blog_read ON (blog_read.blogid = blog.blogid AND blog_read.userid = " . $this->registry->userinfo['userid'] . ") LEFT JOIN " . TABLE_PREFIX . "blog_userread AS blog_userread ON (blog_userread.bloguserid = blog.userid AND blog_userread.userid = " . $this->registry->userinfo['userid'] . ") " : "") . " " . (($this->registry->options['threadvoted'] AND $this->registry->userinfo['userid']) ? "LEFT JOIN " . TABLE_PREFIX . "blog_rate AS blog_rate ON (blog_rate.blogid = blog.blogid AND blog_rate.userid = " . $this->registry->userinfo['userid'] . ")" : '') . " WHERE blog.blogid IN (" . implode(',', $blogids) . ") ORDER BY blog.dateline DESC LIMIT 5 "); while ($blog = $this->registry->db->fetch_array($entries)) { if ($first) { $show['latestentry'] = true; $first = false; } else { $show['latestentry'] = false; } $entry_handler =& $factory->create($blog, '_Profile'); $entry_handler->cachable = false; $entry_handler->excerpt = true; $entry_handler->attachments = $postattach["$blog[blogid]"]; $this->block_data['latestentries'] .= $entry_handler->construct(); } // Comments $state = array('visible'); $commentstate = array('visible'); $sql_and = array(); $sql_and[] = "blog.state IN('" . implode("', '", $state) . "')"; $sql_and[] = "blog.dateline <= " . TIMENOW; $sql_and[] = "blog.pending = 0"; $sql_and[] = "blog_text.state IN('" . implode("', '", $commentstate) . "')"; $sql_and[] = "blog.firstblogtextid <> blog_text.blogtextid"; $sql_and[] = "blog_text.bloguserid = " . $this->profile->userinfo['userid']; if (!can_moderate_blog() AND !is_member_of_blog($this->registry->userinfo, $this->profile->userinfo) AND !$bloginfo['buddyid']) { $sql_and[] = "~blog.options & " . $this->registry->bf_misc_vbblogoptions['private']; } if (!empty($this->registry->userinfo['blogcategorypermissions']['cantview']) AND $this->profile->userinfo['userid'] != $this->registry->userinfo['userid']) { $joinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $this->registry->userinfo['blogcategorypermissions']['cantview']) . "))"; $sql_and[] = "cu.blogcategoryid IS NULL"; } $this->registry->options['vbblog_snippet'] = 20; require_once(DIR . '/includes/class_blog_response.php'); $bbcode = new vB_BbCodeParser_Blog_Snippet_Featured($this->registry, fetch_tag_list()); $factory = new vB_Blog_ResponseFactory($this->registry, $bbcode, $bloginfo); $comments = $this->registry->db->query_read_slave(" SELECT blog_text.username AS postusername, blog_text.ipaddress AS blogipaddress, blog_text.state, blog_text.blogtextid, blog_text.title, blog_text.dateline, blog_text.pagetext, blog_text.allowsmilie, blog.userid AS blog_userid, blog.blogid, blog.title AS entrytitle, blog.state AS blog_state, blog.firstblogtextid, blog.options AS blogoptions, blog_user.memberids, blog_user.memberblogids, blog.postedby_userid, blog.postedby_username, user2.usergroupid AS blog_usergroupid, user2.infractiongroupids AS blog_inractiongroupids, user2.membergroupids AS blog_membergroupids, user.*, blog_user.title AS blogtitle, IF(user.displaygroupid = 0, user.usergroupid, user.displaygroupid) AS displaygroupid, user.infractiongroupid, options_ignore, options_buddy, options_member, options_guest, blog.userid AS blog_userid, blog.state AS blog_state, blog.firstblogtextid " . ($this->registry->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . " " . (($this->registry->options['threadmarking'] AND $this->registry->userinfo['userid']) ? ", blog_read.readtime AS blogread, blog_userread.readtime AS bloguserread" : "") . " " . ($vbulletin->userinfo['userid'] ? ", gm.permissions AS grouppermissions" : "") . " FROM " . TABLE_PREFIX . "blog_text AS blog_text LEFT JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blogid = blog_text.blogid) LEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = blog_text.userid) LEFT JOIN " . TABLE_PREFIX . "user AS user2 ON (user2.userid = blog.userid) LEFT JOIN " . TABLE_PREFIX . "blog_user AS blog_user ON (blog_user.bloguserid = blog.userid) " . (($this->registry->options['threadmarking'] AND $this->registry->userinfo['userid']) ? " LEFT JOIN " . TABLE_PREFIX . "blog_read AS blog_read