protected function fetchCanViewBlogComment($blogtextid)
{
if (!($blogtextrecord = $this->content['blogtext'][$blogtextid])) {
return false;
}
$blogrecord = $this->content['blog'][$blogtextrecord['blogid']];
$state = array('visible');
if (can_moderate_blog('canmoderatecomments') or is_member_of_blog(vB::$vbulletin->userinfo, $blogrecord)) {
$state[] = 'moderation';
}
if (!in_array($blogtextrecord['state'], $state)) {
return false;
}
return $this->fetchCanViewBlogEntry($blogtextrecord['blogid']);
}
(options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)))
OR blog.userid IN (" . $vbulletin->userinfo['memberblogids'] . ")";
if ($coventry = fetch_coventry('string'))
{
$wheresql[] = "blog.userid NOT IN ($coventry)";
}
}
else
{
$state = array('visible');
if (can_moderate_blog('canmoderateentries'))
{
$state[] = 'moderation';
}
if (can_moderate_blog())
{
$state[] = 'deleted';
}
$wheresql[] = "(blog.state IN ('" . implode("','", $state) . "') OR blog.userid = " . $vbulletin->userinfo['userid'] . ")";
}
do
{
if (!$pagenumber)
{
$pagenumber = 1;
}
$start = ($pagenumber - 1) * $perpage;
function process_display()
{
global $show;
if (empty($this->bloginfo))
{
if ($this->factory->blog_cache["{$this->response['blogid']}"])
{
$this->bloginfo = $this->factory->blog_cache["{$this->response['blogid']}"];
}
else
{
$this->bloginfo = array(
'blogid' => $this->response['blogid'],
'userid' => $this->response['blog_userid'],
'usergroupid' => $this->response['blog_usergroupid'],
'infractiongroupids' => $this->response['blog_infractiongroupids'],
'membergroupids' => $this->response['blog_membergroupids'],
'memberids' => $this->response['memberids'],
'memberblogids' => $this->response['memberblogids'],
'postedby_userid' => $this->response['postedby_userid'],
'postedby_username' => $this->response['postedby_username'],
'grouppermissions' => $this->response['grouppermissions'],
'membermoderate' => $this->response['membermoderate'],
'allowcomments' => $this->response['allowcomments'],
'state' => $this->response['blog_state'],
'pending' => $this->response['pending'],
);
if (!isset($this->factory->perm_cache_blog["{$this->bloginfo['userid']}"]))
{
$this->factory->perm_cache_blog["{$this->bloginfo['userid']}"] = cache_permissions($this->bloginfo, false);
}
else
{
$this->bloginfo['permissions'] =& $this->factory->perm_cache_blog["{$this->bloginfo['userid']}"];
}
foreach ($this->registry->bf_misc_vbblogsocnetoptions AS $optionname => $optionval)
{
if ($this->response['private'])
{
$this->bloginfo["guest_$optionname"] = false;
$this->bloginfo["ignore_$optionname"] = false;
$this->bloginfo["member_$optionname"] = false;
}
else
{
$this->bloginfo["member_$optionname"] = ($this->response['options_member'] & $optionval ? 1 : 0);
$this->bloginfo["guest_$optionname"] = ($this->response['options_guest'] & $optionval ? 1 : 0);
$this->bloginfo["ignore_$optionname"] = ($this->response['options_ignore'] & $optionval ? 1 : 0);
}
$this->bloginfo["buddy_$optionname"] = ($this->response['options_buddy'] & $optionval ? 1 : 0);
$this->bloginfo["$optionname"] = (
(
(
!$this->response['buddyid']
OR
$this->bloginfo["buddy_$optionname"]
)
AND
(
!$this->response['ignoreid']
OR
$this->bloginfo["ignore_$optionname"]
)
AND
(
(
$this->bloginfo["member_$optionname"]
AND
$this->registry->userinfo['userid']
)
OR
(
$this->bloginfo["guest_$optionname"]
AND
!$this->registry->userinfo['userid']
)
)
)
OR
(
$this->bloginfo["ignore_$optionname"]
AND
$this->response['ignoreid']
)
OR
(
$this->bloginfo["buddy_$optionname"]
AND
$this->response['buddyid']
)
OR
is_member_of_blog($this->registry->userinfo, $this->bloginfo)
OR
can_moderate_blog()
) ? true : false;
}
$this->factory->blog_cache["{$this->response['blogid']}"] = $this->bloginfo;
}
}
$show['quotecomment'] = fetch_can_comment($this->bloginfo, $this->registry->userinfo);
$show['entryposter'] = ($this->userinfo AND $this->response['userid'] == $this->bloginfo['postedby_userid']);
$show['moderation'] = ($this->response['state'] == 'moderation');
$show['private'] = false;
if ($this->response['private'])
{
$show['private'] = true;
}
else if (can_moderate() AND $this->response['blog_userid'] != $this->registry->userinfo['userid'])
{
$membercanview = $this->response['options_member'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'];
$buddiescanview = $this->response['options_buddy'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'];
if (!$membercanview AND (!$this->response['buddyid'] OR !$buddiescanview))
{
$show['private'] = true;
}
}
$show['edit'] = fetch_comment_perm('caneditcomments', $this->bloginfo, $this->response);
$show['inlinemod'] = (
(
fetch_comment_perm('canremovecomments', $this->bloginfo)
OR
fetch_comment_perm('candeletecomments', $this->bloginfo)
OR
fetch_comment_perm('canmoderatecomments', $this->bloginfo)
OR
fetch_comment_perm('canundeletecomments', $this->bloginfo)
)
AND
(
can_moderate_blog()
OR
(
!empty($this->userinfo)
AND
is_member_of_blog($this->registry->userinfo, $this->userinfo)
)
)
);
if ($this->response['edit_userid'])
{
$this->response['edit_date'] = vbdate($this->registry->options['dateformat'], $this->response['edit_dateline'], true);
$this->response['edit_time'] = vbdate($this->registry->options['timeformat'], $this->response['edit_dateline']);
if ($this->response['edit_reason'])
{
$this->response['edit_reason'] = fetch_word_wrapped_string($this->response['edit_reason']);
}
$show['commentedited'] = true;
}
else
{
$show['commentedited'] = false;
}
}
LEFT JOIN " . TABLE_PREFIX . "blog_user AS blog_user ON (blog_user.bloguserid = blog.userid)
" . (($vbulletin->userinfo['userid'] AND in_coventry($vbulletin->userinfo['userid'], true)) ? "
LEFT JOIN " . TABLE_PREFIX . "blog_tachyentry AS blog_tachyentry ON (blog_tachyentry.blogid = blog.blogid AND blog_tachyentry.userid = " . $vbulletin->userinfo['userid'] . ")
" : "") . "
$hook_query_joins
WHERE blog_searchresult.blogsearchid = $search[blogsearchid]
AND blog_searchresult.offset >= " . $vbulletin->GPC['start'] . "
$hook_query_where
ORDER BY offset
LIMIT $perpage
");
$resultbits = '';
while ($blog = $db->fetch_array($results))
{
$canmoderation = (can_moderate_blog('canmoderatecomments') OR $vbulletin->userinfo['userid'] == $blog['userid']);
$blog['trackbacks_total'] = $blog['trackback_visible'] + ($canmoderation ? $blog['trackback_moderation'] : 0);
$blog['comments_total'] = $blog['comments_visible'] + ($canmoderation ? $blog['comments_moderation'] : 0);
$blog['lastcommenter_encoded'] = urlencode($blog['lastcommenter']);
$blog['lastposttime'] = vbdate($vbulletin->options['timeformat'], $blog['lastcomment']);
$blog['lastpostdate'] = vbdate($vbulletin->options['dateformat'], $blog['lastcomment'], true);
$show['blogtitle'] = ($blog['blogtitle'] != $blog['username']);
$templater = vB_Template::create('blog_search_results_result');
$templater->register('blog', $blog);
$resultbits .= $templater->render();
}
$next_result = $previous_results + $db->num_rows($results) + 1;
$show['next_page'] = ($next_result <= $search['resultcount']);
$show['previous_page'] = ($pagenum > 1);
/**
* Fetches information about the selected custompage with permission checks
*
* @param integer The custompage we want info about
* @param string The type of customblock that we are working with (page or block)
* @param bool Should an error be displayed when block is not found
* @param bool Should a permission check be performed as well
*
* @return array Array of information about the custom page or prints an error if it doesn't exist / permission problems
*/
function verify_blog_customblock($customblockid, $type = null, $alert = true, $perm_check = true)
{
global $vbulletin, $vbphrase;
if (!($blockinfo = fetch_customblock_info($customblockid)))
{
if ($alert)
{
standard_error(fetch_error('invalidid', $vbphrase['custom_block'], $vbulletin->options['contactuslink']));
}
else
{
return 0;
}
}
else if ($type AND $blockinfo['type'] != $type)
{
standard_error(fetch_error('invalidid', $vbphrase['custom_block'], $vbulletin->options['contactuslink']));
}
$blockinfo['userinfo'] = verify_id('user', $blockinfo['userid'], 1, 1, 10);
if ($perm_check)
{
if ($vbulletin->userinfo['userid'] != $blockinfo['userinfo']['userid'] AND empty($blockinfo['userinfo']['bloguserid']))
{
standard_error(fetch_error('blog_noblog', $blockinfo['userinfo']['username']));
}
if (!$blockinfo['userinfo']['canviewmyblog'])
{
print_no_permission();
}
if (in_coventry($blockinfo['userinfo']['userid']) AND !can_moderate_blog())
{
standard_error(fetch_error('invalidid', $vbphrase['custom_block'], $vbulletin->options['contactuslink']));
}
if ($vbulletin->userinfo['userid'] == $blockinfo['userinfo']['userid'] AND !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']))
{
print_no_permission();
}
if ($vbulletin->userinfo['userid'] != $blockinfo['userinfo']['userid'] AND !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
// Can't view other's entries so off you go to your own blog.