ON (blog_read.blogid = blog.blogid AND blog_read.userid = " . $this->registry->userinfo['userid'] . ") LEFT JOIN " . TABLE_PREFIX . "blog_userread AS blog_userread ON (blog_userread.bloguserid = blog.userid AND blog_userread.userid = " . $this->registry->userinfo['userid'] . ") " : "") . " " . ($vbulletin->userinfo['userid'] ? "LEFT JOIN " . TABLE_PREFIX . "blog_groupmembership AS gm ON (blog.userid = gm.bloguserid AND gm.userid = " . $vbulletin->userinfo['userid'] . ")" : '') . " " . ($this->registry->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . " $joinsql WHERE " . implode("\r\n\tAND ", $sql_and) . " ORDER BY blog_text.dateline DESC LIMIT 5 "); while ($comment = $this->registry->db->fetch_array($comments)) { $bloginfo = array( 'blogid' => $comment['blogid'], 'userid' => $comment['blog_userid'], 'state' => $comment['blog_state'], 'firstblogtextid' => $comment['firstblogtextid'], 'blogread' => $comment['blogread'], 'bloguserread' => $comment['bloguserread'], 'usergroupid' => $comment['blog_usergroupid'], 'infractiongroupids' => $comment['blog_infractiongroupids'], 'membergroupids' => $comment['blog_membergroupids'], 'memberids' => $comment['memberids'], 'memberblogids' => $comment['memberblogids'], 'postedby_userid' => $comment['postedby_userid'], 'postedby_username' => $comment['postedby_username'], 'grouppermissions' => $comment['grouppermissions'], ); cache_permissions($bloginfo, false); $response_handler->bloginfo =& $bloginfo; $response_handler =& $factory->create($comment, 'Comment_Profile'); $response_handler->cachable = false; $response_handler->linkblog = true; $this->block_data['commentsreceived'] .= $response_handler->construct(); } } } }
/** * Converts are blog ids to titles for Who's Online * * @return void */ function blog_online_ids_titles() { global $blogids, $blogtextids, $blogtrackbackids, $bloguserids, $vbulletin; global $wol_blog, $wol_blogtext, $wol_blogtrackback, $wol_bloguser, $wol_user; if ($blogtrackbackids) { $blograckbackidquery = $vbulletin->db->query_read_slave(" SELECT blogid, blogtrackbackid FROM " . TABLE_PREFIX . "blog_trackback WHERE blogtrackbackid IN (0$blogtrackbackids) "); while ($blogtrackbackidqueryr = $vbulletin->db->fetch_array($blogtrackbackidquery)) { $blogids .= ',' . $blogtrackbackidqueryr['blogid']; $wol_blogtrackback["$blogtrackbackidqueryr[blogtrackbackid]"] = $blogtrackbackidqueryr['blogid']; } } if ($blogtextids) { $blogtextidquery = $vbulletin->db->query_read_slave(" SELECT blogid, blogtextid, title FROM " . TABLE_PREFIX . "blog_text WHERE blogtextid IN (0$blogtextids) "); while ($blogtextidqueryr = $vbulletin->db->fetch_array($blogtextidquery)) { $blogids .= ',' . $blogtextidqueryr['blogid']; $wol_blogtext["$blogtextidqueryr[blogtextid]"]['blogid'] = $blogtextidqueryr['blogid']; $wol_blogtext["$blogtextidqueryr[blogtextid]"]['title'] = $blogtextidqueryr['title']; } } if ($blogids) { $blogresults = $vbulletin->db->query_read_slave(" SELECT blog.title, blogid, blog.userid, state, blog.options FROM " . TABLE_PREFIX . "blog AS blog LEFT JOIN " . TABLE_PREFIX . "blog_user AS blog_user ON (blog_user.bloguserid = blog.userid) WHERE blogid IN (0$blogids) "); while ($blogresult = $vbulletin->db->fetch_array($blogresults)) { $wol_blog["$blogresult[blogid]"]['title'] = $blogresult['title']; $wol_blog["$blogresult[blogid]"]['userid'] = $blogresult['userid']; $wol_blog["$blogresult[blogid]"]['state'] = $blogresult['state']; $wol_blog["$blogresult[blogid]"]['private'] = ($blogresult['options'] & $vbulletin->bf_misc_vbblogoptions['private']); $bloguserids .= ",$blogresult[userid]"; } } if ($bloguserids) { $fields = $joins = ''; if ($vbulletin->userinfo['userid']) { $fields = ", ignored.relationid AS ignoreid, buddy.relationid AS buddyid"; $joins = " LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = bu.bloguserid AND ignored.relationid = " . $vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore') LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = bu.bloguserid AND buddy.relationid = " . $vbulletin->userinfo['userid'] . " AND buddy.type = 'buddy') "; } $userresults = $vbulletin->db->query_read_slave(" SELECT bu.title, bu.bloguserid, bu.options_member, bu.options_guest, bu.options_buddy, bu.options_ignore, bu.memberids, bu.memberblogids, user.userid, user.username, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, user.infractiongroupid, user.usergroupid, user.membergroupids $fields FROM " . TABLE_PREFIX . "blog_user AS bu LEFT JOIN " . TABLE_PREFIX . "user AS user ON (bu.bloguserid = user.userid) $joins WHERE bu.bloguserid IN (0$bloguserids) "); while ($userresult = $vbulletin->db->fetch_array($userresults)) { cache_permissions($userresult, false); fetch_musername($userresult); $wol_user["$userresult[userid]"] = $userresult['musername']; $member = ($userresult['options_member'] & $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] ? 1 : 0); $guest = ($userresult['options_guest'] & $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] ? 1 : 0); $buddy = ($userresult['options_buddy'] & $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] ? 1 : 0); $ignore = ($userresult['options_ignore'] & $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] ? 1 : 0); $wol_bloguser["$userresult[bloguserid]"]['title'] = $userresult['title']; $wol_bloguser["$userresult[bloguserid]"]['canviewmyblog'] = ( ( !$userresult['buddyid'] OR $buddy ) AND ( !$userresult['ignoreid'] OR $ignore ) AND ( ( $member AND $vbulletin->userinfo['userid'] ) OR ( $guest AND !$vbulletin->userinfo['userid'] ) ) OR ( $ignore AND $userresult['ignoreid'] ) OR ( $buddy AND $userresult['buddyid'] ) OR $userresult['userid'] == $vbulletin->userinfo['userid'] OR can_moderate_blog() OR is_member_of_blog($vbulletin->userinfo, $userresult) ) ? true : false; } } }
/** * Fetches the permission value for a specific blog comment * * @param string The permission to check * @param array An array of information about the blog entry * @param array An array of information about the blog comment * * @return boolean Returns true if they have the permission else false */ function fetch_comment_perm($perm, $entryinfo = null, $blogtextinfo = null) { global $vbulletin; // Only moderator can manage a comment that is in a moderated/deleted post, not even the owner of the post can manage in this situation. if ( // Deleted Post ($entryinfo['state'] == 'deleted' AND !can_moderate_blog('candeleteentries') AND ($perm != 'canviewcomments' OR !is_member_of_blog($vbulletin->userinfo, $entryinfo['userid']))) OR // Moderated Post ($entryinfo['state'] == 'moderation' AND !can_moderate_blog('canmoderateentries') AND ($perm != 'canviewcomments' OR !is_member_of_blog($vbulletin->userinfo, $entryinfo))) ) { return false; } switch ($perm) { case 'canviewcomments': return ( ( ($blogtextinfo['state'] != 'deleted' OR can_moderate_blog('candeletecomments') OR is_member_of_blog($vbulletin->userinfo, $entryinfo)) AND ($blogtextinfo['state'] != 'moderation' OR is_member_of_blog($vbulletin->userinfo, $entryinfo) OR $vbulletin->userinfo['userid'] == $blogtextinfo['userid'] OR fetch_comment_perm('canmoderatecomments', $entryinfo, $blogtextinfo)) ) ); case 'caneditcomments': return ( ( $entryinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] ) OR ( is_member_of_blog($vbulletin->userinfo, $entryinfo) AND $entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] AND ( ( $vbulletin->userinfo['userid'] == $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments'] ) OR ( $vbulletin->userinfo['userid'] != $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanageotherentry'] ) ) ) OR ( ($blogtextinfo['state'] == 'visible' OR $blogtextinfo['state'] == 'moderation') AND $blogtextinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_caneditowncomment'] ) OR ( can_moderate_blog('caneditcomments') AND ( $blogtextinfo['state'] != 'moderation' OR fetch_comment_perm('canmoderatecomments', $entryinfo, $blogtextinfo) ) AND ( $blogtextinfo['state'] != 'deleted' OR fetch_comment_perm('candeletecomments', $entryinfo, $blogtextinfo) ) ) ); case 'canmoderatecomments': return ( ( $entryinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] ) OR ( is_member_of_blog($vbulletin->userinfo, $entryinfo) AND $entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] AND ( ( $vbulletin->userinfo['userid'] == $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments'] ) OR ( $vbulletin->userinfo['userid'] != $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanageotherentry'] ) ) ) OR ( ($blogtextinfo['state'] != 'deleted' OR can_moderate('candeletecomments')) AND can_moderate_blog('canmoderatecomments') ) ); case 'candeletecomments': return ( ( $entryinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] ) OR ( is_member_of_blog($vbulletin->userinfo, $entryinfo) AND $entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] AND ( ( $vbulletin->userinfo['userid'] == $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments'] ) OR ( $vbulletin->userinfo['userid'] != $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanageotherentry'] ) ) ) OR ( can_moderate_blog('candeletecomments') ) OR ( $blogtextinfo['state'] == 'visible' AND $blogtextinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_candeleteowncomment'] ) ); case 'canremovecomments': return ( ( $entryinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] ) OR ( is_member_of_blog($vbulletin->userinfo, $entryinfo) AND $entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] AND ( ( $vbulletin->userinfo['userid'] == $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments'] ) ) ) OR ( can_moderate_blog('canremovecomments') ) ); case 'canundeletecomments': return ( ( $entryinfo['userid'] == $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] ) OR ( is_member_of_blog($vbulletin->userinfo, $entryinfo) AND $entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'] AND ( ( $vbulletin->userinfo['userid'] == $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments'] ) OR ( $vbulletin->userinfo['userid'] != $entryinfo['postedby_userid'] AND $entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanageotherentry'] ) ) ) OR ( can_moderate_blog('candeletecomments') ) ); default: $handled = false; ($hook = vBulletinHook::fetch_hook('blog_fetch_comment_perm')) ? eval($hook) : false; if (!$handled) { trigger_error('fetch_comment_perm(): Argument #1; Invalid permission specified', E_USER_ERROR); } } }
/** * pre_delete function - extend if the contenttype needs to do anything * * @param array list of deleted attachment ids to delete * @param boolean verify permission to delete * * @return boolean */ public function pre_delete($list, $checkperms = true) { @ignore_user_abort(true); // init lists $this->lists = array( 'bloglist' => array(), ); if ($checkperms) { // Verify that we have permission to view these attachmentids $attachmultiple = new vB_Attachment_Display_Multiple($this->registry); $attachments = $attachmultiple->fetch_results("a.attachmentid IN (" . implode(", ", $list) . ")"); if (count($list) != count($attachments)) { return false; } } $replaced = array(); $ids = $this->registry->db->query_read(" SELECT a.attachmentid, a.userid, IF(a.contentid = 0, 1, 0) AS inprogress, blog.blogid, blog.firstblogtextid, blog.dateline AS blog_dateline, blog.state, blog.postedby_userid, bu.memberids, bu.memberblogids, gm.permissions AS grouppermissions, user.membergroupids, user.usergroupid, user.infractiongroupids, blog_deletionlog.moddelete AS del_moddelete, blog_deletionlog.userid AS del_userid, blog_deletionlog.username AS del_username, blog_deletionlog.reason AS del_reason FROM " . TABLE_PREFIX . "attachment AS a LEFT JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blogid = a.contentid) LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = blog.userid) LEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = blog.userid) LEFT JOIN " . TABLE_PREFIX . "blog_groupmembership AS gm ON (blog.userid = gm.bloguserid AND gm.userid = " . $this->registry->userinfo['userid'] . ") LEFT JOIN " . TABLE_PREFIX . "blog_deletionlog AS blog_deletionlog ON (blog.blogid = blog_deletionlog.primaryid AND blog_deletionlog.type = 'blogid') WHERE a.attachmentid IN (" . implode(", ", $list) . ") "); while ($id = $this->registry->db->fetch_array($ids)) { cache_permissions($id, false); if ($checkperms AND !