exec_header_redirect("blog.php?$session[sessionurl]u=" . $vbulletin->userinfo['userid']);
}
}
return $blockinfo;
}
if (!$bloginfo) {
$xml->add_tag('error', 'nopermission');
$xml->print_xml();
}
if (!$blogtextinfo) {
$xml->add_tag('error', 'nopermission');
$xml->print_xml();
}
if ($bloginfo['firstblogtextid'] == $blogtextinfo['blogtextid'] or !fetch_comment_perm('caneditcomments', $bloginfo, $blogtextinfo)) {
$xml->add_tag('error', 'nopermission');
$xml->print_xml();
}
$show['quick_edit_form_tag'] = false;
//$show['deletepostoption'] = (fetch_comment_perm('candeletecomments', $bloginfo, $blogtextinfo) OR fetch_comment_perm('canremovecomments', $bloginfo, $blogtextinfo));
$show['softdeleteoption'] = true;
$show['physicaldeleteoption'] = can_moderate_blog('canremovecomments');
require_once DIR . '/includes/functions_editor.php';
$editorid = construct_edit_toolbar(htmlspecialchars_uni($blogtextinfo['pagetext']), false, 'blog_comment', $vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_allowsmilies'], $blogtextinfo['allowsmilie'], false, 'qe', $vbulletin->GPC['editorid']);
$xml->add_group('quickedit');
$xml->add_tag('editor', $messagearea, array('reason' => $blogtextinfo['edit_reason'], 'parsetype' => 'blog_comment', 'parsesmilies' => $vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_allowsmilies'], 'mode' => $show['is_wysiwyg_editor']));
$xml->close_group();
$xml->print_xml();
}
}
// #############################################################################
// return an entry in an editor
if ($_POST['do'] == 'quickeditentry') {
$vbulletin->input->clean_array_gpc('p', array('blogid' => TYPE_UINT, 'editorid' => TYPE_STR));
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
if (!$vbulletin->options['quickedit']) {
// if quick edit has been disabled after showthread is loaded, return a string to indicate such
/**
* Prepare any data needed for the output
*
* @param string The id of the block
* @param array Options specific to the block
*/
function prepare_output($id = '', $options = array())
{
global $show, $vbphrase;
if (!$this->registry->userinfo['userid'])
{
prepare_blog_category_permissions($this->registry->userinfo);
}
$show['lastentry'] = true;
$this->block_data['entries'] = vb_number_format($this->profile->userinfo['entries']);
$this->block_data['lastblogtitle'] = '';
$this->block_data['lastblogdate'] = $vbphrase['never'];
$this->block_data['lastblogtime'] = '';
$memberblogs = explode(',', $this->profile->userinfo['memberblogids']);
if (count($memberblogs) > 1)
{
$sqland = array(
"bu.bloguserid IN (" . $this->profile->userinfo['memberblogids'] . ")"
);
if (!($this->registry->userinfo['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
$sqland[] = "bu.bloguserid = " . $this->registry->userinfo['userid'];
}
if (!($this->registry->userinfo['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewown']) AND $this->registry->userinfo['userid'])
{
$sqland[] = "bu.bloguserid <> " . $this->registry->userinfo['userid'];
}
if (trim($this->registry->options['globalignore']) != '')
{
require_once(DIR . '/includes/functions_bigthree.php');
if ($coventry = fetch_coventry('string') AND !can_moderate_blog())
{
$sqland[] = "bu.bloguserid NOT IN ($coventry)";
}
}
$sqlor = array();
$sqljoin = array();
if (!can_moderate_blog())
{
if ($this->registry->userinfo['userid'])
{
$sqlor[] = "bu.bloguserid IN (" . $this->registry->userinfo['memberblogids'] . ")";
$sqlor[] = "(options_ignore & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL)";
$sqlor[] = "(options_buddy & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)";
$sqlor[] = "(options_member & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " .$this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL) AND (options_ignore & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR ignored.relationid IS NULL))";
$sqland[] = "(" . implode(" OR ", $sqlor) . ")";
$sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = bu.bloguserid AND buddy.relationid = " . $this->registry->userinfo['userid'] . " AND buddy.type = 'buddy')";
$sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = bu.bloguserid AND ignored.relationid = " . $this->registry->userinfo['userid'] . " AND ignored.type = 'ignore')";
}
else
{
$sqland[] = "options_guest & " . $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'];
$sqland[] = "~blog.options & " . $this->registry->bf_misc_vbblogoptions['private'];
}
}
if ($this->registry->userinfo['userid'] AND in_coventry($this->registry->userinfo['userid'], true))
{
$sqlfields[] = "IF(blog_tachyentry.userid IS NULL, blog.lastcomment, blog_tachyentry.lastcomment) AS lastcomment";
$sqlfields[] = "IF(blog_tachyentry.userid IS NULL, blog.lastcommenter, blog_tachyentry.lastcommenter) AS lastcommenter";
$sqlfields[] = "IF(blog_tachyentry.userid IS NULL, blog.lastblogtextid, blog_tachyentry.lastblogtextid) AS lastblogtextid";
$sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "blog_tachyentry AS blog_tachyentry ON (blog_tachyentry.blogid = bu.lastblogid AND blog_tachyentry.userid = " . $this->registry->userinfo['userid'] . ")";
$sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog_text.blogtextid = IF(blog_tachyentry.userid IS NULL, blog.lastblogtextid, blog_tachyentry.lastblogtextid))";
}
else
{
$sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog_text.blogtextid = bu.lastblogtextid)";
}
$temp = $show['inlinemod'];
$show['inlinemod'] = false;
$blogs = $this->registry->db->query_read_slave("
SELECT
user.*,
IF(bu.title, bu.title, user.username) AS blogtitle, user.userid, user.username,
bu.lastblog, bu.lastblogid AS lastblogid, bu.lastblogtitle,
bu.lastcomment, bu.lastblogtextid AS lastblogtextid, bu.lastcommenter, bu.options_member, bu.options_buddy,
bu.ratingnum, bu.ratingtotal, bu.title, bu.entries, bu.comments, bu.title, blog.categories,
blog2.categories AS categories_lastcomment
FROM " . TABLE_PREFIX . "blog_user AS bu
LEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = bu.bloguserid)
LEFT JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blogid = bu.lastblogid)
" . (!empty($sqljoin) ? implode("\r\n", $sqljoin) : "") . "
LEFT JOIN " . TABLE_PREFIX . "blog AS blog2 ON (blog2.blogid = blog_text.blogid)
WHERE " . implode("\r\n\tAND ", $sqland) . "
");
while ($blog = $this->registry->db->fetch_array($blogs))
{
$blog = array_merge($blog, convert_bits_to_array($blog['options'], $this->registry->bf_misc_useroptions));
$blog = array_merge($blog, convert_bits_to_array($blog['adminoptions'], $this->registry->bf_misc_adminoptions));
$show['private'] = false;
if (can_moderate() AND $blog['userid'] != $this->registry->userinfo['userid'])
{
$membercanview = $blog['options_member'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'];
$buddiescanview = $blog['options_buddy'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'];
if (!$membercanview AND (!$blog['buddyid'] OR !$buddiescanview))
{
$show['private'] = true;
}
}
$blog['entries'] = vb_number_format($blog['entries']);
$blog['comments'] = vb_number_format($blog['comments']);
$blog['lastentrydate'] = vbdate($this->registry->options['dateformat'], $blog['lastblog'], true);
$blog['lastentrytime'] = vbdate($this->registry->options['timeformat'], $blog['lastblog']);
$blog['entrytitle'] = fetch_trimmed_title($blog['lastblogtitle'], 20);
if ($blog['title'])
{
$blog['title'] = fetch_trimmed_title($blog['title'], 50);
}
$lastentrycats = explode(',', $blog['categories']);
$lastcommentcats = explode(',', $blog['categories_lastcomment']);
$show['lastentry'] = array_intersect($this->registry->userinfo['blogcategorypermissions']['cantview'], $lastentrycats) ? false : true;
$show['lastcomment'] = array_intersect($this->registry->userinfo['blogcategorypermissions']['cantview'], $lastcommentcats) ? false : true;
$templater = vB_Template::create('blog_blog_row');
$templater->register('blog', $blog);
$templater->register('thread', $thread);
$groupbits .= $templater->render();
}
$this->block_data['groupblogs'] = $groupbits;
$show['inlinemod'] = $temp;
}
if (!in_coventry($this->profile->userinfo['userid']) AND ($this->profile->userinfo['lastblog']))
{
$sql_and = array();
$state = array('visible');
$sql_and[] = "blog.state IN('" . implode("', '", $state) . "')";
$sql_and[] = "blog.dateline <= " . TIMENOW;
$sql_and[] = "blog.pending = 0";
$sql_and[] = "blog.userid = " . $this->profile->userinfo['userid'];
if (!can_moderate_blog() AND $this->profile->userinfo['userid'] != $this->registry->userinfo['userid'] AND !$bloginfo['buddyid'])
{
$sql_and[] = "~blog.options & " . $this->registry->bf_misc_vbblogoptions['private'];
}
if (!empty($this->registry->userinfo['blogcategorypermissions']['cantview']) AND $this->profile->userinfo['userid'] != $this->registry->userinfo['userid'])
{
$joinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $this->registry->userinfo['blogcategorypermissions']['cantview']) . "))";
$sql_and[] = "cu.blogcategoryid IS NULL";
}
$blogids = array();
$blogs = $this->registry->db->query_read_slave("
SELECT blog.blogid, blog.attach
FROM " . TABLE_PREFIX . "blog AS blog
$joinsql
WHERE " . implode("\r\n\tAND ", $sql_and) . "
ORDER BY blog.dateline DESC
LIMIT 5
");
while ($blog = $this->registry->db->fetch_array($blogs))
{
$blogids[] = $blog['blogid'];
$attachcount += $blog['attach'];
}
if ($blogids)
{
// Query Attachments
if ($attachcount)
{
require_once(DIR . '/packages/vbattach/attach.php');
$attach = new vB_Attach_Display_Content($this->registry, 'vBBlog_BlogEntry');
$postattach = $attach->fetch_postattach(0, $blogids);
}
$this->block_data['lastblogtitle'] = $this->profile->userinfo['lastblogtitle'];
$this->block_data['lastblogdate'] = vbdate($this->registry->options['dateformat'], $this->profile->userinfo['lastblog']);
$this->block_data['lastblogtime'] = vbdate($this->registry->options['timeformat'], $this->profile->userinfo['lastblog'], true);
$categories = array();
$cats = $this->registry->db->query_read_slave("
SELECT blogid, title, blog_category.blogcategoryid, blog_categoryuser.userid, blog_category.userid AS creatorid
FROM " . TABLE_PREFIX . "blog_categoryuser AS blog_categoryuser
LEFT JOIN " . TABLE_PREFIX . "blog_category AS blog_category ON (blog_category.blogcategoryid = blog_categoryuser.blogcategoryid)
WHERE blogid IN (" . implode(',', $blogids) . ")
ORDER BY blogid, displayorder
");
while ($cat = $this->registry->db->fetch_array($cats))
{
$categories["$cat[blogid]"][] = $cat;
}
require_once(DIR . '/includes/class_bbcode_blog.php');
require_once(DIR . '/includes/class_blog_entry.php');
$bbcode = new vB_BbCodeParser_Blog_Snippet($this->registry, fetch_tag_list());
$factory = new vB_Blog_EntryFactory($this->registry, $bbcode, $categories);
$first = true;
// Last Five Entries
$entries = $this->registry->db->query_read_slave("
SELECT blog.*, blog.options AS blogoptions, blog_text.pagetext, blog_text.allowsmilie, blog_text.ipaddress, blog_text.reportthreadid,
blog_text.ipaddress AS blogipaddress,
user.*, userfield.*, usertextfield.*
" . (($this->registry->options['threadvoted'] AND $this->registry->userinfo['userid']) ? ', blog_rate.vote' : '') . "
" . (!($this->registry->userinfo['permissions']['genericpermissions'] & $this->registry->bf_ugp_genericpermissions['canseehiddencustomfields']) ? $this->registry->profilefield['hidden'] : "") . "
" . (($this->registry->options['threadmarking'] AND $this->registry->userinfo['userid']) ? ", blog_read.readtime AS blogread, blog_userread.readtime AS bloguserread" : "") . "
FROM " . TABLE_PREFIX . "blog AS blog
INNER JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog_text.blogtextid = blog.firstblogtextid)
LEFT JOIN " . TABLE_PREFIX . "user AS user ON (blog.userid = user.userid)
LEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON(userfield.userid = user.userid)
LEFT JOIN " . TABLE_PREFIX . "usertextfield AS usertextfield ON(usertextfield.userid = user.userid)
" . (($this->registry->options['threadmarking'] AND $this->registry->userinfo['userid']) ? "
LEFT JOIN " . TABLE_PREFIX . "blog_read AS blog_read ON (blog_read.blogid = blog.blogid AND blog_read.userid = " . $this->registry->userinfo['userid'] . ")
LEFT JOIN " . TABLE_PREFIX . "blog_userread AS blog_userread ON (blog_userread.bloguserid = blog.userid AND blog_userread.userid = " . $this->registry->userinfo['userid'] . ")
" : "") . "
" . (($this->registry->options['threadvoted'] AND $this->registry->userinfo['userid']) ? "LEFT JOIN " . TABLE_PREFIX . "blog_rate AS blog_rate ON (blog_rate.blogid = blog.blogid AND blog_rate.userid = " . $this->registry->userinfo['userid'] . ")" : '') . "
WHERE blog.blogid IN (" . implode(',', $blogids) . ")
ORDER BY blog.dateline DESC
LIMIT 5
");
while ($blog = $this->registry->db->fetch_array($entries))
{
if ($first)
{
$show['latestentry'] = true;
$first = false;
}
else
{
$show['latestentry'] = false;
}
$entry_handler =& $factory->create($blog, '_Profile');
$entry_handler->cachable = false;
$entry_handler->excerpt = true;
$entry_handler->attachments = $postattach["$blog[blogid]"];
$this->block_data['latestentries'] .= $entry_handler->construct();
}
// Comments
$state = array('visible');
$commentstate = array('visible');
$sql_and = array();
$sql_and[] = "blog.state IN('" . implode("', '", $state) . "')";
$sql_and[] = "blog.dateline <= " . TIMENOW;
$sql_and[] = "blog.pending = 0";
$sql_and[] = "blog_text.state IN('" . implode("', '", $commentstate) . "')";
$sql_and[] = "blog.firstblogtextid <> blog_text.blogtextid";
$sql_and[] = "blog_text.bloguserid = " . $this->profile->userinfo['userid'];
if (!can_moderate_blog() AND !is_member_of_blog($this->registry->userinfo, $this->profile->userinfo) AND !$bloginfo['buddyid'])
{
$sql_and[] = "~blog.options & " . $this->registry->bf_misc_vbblogoptions['private'];
}
if (!empty($this->registry->userinfo['blogcategorypermissions']['cantview']) AND $this->profile->userinfo['userid'] != $this->registry->userinfo['userid'])
{
$joinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $this->registry->userinfo['blogcategorypermissions']['cantview']) . "))";
$sql_and[] = "cu.blogcategoryid IS NULL";
}
$this->registry->options['vbblog_snippet'] = 20;
require_once(DIR . '/includes/class_blog_response.php');
$bbcode = new vB_BbCodeParser_Blog_Snippet_Featured($this->registry, fetch_tag_list());
$factory = new vB_Blog_ResponseFactory($this->registry, $bbcode, $bloginfo);
$comments = $this->registry->db->query_read_slave("
SELECT
blog_text.username AS postusername, blog_text.ipaddress AS blogipaddress, blog_text.state, blog_text.blogtextid, blog_text.title, blog_text.dateline, blog_text.pagetext, blog_text.allowsmilie,
blog.userid AS blog_userid, blog.blogid, blog.title AS entrytitle, blog.state AS blog_state, blog.firstblogtextid, blog.options AS blogoptions, blog_user.memberids, blog_user.memberblogids, blog.postedby_userid, blog.postedby_username,
user2.usergroupid AS blog_usergroupid, user2.infractiongroupids AS blog_inractiongroupids, user2.membergroupids AS blog_membergroupids,
user.*,
blog_user.title AS blogtitle,
IF(user.displaygroupid = 0, user.usergroupid, user.displaygroupid) AS displaygroupid, user.infractiongroupid, options_ignore, options_buddy, options_member, options_guest, blog.userid AS blog_userid,
blog.state AS blog_state, blog.firstblogtextid
" . ($this->registry->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . "
" . (($this->registry->options['threadmarking'] AND $this->registry->userinfo['userid']) ? ", blog_read.readtime AS blogread, blog_userread.readtime AS bloguserread" : "") . "
" . ($vbulletin->userinfo['userid'] ? ", gm.permissions AS grouppermissions" : "") . "
FROM " . TABLE_PREFIX . "blog_text AS blog_text
LEFT JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blogid = blog_text.blogid)
LEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = blog_text.userid)
LEFT JOIN " . TABLE_PREFIX . "user AS user2 ON (user2.userid = blog.userid)
LEFT JOIN " . TABLE_PREFIX . "blog_user AS blog_user ON (blog_user.bloguserid = blog.userid)
" . (($this->registry->options['threadmarking'] AND $this->registry->userinfo['userid']) ? "
LEFT JOIN " . TABLE_PREFIX . "blog_read AS blog_read ON (blog_read.blogid = blog.blogid AND blog_read.userid = " . $this->registry->userinfo['userid'] . ")
LEFT JOIN " . TABLE_PREFIX . "blog_userread AS blog_userread ON (blog_userread.bloguserid = blog.userid AND blog_userread.userid = " . $this->registry->userinfo['userid'] . ")
" : "") . "
" . ($vbulletin->userinfo['userid'] ? "LEFT JOIN " . TABLE_PREFIX . "blog_groupmembership AS gm ON (blog.userid = gm.bloguserid AND gm.userid = " . $vbulletin->userinfo['userid'] . ")" : '') . "
" . ($this->registry->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "
$joinsql
WHERE " . implode("\r\n\tAND ", $sql_and) . "
ORDER BY blog_text.dateline DESC
LIMIT 5
");
while ($comment = $this->registry->db->fetch_array($comments))
{
$bloginfo = array(
'blogid' => $comment['blogid'],
'userid' => $comment['blog_userid'],
'state' => $comment['blog_state'],
'firstblogtextid' => $comment['firstblogtextid'],
'blogread' => $comment['blogread'],
'bloguserread' => $comment['bloguserread'],
'usergroupid' => $comment['blog_usergroupid'],
'infractiongroupids' => $comment['blog_infractiongroupids'],
'membergroupids' => $comment['blog_membergroupids'],
'memberids' => $comment['memberids'],
'memberblogids' => $comment['memberblogids'],
'postedby_userid' => $comment['postedby_userid'],
'postedby_username' => $comment['postedby_username'],
'grouppermissions' => $comment['grouppermissions'],
);
cache_permissions($bloginfo, false);
$response_handler->bloginfo =& $bloginfo;
$response_handler =& $factory->create($comment, 'Comment_Profile');
$response_handler->cachable = false;
$response_handler->linkblog = true;
$this->block_data['commentsreceived'] .= $response_handler->construct();
}
}
}
}
private function getBlogs($type)
{
global $vbulletin, $VB_API_REQUESTS;
$blogentries_catids = $this->verifycommaoption($vbulletin->options['mobilehomeblogcatids']);
$blogentries_userids = $this->verifycommaoption($vbulletin->options['mobilehomebloguserids']);
if ($blogentries_userids) {
$useridsql = '';
$useridsql = " AND blog.userid IN (-1";
foreach ((array) $blogentries_userids as $userid) {
$useridsql .= "," . intval($userid);
}
$useridsql .= ")";
}
require_once DIR . '/includes/blog_functions_shared.php';
prepare_blog_category_permissions($vbulletin->userinfo);
$catjoin = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid)";
if ($blogentries_catids) {
$catidsql = '';
if (!in_array(-2, $blogentries_catids)) {
if (in_array(-1, $blogentries_catids)) {
$catidsql .= " AND (cu.blogcategoryid IS NULL OR cu.blogcategoryid IN (-1";
} else {
$catidsql .= " AND (cu.blogcategoryid IN (-1";
}
foreach ($blogentries_catids as $catid) {
$catidsql .= ",{$catid}";
}
$catidsql .= "))";
if (!empty($vbulletin->userinfo['blogcategorypermissions']['cantview'])) {
$catidsql .= " AND cu.blogcategoryid NOT IN (" . implode(", ", $vbulletin->userinfo['blogcategorypermissions']['cantview']) . ")";
}
}
}
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) {
$sql_and[] = "blog.userid = " . $vbulletin->userinfo['userid'];
}
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) and $vbulletin->userinfo['userid']) {
$sql_and[] = "blog.userid <> " . $vbulletin->userinfo['userid'];
}
$state = array('visible');
if (can_moderate_blog('canmoderateentries')) {
$state[] = 'moderation';
}
$sql_and[] = "blog.state IN('" . implode("', '", $state) . "')";
$sql_and[] = "blog.dateline <= " . TIMENOW;
$sql_and[] = "blog.pending = 0";
$sql_join = array();
$sql_or = array();
if (!can_moderate_blog()) {
if ($vbulletin->userinfo['userid']) {
$sql_or[] = "blog.userid = " . $vbulletin->userinfo['userid'];
$sql_or[] = "(options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL)";
$sql_or[] = "(options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)";
$sql_or[] = "(options_member & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL) AND (options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR ignored.relationid IS NULL))";
$sql_and[] = "(" . implode(" OR ", $sql_or) . ")";
$sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = blog.userid AND buddy.relationid = " . $vbulletin->userinfo['userid'] . " AND buddy.type = 'buddy')";
$sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = blog.userid AND ignored.relationid = " . $vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore')";
$sql_and[] = "\n\t\t\t\t\t(blog.userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\t\t\tOR\n\t\t\t\t\t~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private'] . "\n\t\t\t\t\t\tOR\n\t\t\t\t\t(options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL))";
} else {
$sql_and[] = "options_guest & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'];
$sql_and[] = "~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private'];
}
}
if ($type != 'last') {
$datecut = TIMENOW - $vbulletin->options['mobilehomeblogdatecut'] * 86400;
} else {
$datecut = $vbulletin->userinfo['lastvisit'];
}
switch ($type) {
case 'new':
$ordersql = " blog.dateline DESC";
$datecutoffsql = " AND blog.dateline > {$datecut}";
break;
case 'top':
$ordersql = " blog.views DESC";
$datecutoffsql = " AND blog.dateline > {$datecut}";
break;
case 'last':
$ordersql = " blog.lastcomment DESC";
$datecutoffsql = " AND blog.lastcomment > {$datecut}";
break;
default:
return null;
}
// remove threads from users on the global ignore list if user is not a moderator
$globalignore = '';
if (trim($vbulletin->options['globalignore']) != '') {
require_once DIR . '/includes/functions_bigthree.php';
if ($Coventry = fetch_coventry('string')) {
$globalignore = "AND blog.userid NOT IN ({$Coventry}) ";
}
}
$results = $vbulletin->db->query_read_slave("\n\t\t\tSELECT DISTINCT blog.blogid, blog.comments_visible as replycount, blog.title, blog.lastcomment, blog.lastcommenter, blog.postedby_userid, blog.postedby_username, blog.dateline, blog.views,\n\t\t\t\tblog_text.blogtextid, blog_text.pagetext AS message,\n\t\t\t\tblog_user.title as blogtitle, blog_user.description as blogdescription,\n\t\t\t\tuser.*\n\t\t\t\t" . ($vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . "\n\t\t\tFROM " . TABLE_PREFIX . "blog AS blog\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog_text.blogtextid = blog.firstblogtextid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog_user AS blog_user ON (blog_user.bloguserid = blog.userid)\n\t\t\tLEFT JOIN " . TABLE_PREFIX . "user AS user ON (blog.userid = user.userid)\n\t\t\t{$catjoin}\n\t\t\t" . (!empty($sql_join) ? implode("\r\n", $sql_join) : "") . "\n\t\t\t" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\t\tWHERE 1=1\n\t\t\t\t{$useridsql}\n\t\t\t\t{$catidsql}\n\t\t\t\t{$datecutoffsql}\n\t\t\t\t{$globalignore}\n\t\t\t\tAND " . implode("\r\n\tAND ", $sql_and) . "\n\t\t\tORDER BY{$ordersql}\n\t\t\tLIMIT 0, " . $vbulletin->options['mobilehomemaxitems'] . "\n\t\t");
$i = 0;
while ($row = $vbulletin->db->fetch_array($results)) {
$row['title'] = fetch_censored_text($row['title']);
// get avatar
$this->fetch_avatarinfo($row);
$array[$i] = array('blogid' => $row['blogid'], 'title' => $row['title'], 'replycount' => $row['replycount'], 'viewcount' => $row['views'], 'userid' => $row['postedby_userid'], 'username' => $row['postedby_username'], 'avatarurl' => $row['avatarurl'], 'type' => 'blog', 'time' => $row['lastcomment']);
if ($VB_API_REQUESTS['api_version'] > 1) {
$array[$i]['lastposttime'] = $row['lastcomment'];
} else {
$array[$i]['lastpostdate'] = date($vbulletin->options['dateformat'], $row['lastcomment']);
$array[$i]['lastposttime'] = date($vbulletin->options['timeformat'], $row['lastcomment']);