$id['inprogress'] AND !fetch_entry_perm('edit', $id)) { return false; } if ($id['blogid']) { $this->lists['bloglist']["{$id['blogid']}"]++; if ($this->log) { if (($this->registry->userinfo['permissions']['genericoptions'] & $this->registry->bf_ugp_genericoptions['showeditedby']) AND $id['p_dateline'] < (TIMENOW - ($this->registry->options['noeditedbytime'] * 60))) { if (empty($replaced["$id[firstblogtextid]"])) { /*insert query*/ $this->registry->db->query_write(" REPLACE INTO " . TABLE_PREFIX . "blog_editlog (blogtextid, userid, username, dateline) VALUES ( $id[firstblogtextid], " . $this->registry->userinfo['userid'] . ", '" . $this->registry->db->escape_string($this->registry->userinfo['username']) . "', " . TIMENOW . " ) "); $replaced["$id[firstblogtextid]"] = true; } } if (!is_member_of_blog($this->registry->userinfo, $id) AND can_moderate_blog('caneditentries')) { $bloginfo = array( 'blogid' => $id['blogid'], 'attachmentid' => $id['attachmentid'], ); require_once(DIR . '/includes/blog_functions_log_error.php'); log_moderator_action($bloginfo, 'attachment_removed'); } } } } return true; }
/** * Fetch the user's ability to post a comment * * @param array $bloginfo from fetch_bloginfo or equivalent * @param array $userinfo from fetch_userinfo or equivalent * * @return bool */ function fetch_can_comment($bloginfo, $userinfo) { global $vbulletin; return ( $bloginfo['cancommentmyblog'] AND ($bloginfo['allowcomments'] OR is_member_of_blog($userinfo, $bloginfo) OR can_moderate_blog('', $userinfo)) AND ( (($userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_cancommentown']) AND $bloginfo['userid'] == $userinfo['userid']) OR (($userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_cancommentothers']) AND $bloginfo['userid'] != $userinfo['userid']) ) AND ( ( $bloginfo['state'] == 'moderation' AND ( can_moderate_blog('canmoderateentries', $userinfo) OR ( $userinfo['userid'] AND $bloginfo['userid'] == $userinfo['userid'] AND $bloginfo['postedby_userid'] != $userinfo['userid'] AND $bloginfo['membermoderate'] ) ) ) OR $bloginfo['state'] == 'visible' ) AND !$bloginfo['pending'] ); }
} } $show['delete'] = true; $show['undelete'] = true; $show['approve'] = true; $show['inlinemod'] = (($show['delete'] OR $show['approve'] OR $show['undelete']) AND ( can_moderate_blog() OR ( !empty($userinfo) AND is_member_of_blog($vbulletin->userinfo, $userinfo) ) )); if ($userinfo) { $blogheader = parse_blog_description($userinfo); $sidebar =& build_user_sidebar($userinfo, $month, $year); $navbits[fetch_seo_url('blog', array('userid' => $userinfo['userid'], 'title' => $blogheader['title']))] = $blogheader['title']; } else { $sidebar =& build_overview_sidebar(); } if ($type)
function process_display() { global $show, $vbphrase; static $delete, $approve; $blog =& $this->blog; if ($this->blog['ratingnum'] >= $this->registry->options['vbblog_ratingpost'] AND $this->blog['ratingnum']) { $this->blog['ratingavg'] = vb_number_format($this->blog['ratingtotal'] / $this->blog['ratingnum'], 2); $this->blog['rating'] = intval(round($this->blog['ratingtotal'] / $this->blog['ratingnum'])); $show['rating'] = true; } else { $show['rating'] = false; } if (!$this->blog['blogtitle']) { $this->blog['blogtitle'] = $this->blog['username']; } $categorybits = array(); if (!empty($this->categories["{$this->blog[blogid]}"])) { foreach ($this->categories["{$this->blog[blogid]}"] AS $index => $category) { $category['blogtitle']= $this->blog['blogtitle']; $show['cattitleonly'] = (!$category['creatorid'] AND !