}
$i++;
}
return $array;
}
/**
* Fetch the blogs sorted by rating in descending order
*
* @return string HTML for the latest blogs
*/
function &fetch_rated_blogs()
{
global $vbulletin, $show, $vbphrase;
$sql_and = array();
$recentblogbits = '';
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
$sql_and[] = "bu.bloguserid = " . $vbulletin->userinfo['userid'];
}
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) AND $vbulletin->userinfo['userid'])
{
$sql_and[] = "bu.bloguserid <> " . $vbulletin->userinfo['userid'];
}
// get ignored users - just hide them on the latest list
$ignore = array();
if (trim($vbulletin->userinfo['ignorelist']))
{
$ignorelist = preg_split('/( )+/', trim($vbulletin->userinfo['ignorelist']), -1, PREG_SPLIT_NO_EMPTY);
if (!empty($ignorelist))
{
$sql_and[] = "bu.bloguserid NOT IN (" . implode(", ", $ignorelist) . ")";
}
}
if (trim($vbulletin->options['globalignore']) != '')
{
require_once(DIR . '/includes/functions_bigthree.php');
if ($coventry = fetch_coventry('string') AND !can_moderate_blog())
{
$sql_and[] = "bu.bloguserid NOT IN ($coventry)";
}
}
$sql_and[] = "bu.ratingnum >= " . intval($vbulletin->options['vbblog_ratinguser']);
$sql_or = array();
$sql_join = array();
if (!can_moderate_blog())
{
if ($vbulletin->userinfo['userid'])
{
$sql_or[] = "bu.bloguserid IN (" . $vbulletin->userinfo['memberblogids'] . ")";
$sql_or[] = "(options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL)";
$sql_or[] = "(options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)";
$sql_or[] = "(options_member & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL) AND (options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR ignored.relationid IS NULL))";
$sql_and[] = "(" . implode(" OR ", $sql_or) . ")";
$sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = bu.bloguserid AND buddy.relationid = " . $vbulletin->userinfo['userid'] . " AND buddy.type = 'buddy')";
$sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = bu.bloguserid AND ignored.relationid = " . $vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore')";
}
else
{
$sql_and[] = "options_guest & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'];
}
}
// Highest Rated
$recentupdates = $vbulletin->db->query_read_slave("
SELECT user.*, bu.ratingnum, bu.ratingtotal, bu.title,
IF(user.displaygroupid = 0, user.usergroupid, user.displaygroupid) AS displaygroupid, infractiongroupid, options_ignore, options_buddy, options_member, options_guest
" . ($vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . "
FROM " . TABLE_PREFIX . "blog_user AS bu " . ($index ? "USE INDEX ($index)" : "") . "
LEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = bu.bloguserid)
" . (!empty($sql_join) ? implode("\r\n", $sql_join) : "") . "
" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "
WHERE " . implode("\r\n\tAND ", $sql_and) . "
ORDER BY bu.rating DESC
LIMIT " . intval($vbulletin->options['vbblog_maxratedblog']) . "
");
while ($updated = $vbulletin->db->fetch_array($recentupdates))
{
$updated = array_merge($updated, convert_bits_to_array($updated['options'], $vbulletin->bf_misc_useroptions));
$updated = array_merge($updated, convert_bits_to_array($updated['adminoptions'], $vbulletin->bf_misc_adminoptions));
fetch_musername($updated);
fetch_avatar_html($updated);
if ($updated['ratingnum'] > 0)
{
$updated['voteavg'] = vb_number_format($updated['ratingtotal'] / $updated['ratingnum'], 2);
$updated['rating'] = intval(round($updated['ratingtotal'] / $updated['ratingnum']));
}
else
{
$updated['voteavg'] = 0;
$updated['rating'] = 0;
}
$updated['title'] = $updated['title'] ? $updated['title'] : $updated['username'];
$show['private'] = false;
if (can_moderate() AND $vbulletin->userinfo['userid'] != $updated['userid'])
{
$membercanview = $updated['options_member'] & $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'];
$buddiescanview = $updated['options_buddy'] & $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'];
if (!$membercanview AND (!$updated['buddyid'] OR !$buddiescanview))
{
$show['private'] = true;
}
}
$templater = vB_Template::create('blog_home_list_blog');
$templater->register('updated', $updated);
$recentblogbits .= $templater->render();
}
return $recentblogbits;
}
/**
* Build Blog permission query for search
*
* @param array Userinfo array that must at least contain permissions
*
* @return array An array containing the 'joins' and 'where' conditions to enforce permissions correctly
*/
function build_blog_permissions_query($user)
{
require_once DIR . '/includes/blog_functions.php';
global $vbulletin;
$permissions =& $user['permissions'];
$joins = array();
$state = array('visible');
/* this is for the current user, do we expect this to come from another user? */
if (can_moderate_blog('canmoderateentries'))
{
$state[] = 'moderation';
}
if (can_moderate_blog('candeleteentries'))
{
$state[] = 'deleted';
}
$wheresql = array(
"blog.state IN ('" . implode("', '", $state) . "')",
"blog.pending = 0",
"blog.dateline <= " . TIMENOW,
);
if (!($permissions['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
$wheresql[] = "blog.userid = $user[userid]";
}
if (!($permissions['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) AND $user['userid'])
{
$wheresql[] = "blog.userid <> $user[userid]";
}
if (!can_moderate_blog())
{
$joins[] = "LEFT JOIN " . TABLE_PREFIX . "blog_user AS blog_user ON (blog_user.bloguserid = blog.userid)";
if ($user['userid'])
{
if (!$user['memberblogids'])
{
$mb = $vbulletin->db->query_first("
SELECT
memberblogids, memberids
FROM " . TABLE_PREFIX . "blog_user
WHERE
bloguserid = $user[userid]
");
$user['memberblogids'] = $mb['memberblogids'] ? $mb['memberblogids'] : $user['userid'];
$user['memberids'] = $mb ? $mb['memberids'] : $user['userid'];
}
$userlist_sql = array();
$userlist_sql[] = "blog.userid IN (" . $user['memberblogids'] . ")";
$userlist_sql[] = "(options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL)";
$userlist_sql[] = "(options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)";
$userlist_sql[] = "(options_member & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL) AND (options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR ignored.relationid IS NULL))";
$wheresql[] = "(" . implode(" OR ", $userlist_sql) . ")";
$joins[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = blog.userid AND buddy.relationid = " . $user['userid'] . " AND buddy.type = 'buddy')";
$joins[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = blog.userid AND ignored.relationid = " . $user['userid'] . " AND ignored.type = 'ignore')";
$wheresql[] = "
(blog.userid IN ($user[memberblogids])
OR
~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private'] . "
OR
(options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL))";
}
else
{
$wheresql[] = "options_guest & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'];
$wheresql[] = "~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private'];
}
}
if (!empty($vbulletin->userinfo['blogcategorypermissions']['cantview']))
{
$joins[] = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $vbulletin->userinfo['blogcategorypermissions']['cantview']) . "))";
$wheresql[] = "cu.blogcategoryid IS NULL";
}
$return = array();
$return['join'] = implode("\n", $joins);
$return['where'] = implode("\nAND ", $wheresql);
return $return;
}
public function can_moderate_tag()
{
return can_moderate_blog('caneditentries');
}
'blogtrackbackid' => TYPE_UINT
));
if (!($trackbackinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "blog_trackback WHERE blogtrackbackid = " . $vbulletin->GPC['blogtrackbackid'])))
{
standard_error(fetch_error('invalidid', $vbphrase['trackback'], $vbulletin->options['contactuslink']));
}
$bloginfo = verify_blog($trackbackinfo['blogid']);
if ($trackbackinfo['state'] == 'moderation' AND !can_moderate_blog('canmoderatecomments') AND ($vbulletin->userinfo['userid'] != $bloginfo['userid'] OR !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments'])))
{
standard_error(fetch_error('invalidid', $vbphrase['trackback'], $vbulletin->options['contactuslink']));
}
if (($bloginfo['state'] == 'deleted' AND !can_moderate_blog('candeleteentries')) OR ($bloginfo['state'] == 'moderation' AND !can_moderate_blog('canmoderateentries')))
{
print_no_permission();
}
if ($show['errors'])
{
$trackbackinfo['title'] = $title;
$trackbackinfo['snippet'] = $snippet;
}
$sidebar =& build_user_sidebar($bloginfo);
// draw nav bar
$navbits = array(
'blog.php?' . $vbulletin->session->vars['sessionurl'] . "u=$bloginfo[userid]" => $bloginfo['blog_title'],
function process_display()
{
global $show, $vbphrase;
static $delete, $approve;
$blog =& $this->blog;
if ($this->blog['ratingnum'] >= $this->registry->options['vbblog_ratingpost'] AND $this->blog['ratingnum'])
{
$this->blog['ratingavg'] = vb_number_format($this->blog['ratingtotal'] / $this->blog['ratingnum'], 2);
$this->blog['rating'] = intval(round($this->blog['ratingtotal'] / $this->blog['ratingnum']));
$show['rating'] = true;
}
else
{
$show['rating'] = false;
}
if (!$this->blog['blogtitle'])
{
$this->blog['blogtitle'] = $this->blog['username'];
}
$categorybits = array();
if (!empty($this->categories["{$this->blog[blogid]}"]))
{
foreach ($this->categories["{$this->blog[blogid]}"] AS $index => $category)
{
$category['blogtitle']= $this->blog['blogtitle'];
$show['cattitleonly'] = (!$category['creatorid'] AND !($this->registry->userinfo['blogcategorypermissions']["$category[blogcategoryid]"] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewcategory']));
$templater = vB_Template::create('blog_entry_category');
$templater->register('category', $category);
$templater->register('pageinfo', array('blogcategoryid' => $category['blogcategoryid']));
$categorybits[] = $templater->render();
}
}
else
{
$category = array(
'blogcategoryid' => -1,
'title' => $vbphrase['uncategorized'],
'userid' => $this->blog['userid'],
'blogtitle' => $this->blog['blogtitle'],
);
$templater = vB_Template::create('blog_entry_category');
$templater->register('category', $category);
$templater->register('pageinfo', array('blogcategoryid' => $category['blogcategoryid']));
$categorybits[] = $templater->render();
}
$show['category'] = true;
$this->blog['categorybits'] = implode(', ', $categorybits);
$show['trackback_moderation'] = ($this->blog['trackback_moderation'] AND ($this->blog['userid'] == $this->registry->userinfo['userid'] OR can_moderate_blog('canmoderatecomments'))) ? true : false;
$show['comment_moderation'] = ($this->blog['hidden'] AND ($this->blog['userid'] == $this->registry->userinfo['userid'] OR can_moderate_blog('canmoderatecomments'))) ? true : false;
$show['edit'] = fetch_entry_perm('edit', $this->blog);
$show['delete'] = fetch_entry_perm('delete', $this->blog);
$show['remove'] = fetch_entry_perm('remove', $this->blog);
$show['undelete'] = fetch_entry_perm('undelete', $this->blog);
$show['approve'] = fetch_entry_perm('moderate', $this->blog);
$show['inlinemod'] = (($show['delete'] OR $show['remove'] OR $show['approve'] OR $show['undelete'])
AND
(
can_moderate_blog()
OR
(
!empty($this->userinfo)
AND
is_member_of_blog($this->registry->userinfo, $this->userinfo)
)
));
if ($this->blog['dateline'] > TIMENOW OR $this->blog['pending'])
{
$this->status['phrase'] = $vbphrase['pending_blog_entry'];
$this->status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/blog/pending.gif";
$show['status'] = true;
}
else if ($this->blog['state'] == 'deleted')
{
$this->status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/trashcan.gif";
$this->status['phrase'] = $vbphrase['deleted_blog_entry'];
$show['status'] = true;
}
else if ($this->blog['state'] == 'moderation')
{
$this->status['phrase'] = $vbphrase['moderated_blog_entry'];
$this->status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/moderated.gif";
$show['status'] = true;
}
else if ($this->blog['state'] == 'draft')
{
$this->status['phrase'] = $vbphrase['draft_blog_entry'];
$this->status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/blog/draft.gif";
$show['status'] = true;
}
else
{
$show['status'] = false;
}
$show['private'] = false;
if ($blog['private'])
{
$show['private'] = true;
}
else if (can_moderate() AND !is_member_of_blog($this->registry->userinfo, $blog))
{
$membercanview = $blog['options_member'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'];
$buddiescanview = $blog['options_buddy'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog'];
if (!$membercanview AND (!$blog['buddyid'] OR !$buddiescanview))
{
$show['private'] = true;
}
}
if ($this->blog['edit_userid'])
{
$this->blog['edit_date'] = vbdate($this->registry->options['dateformat'], $this->blog['edit_dateline'], true);
$this->blog['edit_time'] = vbdate($this->registry->options['timeformat'], $this->blog['edit_dateline']);
if ($this->blog['edit_reason'])
{
$this->blog['edit_reason'] = fetch_word_wrapped_string($this->blog['edit_reason']);
}
$show['entryedited'] = true;
}
else
{
$show['entryedited'] = false;
}
$show['tags'] = false;
if ($this->registry->options['vbblog_tagging'])
{
require_once(DIR . '/includes/blog_functions_tag.php');
$this->blog['tag_list'] = fetch_entry_tagbits($this->blog, $this->userinfo);
$show['tag_edit'] = (
(($this->registry->userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_cantagown']) AND $this->bloginfo['userid'] == $this->registry->userinfo['userid'])
OR ($this->registry->userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_cantagothers'])
OR (($this->registry->userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_candeletetagown']) AND $this->bloginfo['userid'] == $this->registry->userinfo['userid'])
OR can_moderate_blog('caneditentries')
);
$show['tags'] = ($show['tag_edit'] OR $this->blog['taglist']);
$show['notags'] = !$this->blog['taglist'];
}
}
/**
* Called when an unknown Who's Online location is found within vBulletin
*
* @param array userinfo array
* @param boolean reference to a boolean variable to indicate if the function handled the location
*
* @return void
*/
function blog_online_location_unknown(&$userinfo, &$handled)
{
if (strpos($userinfo['activity'], 'blog_') === 0)
{
global $wol_blog, $wol_blogtext, $wol_blogtrackback, $wol_bloguser, $wol_user, $vbulletin, $vbphrase;
$handled = true;
if ($userinfo['blogtextid'])
{
$blogid = $wol_blogtext["$userinfo[blogtextid]"]['blogid'];
}
else
{
$blogid = $userinfo['blogid'];
}
if ($wol_blog["$blogid"]['userid'])
{
$userid = $wol_blog["$blogid"]['userid'];
}
else if (!empty($userinfo['targetuserid']))
{
$userid = $userinfo['targetuserid'];
}
else if ($userinfo['bloguserid'])
{
$userid = $userinfo['bloguserid'];
}
$can_see_blog = false;
$can_see_blog_title = false;
if (
(($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) AND $wol_blog["$blogid"]['userid'] == $vbulletin->userinfo['userid'])
OR
(($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']) AND $wol_blog["$blogid"]['userid'] != $vbulletin->userinfo['userid'])
)
{
if ($can_see_blog = $wol_bloguser["$userid"]['canviewmyblog'])
{ /* draft isn't here because it doesn't really exist yet, ooOoooh (best ghost impression) */
if (((
$wol_blog["$blogid"]['state'] == 'visible'
OR
(
$wol_blog["$blogid"]['state'] == 'deleted'
AND
can_moderate_blog()
)
OR
(
$bloginfo['state'] == 'moderation'
AND
can_moderate_blog('canmoderateentries')
))
AND
!$wol_blog["$blogid"]['private'])
OR
$wol_blog["$blogid"]['userid'] == $vbulletin->userinfo['userid']
)
{
$can_see_blog_title = true;
}
}
}
$blogtitle = $wol_bloguser["$userid"]['title'] ? $wol_bloguser["$userid"]['title'] : $wol_user["$userid"];
$blog = '<a href="blog.php?' . $vbulletin->session->vars['sessionurl'] . "u=$userid\">$blogtitle</a>";
$entry = '<a href="blog.php?' . $vbulletin->session->vars['sessionurl'] . "b=$blogid\">" . $wol_blog["$blogid"]['title'] . '</a>';
$showentry = $showblog = false;
switch ($userinfo['activity'])
{
case 'blog_view_user':
$userinfo['action'] = $vbphrase['viewing_blog'];
$showblog = true;
break;
case 'blog_view_entry':
$userinfo['action'] = $vbphrase['viewing_blog_entry'];
$showentry = true;
break;
case 'blog_view_home':
$userinfo['action'] = $vbphrase['viewing_blog_home'];
break;
case 'blog_view_comments':
$userinfo['action'] = $vbphrase['viewing_blog_comments'];
break;
case 'blog_view_list':
$userinfo['action'] = $vbphrase['viewing_blog_list'];
break;
case 'blog_send_friend':
$userinfo['action'] = $vbphrase['sending_blog_entry_to_friend'];
$showentry = true;
break;
case 'blog_view_ip':
$userinfo['action'] = $vbphrase['viewing_ip_address'];
break;
case 'blog_search':
$userinfo['action'] = $vbphrase['searching_blog'];
break;
case 'blog_inlinemod':
$userinfo['action'] = '<b><i>' . $vbphrase['moderating'] . '</b></i>';
break;
case 'blog_new_entry':
$userinfo['action'] = $vbphrase['posting_blog_entry'];
break;
case 'blog_edit_entry':
$userinfo['action'] = $vbphrase['editing_blog_entry'];
$showentry = true;
break;
case 'blog_new_comment':
$userinfo['action'] = $vbphrase['posting_blog_comment'];
$showentry = true;
break;
case 'blog_edit_comment':
$userinfo['action'] = $vbphrase['editing_blog_comment'];
$showentry = true;
break;
case 'blog_edit_trackback':
$userinfo['action'] = $vbphrase['editing_blog_trackback'];
$showentry = true;
break;
case 'blog_report_entry':
$userinfo['action'] = $vbphrase['reporting_blog_entry'];
if ($vbulletin->userinfo['permissions']['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonlinefull'])
{
$showentry = true;
}
break;
case 'blog_report_comment':
$userinfo['action'] = $vbphrase['reporting_blog_comment'];
if ($vbulletin->userinfo['permissions']['wolpermissions'] & $vbulletin->bf_ugp_wolpermissions['canwhosonlinefull'])
{
$showentry = true;
}
break;
case 'blog_subscription':
$userinfo['action'] = $vbphrase['viewing_blog_subscriptions'];
$showblog = true;
break;
case 'blog_usercp':
$userinfo['action'] = $vbphrase['viewing_blog_control_panel'];
break;
case 'blog_tag':
$userinfo['action'] = $vbphrase['viewing_blog_tags'];
$showblog = true;
break;
case 'blog_view_members':
$userinfo['action'] = $vbphrase['viewing_blog_members'];
$showblog = true;
break;
default:
$handled = false;
}
if ($showentry AND $blog AND $entry AND $can_see_blog_title)
{
$userinfo['where'] = construct_phrase($vbphrase['blog_x_entry_y'], $blog, $entry);
}
else if ($showblog AND $blog AND $can_see_blog)
{
$userinfo['where'] = $blog;
}
}
}
eval(print_standard_redirect('redirect_custom_block_nodelete'));
}
}
// ############################################################################
// ############################### MANAGE BLOCK ##########################
// ############################################################################
if ($_REQUEST['do'] == 'modifyblock') {
$vbulletin->input->clean_array_gpc('r', array('customblockid' => TYPE_UINT, 'type' => TYPE_NOHTML));
if ($vbulletin->GPC['customblockid']) {
$sidebarinfo = verify_blog_customblock($vbulletin->GPC['customblockid']);
cache_permissions($sidebarinfo['userinfo'], false);
$userinfo =& $sidebarinfo['userinfo'];
if ($sidebarinfo['userid'] != $vbulletin->userinfo['userid'] and !can_moderate_blog('caneditcustomblocks')) {
print_no_permission();
}
if (($sidebarinfo['type'] == 'block' and !$userinfo['permissions']['vbblog_customblocks'] or $sidebarinfo['type'] == 'page' and !$userinfo['permissions']['vbblog_custompages']) and !can_moderate_blog('caneditcustomblocks')) {
print_no_permission();
}
$type = $sidebarinfo['type'];
if ($type == 'page') {
$blocks = $db->query_first("\r\n\t\t\t\tSELECT COUNT(*) AS count\r\n\t\t\t\tFROM " . TABLE_PREFIX . "blog_custom_block\r\n\t\t\t\tWHERE\r\n\t\t\t\t\tuserid = " . $userinfo['userid'] . "\r\n\t\t\t\t\t\tAND\r\n\t\t\t\t\ttype = 'page'\r\n\t\t\t");
$show['display_location'] = true;
}
if ($userinfo['userid'] == $vbulletin->userinfo['userid']) {
$show['blogcp'] = true;
}
} else {
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'])) {
print_no_permission();
}
$type = $vbulletin->GPC['type'];
/**
* Generates the search query bits
*
* @return array|false False if error, array consisting of joins and where clause otherwise
*/
function generate()
{
if (!$this->has_errors())
{
if (can_moderate_blog())
{
unset($this->where['blog_tachy'], $this->where['blog_text_tachy']);
}
foreach ($this->where AS $key => $value)
{
if (empty($value))
{
unset($this->where["$key"]);
}
}
return array(
'joins' => implode("\n", $this->joins),
'where' => implode("\nAND ", $this->where),
'from' => "{$this->from} AS {$this->from}",
);
}
else
{
return false;
}
}
/**
* Fetch the user's ability to post a comment
*
* @param array $bloginfo from fetch_bloginfo or equivalent
* @param array $userinfo from fetch_userinfo or equivalent
*
* @return bool
*/
function fetch_can_comment($bloginfo, $userinfo)
{
global $vbulletin;
return (
$bloginfo['cancommentmyblog']
AND
($bloginfo['allowcomments'] OR is_member_of_blog($userinfo, $bloginfo) OR can_moderate_blog('', $userinfo))
AND
(
(($userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_cancommentown']) AND $bloginfo['userid'] == $userinfo['userid'])
OR
(($userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_cancommentothers']) AND $bloginfo['userid'] != $userinfo['userid'])
)
AND
(
(
$bloginfo['state'] == 'moderation'
AND
(
can_moderate_blog('canmoderateentries', $userinfo)
OR
(
$userinfo['userid']
AND
$bloginfo['userid'] == $userinfo['userid']
AND
$bloginfo['postedby_userid'] != $userinfo['userid']
AND
$bloginfo['membermoderate']
)
)
)
OR
$bloginfo['state'] == 'visible'
)
AND !$bloginfo['pending']
);
}
public function getData()
{
$vbulletin =& $this->registry;
if ($this->config['blogentries_userids']) {
$userids = explode(',', $this->config['blogentries_userids']);
$useridsql = '';
if (intval($userids[0])) {
$useridsql = " AND blog.userid IN (-1";
foreach ((array) $userids as $userid) {
$useridsql .= "," . intval($userid);
}
$useridsql .= ")";
}
}
require_once DIR . '/includes/blog_functions_shared.php';
prepare_blog_category_permissions($this->registry->userinfo);
$catjoin = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid)";
if ($this->config['blogentries_catids']) {
$catidsql = '';
if (!in_array(-2, $this->config['blogentries_catids'])) {
if (in_array(-1, $this->config['blogentries_catids'])) {
$catidsql .= " AND (cu.blogcategoryid IS NULL OR cu.blogcategoryid IN (-1";
} else {
$catidsql .= " AND (cu.blogcategoryid IN (-1";
}
foreach ($this->config['blogentries_catids'] as $catid) {
$catidsql .= ",{$catid}";
}
$catidsql .= "))";
if (!empty($this->registry->userinfo['blogcategorypermissions']['cantview'])) {
$catidsql .= " AND cu.blogcategoryid NOT IN (" . implode(", ", $this->registry->userinfo['blogcategorypermissions']['cantview']) . ")";
}
}
}
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) {
$sql_and[] = "blog.userid = " . $vbulletin->userinfo['userid'];
}
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) and $vbulletin->userinfo['userid']) {
$sql_and[] = "blog.userid <> " . $vbulletin->userinfo['userid'];
}
$state = array('visible');
if (can_moderate_blog('canmoderateentries')) {
$state[] = 'moderation';
}
$sql_and[] = "blog.state IN('" . implode("', '", $state) . "')";
$sql_and[] = "blog.dateline <= " . TIMENOW;
$sql_and[] = "blog.pending = 0";
$sql_join = array();
$sql_or = array();
if (!can_moderate_blog()) {
if ($vbulletin->userinfo['userid']) {
$sql_or[] = "blog.userid = " . $vbulletin->userinfo['userid'];
$sql_or[] = "(options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL)";
$sql_or[] = "(options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)";
$sql_or[] = "(options_member & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL) AND (options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR ignored.relationid IS NULL))";