($this->registry->userinfo['blogcategorypermissions']["$category[blogcategoryid]"] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewcategory'])); $templater = vB_Template::create('blog_entry_category'); $templater->register('category', $category); $templater->register('pageinfo', array('blogcategoryid' => $category['blogcategoryid'])); $categorybits[] = $templater->render(); } } else { $category = array( 'blogcategoryid' => -1, 'title' => $vbphrase['uncategorized'], 'userid' => $this->blog['userid'], 'blogtitle' => $this->blog['blogtitle'], ); $templater = vB_Template::create('blog_entry_category'); $templater->register('category', $category); $templater->register('pageinfo', array('blogcategoryid' => $category['blogcategoryid'])); $categorybits[] = $templater->render(); } $show['category'] = true; $this->blog['categorybits'] = implode(', ', $categorybits); $show['trackback_moderation'] = ($this->blog['trackback_moderation'] AND ($this->blog['userid'] == $this->registry->userinfo['userid'] OR can_moderate_blog('canmoderatecomments'))) ? true : false; $show['comment_moderation'] = ($this->blog['hidden'] AND ($this->blog['userid'] == $this->registry->userinfo['userid'] OR can_moderate_blog('canmoderatecomments'))) ? true : false; $show['edit'] = fetch_entry_perm('edit', $this->blog); $show['delete'] = fetch_entry_perm('delete', $this->blog); $show['remove'] = fetch_entry_perm('remove', $this->blog); $show['undelete'] = fetch_entry_perm('undelete', $this->blog); $show['approve'] = fetch_entry_perm('moderate', $this->blog); $show['inlinemod'] = (($show['delete'] OR $show['remove'] OR $show['approve'] OR $show['undelete']) AND ( can_moderate_blog() OR ( !empty($this->userinfo) AND is_member_of_blog($this->registry->userinfo, $this->userinfo) ) )); if ($this->blog['dateline'] > TIMENOW OR $this->blog['pending']) { $this->status['phrase'] = $vbphrase['pending_blog_entry']; $this->status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/blog/pending.gif"; $show['status'] = true; } else if ($this->blog['state'] == 'deleted') { $this->status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/trashcan.gif"; $this->status['phrase'] = $vbphrase['deleted_blog_entry']; $show['status'] = true; } else if ($this->blog['state'] == 'moderation') { $this->status['phrase'] = $vbphrase['moderated_blog_entry']; $this->status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/moderated.gif"; $show['status'] = true; } else if ($this->blog['state'] == 'draft') { $this->status['phrase'] = $vbphrase['draft_blog_entry']; $this->status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/blog/draft.gif"; $show['status'] = true; } else { $show['status'] = false; } $show['private'] = false; if ($blog['private']) { $show['private'] = true; } else if (can_moderate() AND !is_member_of_blog($this->registry->userinfo, $blog)) { $membercanview = $blog['options_member'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; $buddiescanview = $blog['options_buddy'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; if (!$membercanview AND (!$blog['buddyid'] OR !$buddiescanview)) { $show['private'] = true; } } if ($this->blog['edit_userid']) { $this->blog['edit_date'] = vbdate($this->registry->options['dateformat'], $this->blog['edit_dateline'], true); $this->blog['edit_time'] = vbdate($this->registry->options['timeformat'], $this->blog['edit_dateline']); if ($this->blog['edit_reason']) { $this->blog['edit_reason'] = fetch_word_wrapped_string($this->blog['edit_reason']); } $show['entryedited'] = true; } else { $show['entryedited'] = false; } $show['tags'] = false; if ($this->registry->options['vbblog_tagging']) { require_once(DIR . '/includes/blog_functions_tag.php'); $this->blog['tag_list'] = fetch_entry_tagbits($this->blog, $this->userinfo); $show['tag_edit'] = ( (($this->registry->userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_cantagown']) AND $this->bloginfo['userid'] == $this->registry->userinfo['userid']) OR ($this->registry->userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_cantagothers']) OR (($this->registry->userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_candeletetagown']) AND $this->bloginfo['userid'] == $this->registry->userinfo['userid']) OR can_moderate_blog('caneditentries') ); $show['tags'] = ($show['tag_edit'] OR $this->blog['taglist']); $show['notags'] = !$this->blog['taglist']; } }