$sql_and[] = "(" . implode(" OR ", $sql_or) . ")";
$sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = blog.userid AND buddy.relationid = " . $vbulletin->userinfo['userid'] . " AND buddy.type = 'buddy')";
$sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = blog.userid AND ignored.relationid = " . $vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore')";
$sql_and[] = "\n\t\t\t\t\t(blog.userid = " . $vbulletin->userinfo['userid'] . "\n\t\t\t\t\t\tOR\n\t\t\t\t\t~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private'] . "\n\t\t\t\t\t\tOR\n\t\t\t\t\t(options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL))";
} else {
$sql_and[] = "options_guest & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'];
$sql_and[] = "~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private'];
}
}
$datecut = TIMENOW - $this->config['datecut'] * 86400;
switch (intval($this->config['blogentries_type'])) {
case 0:
$ordersql = " blog.dateline DESC";
$datecutoffsql = " AND blog.dateline > {$datecut}";
break;
case 1:
$ordersql = " blog.lastcomment DESC";
$datecutoffsql = " AND blog.lastcomment > {$datecut}";
break;
case 2:
$ordersql = " blog.comments_visible DESC";
$datecutoffsql = " AND blog.dateline > {$datecut}";
break;
case 3:
$ordersql = " blog.views DESC";
$datecutoffsql = " AND blog.dateline > {$datecut}";
break;
}
// remove threads from users on the global ignore list if user is not a moderator
$globalignore = '';
if (trim($this->registry->options['globalignore']) != '') {
require_once DIR . '/includes/functions_bigthree.php';
if ($Coventry = fetch_coventry('string')) {
$globalignore = "AND blog.userid NOT IN ({$Coventry}) ";
}
}
$results = $this->registry->db->query_read_slave("\n\t\t\tSELECT blog.blogid, blog.comments_visible as replycount, blog.title, blog.lastcomment, blog.lastcommenter, blog.postedby_userid, blog.postedby_username, blog.dateline,\n\t\t\t\tblog_text.blogtextid, blog_text.pagetext AS message,\n\t\t\t\tblog_user.title as blogtitle, blog_user.description as blogdescription,\n\t\t\t\tuser.*\n\t\t\t\t" . ($this->registry->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . "\n\t\t\tFROM " . TABLE_PREFIX . "blog AS blog\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog_text.blogtextid = blog.firstblogtextid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "blog_user AS blog_user ON (blog_user.bloguserid = blog.userid)\n\t\t\tINNER JOIN " . TABLE_PREFIX . "user AS user ON (blog.userid = user.userid)\n\t\t\t{$catjoin}\n\t\t\t" . (!empty($sql_join) ? implode("\r\n", $sql_join) : "") . "\n\t\t\t" . ($this->registry->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "\n\t\t\tWHERE 1=1\n\t\t\t\t{$useridsql}\n\t\t\t\t{$catidsql}\n\t\t\t\t{$datecutoffsql}\n\t\t\t\t{$globalignore}\n\t\t\t\tAND " . implode("\r\n\tAND ", $sql_and) . "\n\t\t\tORDER BY{$ordersql}\n\t\t\tLIMIT 0," . intval($this->config['blogentries_limit']) . "\n\t\t");
while ($row = $this->registry->db->fetch_array($results)) {
//$row['url'] = fetch_seo_url('entry', $row);
// trim the title after fetching the url
//$row['title'] = fetch_trimmed_title($row['title'], $this->config['blogentries_titlemaxchars']);
//still need to censor the title
$row['title'] = fetch_censored_text($row['title']);
$row['blogtitle'] = $row['blogtitle'] ? $row['blogtitle'] : $row['username'];
$row['date'] = vbdate($this->registry->options['dateformat'], $row['dateline'], true);
$row['time'] = vbdate($this->registry->options['timeformat'], $row['dateline']);
$row['lastpostdate'] = vbdate($this->registry->options['dateformat'], $row['lastcomment'], true);
$row['lastposttime'] = vbdate($this->registry->options['timeformat'], $row['lastcomment']);
$row['message'] = $this->get_summary($row['message'], $this->config['blogentries_messagemaxchars']);
// get avatar
$this->fetch_avatarinfo($row);
$array[$row['blogid']] = $row;
}
return $array;
}
public function render($current_user, $criteria, $template_name = '')
{
require_once (DIR . '/includes/functions_user.php');
require_once (DIR . '/includes/functions.php');
if (!$this->record)
{
return "";
}
if (!strlen($template_name)) {
$template_name = 'blog_comment_search_result';
}
global $vbulletin, $show;
$urlinfo = array('blogid' => $this->record['blogid'], 'blog_title' => $this->record['title']);
$this->record['page_url'] = fetch_seo_url('entry', $urlinfo, array('bt' => $this->record['blogtextid'])) . "#comment" . $this->record['blogtextid'] ;
$comment = $this->record;
$canmoderation = (can_moderate_blog('canmoderatecomments') OR $vbulletin->userinfo['userid'] == $blog['userid']);
$comment['comment_date'] = vbdate($vbulletin->options['dateformat'], $comment['dateline'], true);
$comment['comment_time'] = vbdate($vbulletin->options['timeformat'], $comment['dateline']);
if (! $this->bbcode_parser )
{
$this->bbcode_parser = new vB_BbCodeParser_Blog($vbulletin, fetch_tag_list('', true));
}
$can_use_html = vB::$vbulletin->userinfo['permissions']['vbblog_entry_permissions']
& vB::$vbulletin->bf_ugp_vbblog_entry_permissions['blog_allowhtml'];
$comment['comment_summary'] =
fetch_censored_text($this->bbcode_parser->get_preview($comment['comment_pagetext'],
$this->preview_length, $can_use_html));
$templater = vB_Template::create($template_name);
$templater->register('commentinfo', $comment);
$templater->register('dateline', $this->message['dateline']);
$templater->register('dateformat', $vbulletin->options['dateformat']);
$templater->register('timeformat', $vbulletin->options['default_timeformat']);
if ($vbulletin->options['avatarenabled'] AND (intval($comment['comment_userid'])))
{
$avatar = fetch_avatar_url($comment['comment_userid']);
}
if (!isset($avatar) OR (count($avatar) < 2))
{
$avatar = false;
}
$templater->register('avatar', $avatar);
$text = $templater->render();
return $text;
}
cache_permissions($sidebarinfo['userinfo'], false);
$userinfo =& $sidebarinfo['userinfo'];
if ($sidebarinfo['userid'] != $vbulletin->userinfo['userid'] AND !can_moderate_blog('caneditcustomblocks'))
{
print_no_permission();
}
if (
(
($sidebarinfo['type'] == 'block' AND !$userinfo['permissions']['vbblog_customblocks'])
OR
($sidebarinfo['type'] == 'page' AND !$userinfo['permissions']['vbblog_custompages'])
)
AND
!can_moderate_blog('caneditcustomblocks')
)
{
print_no_permission();
}
$type = $sidebarinfo['type'];
if ($type == 'page')
{
$blocks = $db->query_first("
SELECT COUNT(*) AS count
FROM " . TABLE_PREFIX . "blog_custom_block
WHERE
userid = " . $userinfo['userid'] . "
AND
type = 'page'
");
/**
* pre_delete function - extend if the contenttype needs to do anything
*
* @param array list of deleted attachment ids to delete
* @param boolean verify permission to delete
*
* @return boolean
*/
public function pre_delete($list, $checkperms = true)
{
@ignore_user_abort(true);
// init lists
$this->lists = array(
'bloglist' => array(),
);
if ($checkperms)
{
// Verify that we have permission to view these attachmentids
$attachmultiple = new vB_Attachment_Display_Multiple($this->registry);
$attachments = $attachmultiple->fetch_results("a.attachmentid IN (" . implode(", ", $list) . ")");
if (count($list) != count($attachments))
{
return false;
}
}
$replaced = array();
$ids = $this->registry->db->query_read("
SELECT
a.attachmentid, a.userid, IF(a.contentid = 0, 1, 0) AS inprogress,
blog.blogid, blog.firstblogtextid, blog.dateline AS blog_dateline, blog.state, blog.postedby_userid,
bu.memberids, bu.memberblogids,
gm.permissions AS grouppermissions,
user.membergroupids, user.usergroupid, user.infractiongroupids,
blog_deletionlog.moddelete AS del_moddelete, blog_deletionlog.userid AS del_userid, blog_deletionlog.username AS del_username, blog_deletionlog.reason AS del_reason
FROM " . TABLE_PREFIX . "attachment AS a
LEFT JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blogid = a.contentid)
LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = blog.userid)
LEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = blog.userid)
LEFT JOIN " . TABLE_PREFIX . "blog_groupmembership AS gm ON (blog.userid = gm.bloguserid AND gm.userid = " . $this->registry->userinfo['userid'] . ")
LEFT JOIN " . TABLE_PREFIX . "blog_deletionlog AS blog_deletionlog ON (blog.blogid = blog_deletionlog.primaryid AND blog_deletionlog.type = 'blogid')
WHERE
a.attachmentid IN (" . implode(", ", $list) . ")
");
while ($id = $this->registry->db->fetch_array($ids))
{
cache_permissions($id, false);
if ($checkperms AND !$id['inprogress'] AND !fetch_entry_perm('edit', $id))
{
return false;
}
if ($id['blogid'])
{
$this->lists['bloglist']["{$id['blogid']}"]++;
if ($this->log)
{
if (($this->registry->userinfo['permissions']['genericoptions'] & $this->registry->bf_ugp_genericoptions['showeditedby']) AND $id['p_dateline'] < (TIMENOW - ($this->registry->options['noeditedbytime'] * 60)))
{
if (empty($replaced["$id[firstblogtextid]"]))
{
/*insert query*/
$this->registry->db->query_write("
REPLACE INTO " . TABLE_PREFIX . "blog_editlog
(blogtextid, userid, username, dateline)
VALUES
(
$id[firstblogtextid],
" . $this->registry->userinfo['userid'] . ",
'" . $this->registry->db->escape_string($this->registry->userinfo['username']) . "',
" . TIMENOW . "
)
");
$replaced["$id[firstblogtextid]"] = true;
}
}
if (!is_member_of_blog($this->registry->userinfo, $id) AND can_moderate_blog('caneditentries'))
{
$bloginfo = array(
'blogid' => $id['blogid'],
'attachmentid' => $id['attachmentid'],
);
require_once(DIR . '/includes/blog_functions_log_error.php');
log_moderator_action($bloginfo, 'attachment_removed');
}
}
}
}
return true;
}
// ############################### custom page ###############################
if ($_REQUEST['do'] == 'custompage') {
$vbulletin->input->clean_array_gpc('r', array('cp' => TYPE_UINT));
require_once DIR . '/includes/blog_functions_usercp.php';
$blockinfo = verify_blog_customblock($vbulletin->GPC['cp'], 'page');
if ($blockinfo['type'] == 'block' and !$blockinfo['userinfo']['permissions']['vbblog_customblocks'] or $blockinfo['type'] == 'page' and !$blockinfo['userinfo']['permissions']['vbblog_custompages']) {
if (!can_moderate_blog('caneditcustomblocks')) {
print_no_permission();
}
$show['reportlink'] = false;
} else {
$show['reportlink'] = true;
}
track_blog_visit($blockinfo['userinfo']['userid']);
$show['reportlink'] = ($show['reportlink'] and $vbulletin->userinfo['userid'] and ($vbulletin->options['rpforumid'] or $vbulletin->options['enableemail'] and $vbulletin->options['rpemail']));
$show['edit'] = (can_moderate_blog('caneditcustomblocks') or $vbulletin->userinfo['userid'] == $blockinfo['userid']);
// Parse Content here
require_once DIR . '/includes/class_bbcode_blog.php';
$bbcode = new vB_BbCodeParser_Blog($vbulletin, fetch_tag_list());
$bbcode->set_parse_userinfo($blockinfo['userinfo'], $blockinfo['userinfo']['permissions']);
$blockinfo['page'] = $bbcode->parse($blockinfo['pagetext'], 'blog_user', $blockinfo['allowsmilie'] ? 1 : 0);
$blogheader = parse_blog_description($blockinfo['userinfo'], $blockinfo);
$sidebar =& build_user_sidebar($blockinfo['userinfo']);
$navbits[] = $blockinfo['title'];
$templater = vB_Template::create('blog_custompage');
$templater->register('blogheader', $blogheader);
$templater->register('blockinfo', $blockinfo);
$content = $templater->render();
}
// build navbar
if (empty($navbits)) {
/**
* Fetches the permission value for a specific blog comment
*
* @param string The permission to check
* @param array An array of information about the blog entry
* @param array An array of information about the blog comment
*
* @return boolean Returns true if they have the permission else false
*/
function fetch_comment_perm($perm, $entryinfo = null, $blogtextinfo = null)
{
global $vbulletin;
// Only moderator can manage a comment that is in a moderated/deleted post, not even the owner of the post can manage in this situation.
if (
// Deleted Post
($entryinfo['state'] == 'deleted' AND !can_moderate_blog('candeleteentries') AND ($perm != 'canviewcomments' OR !is_member_of_blog($vbulletin->userinfo, $entryinfo['userid'])))
OR
// Moderated Post
($entryinfo['state'] == 'moderation' AND !can_moderate_blog('canmoderateentries') AND ($perm != 'canviewcomments' OR !is_member_of_blog($vbulletin->userinfo, $entryinfo)))
)
{
return false;
}
switch ($perm)
{
case 'canviewcomments':
return
(
(
($blogtextinfo['state'] != 'deleted' OR can_moderate_blog('candeletecomments') OR is_member_of_blog($vbulletin->userinfo, $entryinfo))
AND
($blogtextinfo['state'] != 'moderation' OR is_member_of_blog($vbulletin->userinfo, $entryinfo) OR $vbulletin->userinfo['userid'] == $blogtextinfo['userid'] OR fetch_comment_perm('canmoderatecomments', $entryinfo, $blogtextinfo))
)
);
case 'caneditcomments':
return
(
(
$entryinfo['userid'] == $vbulletin->userinfo['userid']
AND
$vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments']
)
OR
(
is_member_of_blog($vbulletin->userinfo, $entryinfo)
AND
$entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments']
AND
(
(
$vbulletin->userinfo['userid'] == $entryinfo['postedby_userid']
AND
$entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments']
)
OR
(
$vbulletin->userinfo['userid'] != $entryinfo['postedby_userid']
AND
$entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanageotherentry']
)
)
)
OR
(
($blogtextinfo['state'] == 'visible' OR $blogtextinfo['state'] == 'moderation')
AND
$blogtextinfo['userid'] == $vbulletin->userinfo['userid']
AND
$vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_caneditowncomment']
)
OR
(
can_moderate_blog('caneditcomments')
AND
(
$blogtextinfo['state'] != 'moderation' OR fetch_comment_perm('canmoderatecomments', $entryinfo, $blogtextinfo)
)
AND
(
$blogtextinfo['state'] != 'deleted' OR fetch_comment_perm('candeletecomments', $entryinfo, $blogtextinfo)
)
)
);
case 'canmoderatecomments':
return
(
(
$entryinfo['userid'] == $vbulletin->userinfo['userid']
AND
$vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments']
)
OR
(
is_member_of_blog($vbulletin->userinfo, $entryinfo)
AND
$entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments']
AND
(
(
$vbulletin->userinfo['userid'] == $entryinfo['postedby_userid']
AND
$entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments']
)
OR
(
$vbulletin->userinfo['userid'] != $entryinfo['postedby_userid']
AND
$entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanageotherentry']
)
)
)
OR
(
($blogtextinfo['state'] != 'deleted' OR can_moderate('candeletecomments'))
AND
can_moderate_blog('canmoderatecomments')
)
);
case 'candeletecomments':
return
(
(
$entryinfo['userid'] == $vbulletin->userinfo['userid']
AND
$vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments']
)
OR
(
is_member_of_blog($vbulletin->userinfo, $entryinfo)
AND
$entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments']
AND
(
(
$vbulletin->userinfo['userid'] == $entryinfo['postedby_userid']
AND
$entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments']
)
OR
(
$vbulletin->userinfo['userid'] != $entryinfo['postedby_userid']
AND
$entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanageotherentry']
)
)
)
OR
(
can_moderate_blog('candeletecomments')
)
OR
(
$blogtextinfo['state'] == 'visible'
AND
$blogtextinfo['userid'] == $vbulletin->userinfo['userid']
AND
$vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_candeleteowncomment']
)
);
case 'canremovecomments':
return
(
(
$entryinfo['userid'] == $vbulletin->userinfo['userid']
AND
$vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments']
)
OR
(
is_member_of_blog($vbulletin->userinfo, $entryinfo)
AND
$entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments']
AND
(
(
$vbulletin->userinfo['userid'] == $entryinfo['postedby_userid']
AND
$entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments']
)
)
)
OR
(
can_moderate_blog('canremovecomments')
)
);
case 'canundeletecomments':
return
(
(
$entryinfo['userid'] == $vbulletin->userinfo['userid']
AND
$vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments']
)
OR
(
is_member_of_blog($vbulletin->userinfo, $entryinfo)
AND
$entryinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments']
AND
(
(
$vbulletin->userinfo['userid'] == $entryinfo['postedby_userid']
AND
$entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanagecomments']
)
OR
(
$vbulletin->userinfo['userid'] != $entryinfo['postedby_userid']
AND
$entryinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canmanageotherentry']
)
)
)
OR
(
can_moderate_blog('candeletecomments')
)
);
default:
$handled = false;
($hook = vBulletinHook::fetch_hook('blog_fetch_comment_perm')) ? eval($hook) : false;
if (!$handled)
{
trigger_error('fetch_comment_perm(): Argument #1; Invalid permission specified', E_USER_ERROR);
}
}
}
public function render($current_user, $criteria, $template_name = '')
{
global $show;
global $vbulletin;
require_once(DIR . '/includes/class_bbcode.php');
require_once(DIR . '/includes/class_bbcode_blog.php');
require_once (DIR . '/includes/functions.php');
require_once (DIR . '/includes/blog_functions.php');
require_once (DIR . '/includes/functions_user.php');
if (!$this->record)
{
return "";
}
if (!strlen($template_name)) {
$template_name = 'blog_search_results_result';
}
if (! $this->bbcode_parser )
{
$this->bbcode_parser = new vB_BbCodeParser_Blog($vbulletin, fetch_tag_list('', true));
}
$blog = $this->record;
$blog['previewtext'] = htmlspecialchars_uni(fetch_censored_text(
fetch_trimmed_title(strip_bbcode($blog['pagetext'], true, true, true, true),
$this->preview_length)
));
$canmoderation = (can_moderate_blog('canmoderatecomments') OR $vbulletin->userinfo['userid'] == $blog['userid']);
$blog['trackbacks_total'] = $blog['trackback_visible'] + ($canmoderation ? $blog['trackback_moderation'] : 0);
$blog['comments_total'] = $blog['comments_visible'] + ($canmoderation ? $blog['comments_moderation'] : 0);
$blog['lastcommenter_encoded'] = urlencode($blog['lastcommenter']);
$blog['lastposttime'] = vbdate($vbulletin->options['timeformat'], $blog['lastcomment']);
$blog['lastpostdate'] = vbdate($vbulletin->options['dateformat'], $blog['lastcomment'], true);
$blog['lastpostdate'] = vbdate($vbulletin->options['dateformat'], $blog['lastcomment'], true);
$show['blogtitle'] = $blog['blogtitle'];
$templater = vB_Template::create($template_name);
$templater->register('blog', $blog);
$templater->register('dateline', $blog['dateline']);
$templater->register('dateformat', $vbulletin->options['dateformat']);
$templater->register('timeformat', $vbulletin->options['default_timeformat']);
if ($vbulletin->options['avatarenabled'] AND (intval($blog['userid'])))
{
$avatar = fetch_avatar_url($blog['userid']);
}
if (!isset($avatar) OR (count($avatar) < 2))
{
$avatar = false;
}
//to make the link to the poster
$blogposter = array('userid' => $blog['postedby_userid'], 'username' => $blog['postedby_username']);
$templater->register('blogposter', $blogposter);
$templater->register('avatar', $avatar);
return $templater->render();
}
/**
* This function composes and executes the SQL query to generate the
* blog data.
*
* @return array
*/
private function getComments()
{
require_once DIR . "/includes/functions_user.php";
if (!isset($this->config['days']) OR (! intval($this->config['days'])) )
{
$this->config['days'] = 7;
}
if (!isset($this->config['count']) OR (! intval($this->config['count'])) )
{
$this->config['count'] = 10;
}
if (!isset($this->config['messagemaxchars']) OR (! intval($this->config['messagemaxchars'])) )
{
$this->config['messagemaxchars'] = 200;
}
//handle authors
$useridsql = empty($this->config['postuserid']) ? '' : " AND(blog.userid IN (" .
implode(',', array_keys($this->config['postuserid']))
. "))";
$useridsql .= empty($this->config['commentuserid']) ? '' : " AND(blog_text.userid IN (" .
implode(',', array_keys($this->config['commentuserid']))
. "))";
//categories
if (empty($this->config['categories']))
{
$catjoin = '';
$categorysql = '';
}
else
{
$catjoin = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid)";
$categorysql = " AND cu.blogcategoryid IN (" . implode(',', array_keys($this->config['categories'])) . ")";
}
//and tags
if (empty($this->config['taglist']))
{
$tagjoin = '';
$tagsql = '';
}
else
{
$tagjoin = "LEFT JOIN " . TABLE_PREFIX . "tagcontent AS tc ON (tc.contentid = blog.blogid AND
tc.contenttypeid= " . vb_Types::instance()->getContentTypeID("vBBlog_BlogEntry") . ")";
$tagsql = " AND tc.tagid IN (" . implode(',', array_keys($this->config['taglist'])) . ")";
}
$datecutoffsql = "AND (blog.dateline > " . (TIMENOW - (86400 * $this->config['days']) ). ")" ;
require_once(DIR . '/includes/blog_functions_shared.php');
prepare_blog_category_permissions(vB::$vbulletin->userinfo);
if (!(vB::$vbulletin->userinfo['permissions']['vbblog_general_permissions'] & vB::$vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
$sql_and[] = "blog.userid = " . vB::$vbulletin->userinfo['userid'];
}
$state = array('visible');
if (can_moderate_blog('canmoderateentries'))
{
$state[] = 'moderation';
}
$sql_and[] = "blog.state IN('" . implode("', '", $state) . "')";
$sql_and[] = "blog.dateline <= " . TIMENOW;
$sql_and[] = "blog.pending = 0";
$sql_join = array();
$sql_or = array();
if (!can_moderate_blog())
{
if (vB::$vbulletin->userinfo['userid'])
{
$sql_or[] = "blog.userid = " . vB::$vbulletin->userinfo['userid'];
$sql_or[] = "(options_ignore & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL)";
$sql_or[] = "(options_buddy & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)";
$sql_or[] = "(options_member & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL) AND (options_ignore & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR ignored.relationid IS NULL))";
$sql_and[] = "(" . implode(" OR ", $sql_or) . ")";
$sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = blog.userid AND buddy.relationid = " . vB::$vbulletin->userinfo['userid'] . " AND buddy.type = 'buddy')";
$sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = blog.userid AND ignored.relationid = " . vB::$vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore')";
$sql_and[] = "
(blog.userid = " . vB::$vbulletin->userinfo['userid'] . "
OR
~blog.options & " . vB::$vbulletin->bf_misc_vbblogoptions['private'] . "
OR
(options_buddy & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL))";
}
else
{
$sql_and[] = "options_guest & " . vB::$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'];
$sql_and[] = "~blog.options & " . vB::$vbulletin->bf_misc_vbblogoptions['private'];
}
}
$globalignore = '';
if (trim(vB::$vbulletin->options['globalignore']) != '')
{
require_once(DIR . '/includes/functions_bigthree.php');
if ($Coventry = fetch_coventry('string'))
{
$globalignore = "AND blog.userid NOT IN ($Coventry) ";
}
}
$sql = "SELECT blog.blogid, blog.comments_visible as replycount, blog.title, blog.lastcomment, blog.lastcommenter, blog.postedby_userid, blog.postedby_username, blog.dateline,
blog_text.blogtextid, blog_text.pagetext AS message, blog.ratingnum, blog.ratingtotal, blog.rating, blog.views, blog.postedby_userid AS userid, blog.postedby_username AS username,
blog_user.title as blogtitle, blog_user.description as blogdescription, blog.trackback_visible,
user.*
" . (vB::$vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . "
FROM " . TABLE_PREFIX . "blog AS blog
INNER JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON ((blog_text.blogid = blog.blogid) AND (blog_text.blogtextid <> blog.firstblogtextid))
INNER JOIN " . TABLE_PREFIX . "blog_user AS blog_user ON (blog_user.bloguserid = blog.userid)
LEFT JOIN " . TABLE_PREFIX . "user AS user ON (blog_text.userid = user.userid) " .