function process_display() { global $show; if (empty($this->bloginfo)) { if ($this->factory->blog_cache["{$this->response['blogid']}"]) { $this->bloginfo = $this->factory->blog_cache["{$this->response['blogid']}"]; } else { $this->bloginfo = array( 'blogid' => $this->response['blogid'], 'userid' => $this->response['blog_userid'], 'usergroupid' => $this->response['blog_usergroupid'], 'infractiongroupids' => $this->response['blog_infractiongroupids'], 'membergroupids' => $this->response['blog_membergroupids'], 'memberids' => $this->response['memberids'], 'memberblogids' => $this->response['memberblogids'], 'postedby_userid' => $this->response['postedby_userid'], 'postedby_username' => $this->response['postedby_username'], 'grouppermissions' => $this->response['grouppermissions'], 'membermoderate' => $this->response['membermoderate'], 'allowcomments' => $this->response['allowcomments'], 'state' => $this->response['blog_state'], 'pending' => $this->response['pending'], ); if (!isset($this->factory->perm_cache_blog["{$this->bloginfo['userid']}"])) { $this->factory->perm_cache_blog["{$this->bloginfo['userid']}"] = cache_permissions($this->bloginfo, false); } else { $this->bloginfo['permissions'] =& $this->factory->perm_cache_blog["{$this->bloginfo['userid']}"]; } foreach ($this->registry->bf_misc_vbblogsocnetoptions AS $optionname => $optionval) { if ($this->response['private']) { $this->bloginfo["guest_$optionname"] = false; $this->bloginfo["ignore_$optionname"] = false; $this->bloginfo["member_$optionname"] = false; } else { $this->bloginfo["member_$optionname"] = ($this->response['options_member'] & $optionval ? 1 : 0); $this->bloginfo["guest_$optionname"] = ($this->response['options_guest'] & $optionval ? 1 : 0); $this->bloginfo["ignore_$optionname"] = ($this->response['options_ignore'] & $optionval ? 1 : 0); } $this->bloginfo["buddy_$optionname"] = ($this->response['options_buddy'] & $optionval ? 1 : 0); $this->bloginfo["$optionname"] = ( ( ( !$this->response['buddyid'] OR $this->bloginfo["buddy_$optionname"] ) AND ( !$this->response['ignoreid'] OR $this->bloginfo["ignore_$optionname"] ) AND ( ( $this->bloginfo["member_$optionname"] AND $this->registry->userinfo['userid'] ) OR ( $this->bloginfo["guest_$optionname"] AND !$this->registry->userinfo['userid'] ) ) ) OR ( $this->bloginfo["ignore_$optionname"] AND $this->response['ignoreid'] ) OR ( $this->bloginfo["buddy_$optionname"] AND $this->response['buddyid'] ) OR is_member_of_blog($this->registry->userinfo, $this->bloginfo) OR can_moderate_blog() ) ? true : false; } $this->factory->blog_cache["{$this->response['blogid']}"] = $this->bloginfo; } } $show['quotecomment'] = fetch_can_comment($this->bloginfo, $this->registry->userinfo); $show['entryposter'] = ($this->userinfo AND $this->response['userid'] == $this->bloginfo['postedby_userid']); $show['moderation'] = ($this->response['state'] == 'moderation'); $show['private'] = false; if ($this->response['private']) { $show['private'] = true; } else if (can_moderate() AND $this->response['blog_userid'] != $this->registry->userinfo['userid']) { $membercanview = $this->response['options_member'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; $buddiescanview = $this->response['options_buddy'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; if (!$membercanview AND (!$this->response['buddyid'] OR !$buddiescanview)) { $show['private'] = true; } } $show['edit'] = fetch_comment_perm('caneditcomments', $this->bloginfo, $this->response); $show['inlinemod'] = ( ( fetch_comment_perm('canremovecomments', $this->bloginfo) OR fetch_comment_perm('candeletecomments', $this->bloginfo) OR fetch_comment_perm('canmoderatecomments', $this->bloginfo) OR fetch_comment_perm('canundeletecomments', $this->bloginfo) ) AND ( can_moderate_blog() OR ( !empty($this->userinfo) AND is_member_of_blog($this->registry->userinfo, $this->userinfo) ) ) ); if ($this->response['edit_userid']) { $this->response['edit_date'] = vbdate($this->registry->options['dateformat'], $this->response['edit_dateline'], true); $this->response['edit_time'] = vbdate($this->registry->options['timeformat'], $this->response['edit_dateline']); if ($this->response['edit_reason']) { $this->response['edit_reason'] = fetch_word_wrapped_string($this->response['edit_reason']); } $show['commentedited'] = true; } else { $show['commentedited'] = false; } }