implode("\r\n\t ", $sql_join) . "
$catjoin
$tagjoin
" . (vB::$vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . "
WHERE 1=1
$useridsql
$categorysql
$tagsql
$datecutoffsql
$globalignore
AND " . implode("\r\n\tAND ", $sql_and) . "
ORDER BY blog_text.dateline DESC
LIMIT 0," . $this->config['count'] ;
$results = vB::$db->query_read($sql);
$array = array();
$parser = new vBCms_BBCode_HTML(vB::$vbulletin, vBCms_BBCode_HTML::fetchCmsTags());
while ($blogcomment = vB::$db->fetch_array($results))
{
$blogcomment['title'] = fetch_trimmed_title($blogcomment['title'], $this->config['blogentries_titlemaxchars']);
$urlinfo = array('blogid' => $blogcomment['blogid'], 'blog_title' => $blogcomment['title']);
$blogcomment['url'] = fetch_seo_url('entry', $urlinfo, array('bt' => $blogcomment['blogtextid']))
. "#comment" . $blogcomment['blogtextid'] ;
$blogcomment['blogtitle'] = $blogcomment['blogtitle'] ? $blogcomment['blogtitle'] : $blogcomment['username'];
$blogcomment['date'] = vbdate(vB::$vbulletin->options['dateformat'], $blogcomment['dateline'], true);
$blogcomment['time'] = vbdate(vB::$vbulletin->options['timeformat'], $blogcomment['dateline']);
$thread['lastpostdate'] = vbdate(vB::$vbulletin->options['dateformat'], $thread['lastcomment'], true);
$thread['lastposttime'] = vbdate(vB::$vbulletin->options['timeformat'], $thread['lastcomment']);
$blogcomment['message'] = $this->getSummary($blogcomment['message'], $this->config['messagemaxchars']);
//get the avatar
if (vB::$vbulletin->options['avatarenabled'])
{
$blogcomment['avatar'] = fetch_avatar_url($blogcomment['userid']);
}
else
{
$blogcomment['avatar'] = 0;
}
$blogcomment['tags'] = array();
$array[$blogcomment['blogtextid']] = $blogcomment;
}
//let's get the tags;
if (!empty($array))
{
$sql = "SELECT tag.tagid, tc.contentid, tag.tagtext
FROM " . TABLE_PREFIX . "tagcontent AS tc INNER JOIN " . TABLE_PREFIX .
"tag AS tag ON tag.tagid = tc.tagid
WHERE tc.contentid IN (" . implode(',', array_keys($array)) . ") AND
tc.contenttypeid= " . vb_Types::instance()->getContentTypeID("vBBlog_BlogEntry") ;
if ($rst = vB::$db->query_read($sql))
{
while ($record = vB::$db->fetch_array($rst))
{
$array[$record['contentid']]['tags'][$record['tagid']] = $record['tagtext'];
}
}
}
return $array;
}
function post_save_each($doquery = true)
{
$blogid = intval($this->fetch_field('blogid'));
$userid = intval($this->fetch_field('userid'));
$blogtextid = $this->fetch_field('blogtextid');
$postedby_userid = intval($this->fetch_field('postedby_userid'));
require_once(DIR . '/vb/search/indexcontroller/queue.php');
vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogEntry', 'index', $blogid);
vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogComment', 'group_data_change', $blogid);
if (!$condition AND $this->info['addtags'])
{
// invalidate users tag cloud
$dataman =& datamanager_init('Blog_User', $this->registry, ERRTYPE_SILENT);
$info = array('bloguserid' => $userid);
$dataman->set_existing($info);
$dataman->set('tagcloud', '');
$dataman->save();
}
$this->build_category_counters();
build_blog_stats();
// Insert entry for moderation
if ($this->fetch_field('state') == 'moderation')
{
/*insert query*/
$this->dbobject->query_write("
INSERT IGNORE INTO " . TABLE_PREFIX . "blog_moderation
(primaryid, type, dateline)
VALUES
($blogid, 'blogid', " . TIMENOW . ")
");
}
// Insert entry for moderation
if (!$this->condition AND ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft') OR $this->fetch_field('pending'))
{
$userinfo = array('bloguserid' => $userid);
$userdata =& datamanager_init('Blog_user', $this->registry, ERRTYPE_SILENT);
$userdata->set_existing($userinfo);
if ($this->fetch_field('state') == 'moderation' OR $this->fetch_field('state') == 'draft')
{
$userdata->set($this->fetch_field('state'), $this->fetch_field('state') . ' + 1', false);
}
if ($this->fetch_field('pending'))
{
$userdata->set('pending', 'pending + 1', false);
}
$userdata->save();
}
// Send Email Notification
if (((!$this->condition AND !$this->fetch_field('pending')) OR $this->info['send_notification']) AND ($this->fetch_field('state') == 'visible' OR $this->fetch_field('state') == 'moderation') AND $this->registry->options['enableemail'])
{
$lastposttime = $this->dbobject->query_first("
SELECT MAX(dateline) AS dateline
FROM " . TABLE_PREFIX . "blog AS blog
WHERE blogid = $blogid
AND dateline < " . $this->fetch_field('dateline') . "
AND state = 'visible'
");
$entrytitle = unhtmlspecialchars($this->fetch_field('title'));
if (defined('VBBLOG_PERMS') AND $this->registry->userinfo['userid'] == $this->fetch_field('userid'))
{
$blogtitle = unhtmlspecialchars($this->registry->userinfo['blog_title']);
$username = unhtmlspecialchars($this->registry->userinfo['username']);
$userinfo =& $this->registry->userinfo;
}
else
{
if (!defined('VBBLOG_PERMS'))
{ // Tell the fetch_userinfo plugin that we need the blog fields in case this class is being called by a non blog script
define('VBBLOG_PERMS', true);
}
$userinfo = fetch_userinfo($this->fetch_field('userid'), 1);
cache_permissions($userinfo, false);
$blogtitle = unhtmlspecialchars($userinfo['blog_title']);
if ($userinfo['userid'] != $this->fetch_field('userid'))
{
$userinfo2 = fetch_userinfo($this->fetch_field('userid'), 1);
$username = unhtmlspecialchars($userinfo2['username']);
}
else
{
$username = unhtmlspecialchars($userinfo['username']);
}
}
require_once(DIR . '/includes/class_bbcode_alt.php');
$plaintext_parser = new vB_BbCodeParser_PlainText($this->registry, fetch_tag_list());
$pagetext_cache = array(); // used to cache the results per languageid for speed
$pagetext_orig =& $this->fetch_field('pagetext', 'blog_text');
($hook = vBulletinHook::fetch_hook('blog_user_notification_start')) ? eval($hook) : false;
$useremails = $this->dbobject->query_read_slave("
SELECT
user.*,
blog_subscribeuser.blogsubscribeuserid,
bm.blogmoderatorid,
ignored.relationid AS ignoreid, buddy.relationid AS buddyid,
bu.isblogmoderator, IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid
FROM " . TABLE_PREFIX . "blog_subscribeuser AS blog_subscribeuser
INNER JOIN " . TABLE_PREFIX . "user AS user ON (blog_subscribeuser.userid = user.userid)
LEFT JOIN " . TABLE_PREFIX . "blog_moderator AS bm ON (bm.userid = user.userid)
LEFT JOIN " . TABLE_PREFIX . "userlist AS buddy ON (buddy.userid = $userid AND buddy.relationid = user.userid AND buddy.type = 'buddy')
LEFT JOIN " . TABLE_PREFIX . "userlist AS ignored ON (ignored.userid = $userid AND ignored.relationid = user.userid AND ignored.type = 'ignore')
LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = user.userid)
WHERE
blog_subscribeuser.bloguserid = $userid
AND
" . ($userid == $postedby_userid ? "blog_subscribeuser.userid <> $userid AND" : "") . "
blog_subscribeuser.type = 'email'
AND
user.usergroupid <> 3
AND
user.lastactivity >= " . intval($lastposttime['dateline']) . "
");
vbmail_start();
$setoptions = $this->fetch_field('options');
$evalemail = array();
while ($touser = $this->dbobject->fetch_array($useremails))
{
cache_permissions($touser, false);
// only send private entries to contacts and moderators
if ($setoptions["{$this->bitfields['options']['private']}"] AND !$touser['buddyid'] AND !$touser['blogmoderatorid'] AND !is_member_of_blog($touser, $userinfo))
{
continue;
}
if (!($this->registry->usergroupcache["$touser[usergroupid]"]['genericoptions'] & $this->registry->bf_ugp_genericoptions['isnotbannedgroup']))
{
continue;
}
if ($this->fetch_field('state') == 'moderation')
{
if ($touser['userid'] != $userid AND !can_moderate_blog('canmoderateentries', $touser))
{
continue;
}
}
if (!empty($this->info['categories']))
{
prepare_blog_category_permissions($touser);
if (array_intersect($touser['blogcategorypermissions']['cantview'], $this->info['categories']) AND $userinfo['userid'] != $touser['userid'])
{
continue;
}
}
if (!($touser['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
continue;
}
else if (
!$touser['blogmoderatorid']
AND
!($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['cancontrolpanel'])
AND
!($touser['permissions']['adminpermissions'] & $this->registry->bf_ugp_adminpermissions['ismoderator'])
AND
(!$userinfo['ignore_canviewmyblog'] OR !$touser['ignoreid'])
AND
(!$userinfo['buddy_canviewmyblog'] OR !$touser['buddyid'])
AND
(!$userinfo['member_canviewmyblog'] OR (!$userinfo['buddy_canviewmyblog'] AND $touser['budyid']) OR (!$userinfo['ignore_canviewmyblog'] AND $touser['ignoreid']))
AND
!is_member_of_blog($touser, $userinfo)
)
{
continue;
}
$touser['username'] = unhtmlspecialchars($touser['username']);
$touser['languageid'] = iif($touser['languageid'] == 0, $this->registry->options['languageid'], $touser['languageid']);
$touser['auth'] = md5($touser['userid'] . $touser['blogsubscribeuserid'] . $touser['salt'] . COOKIE_SALT);
if (empty($evalemail))
{
$email_texts = $this->dbobject->query_read_slave("
SELECT text, languageid, fieldname
FROM " . TABLE_PREFIX . "phrase
WHERE fieldname IN ('emailsubject', 'emailbody') AND varname = 'blog_user_notify'
");
while ($email_text = $this->dbobject->fetch_array($email_texts))
{
$emails["$email_text[languageid]"]["$email_text[fieldname]"] = $email_text['text'];
}
require_once(DIR . '/includes/functions_misc.php');
foreach ($emails AS $languageid => $email_text)
{
// lets cycle through our array of notify phrases
$text_message = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailbody']), $emails['-1']['emailbody'], $email_text['emailbody'])));
$text_message = replace_template_variables($text_message);
$text_subject = str_replace("\\'", "'", addslashes(iif(empty($email_text['emailsubject']), $emails['-1']['emailsubject'], $email_text['emailsubject'])));
$text_subject = replace_template_variables($text_subject);
$evalemail["$languageid"] = '
$message = "' . $text_message . '";
$subject = "' . $text_subject . '";
';
}
}
// parse the page text into plain text, taking selected language into account
if (!isset($pagetext_cache["$touser[languageid]"]))
{
$plaintext_parser->set_parsing_language($touser['languageid']);
$pagetext_cache["$touser[languageid]"] = $plaintext_parser->parse($pagetext_orig);
}
$pagetext = $pagetext_cache["$touser[languageid]"];
($hook = vBulletinHook::fetch_hook('blog_user_notification_message')) ? eval($hook) : false;
eval(iif(empty($evalemail["$touser[languageid]"]), $evalemail["-1"], $evalemail["$touser[languageid]"]));
vbmail($touser['email'], $subject, $message);
}
unset($plaintext_parser, $pagetext_cache);
vbmail_end();
}
$this->post_save_each_blogtext($doquery);
if ($this->fetch_field('dateline') <= TIMENOW)
{
$this->insert_dupehash($this->fetch_field('blogid'));
}
if ($this->condition AND $this->info['emailupdate'] == 'none' AND ($userid != $this->registry->userinfo['userid'] OR ($userid == $this->registry->userinfo['userid'] AND $this->existing['entrysubscribed'])))
{
$this->dbobject->query_write("
DELETE FROM " . TABLE_PREFIX . "blog_subscribeentry
WHERE blogid = $blogid AND userid = $userid
");
}
else if ($this->info['emailupdate'] == 'email' OR $this->info['emailupdate'] == 'usercp')
{
$this->dbobject->query_write("
REPLACE INTO " . TABLE_PREFIX . "blog_subscribeentry
(blogid, dateline, type, userid)
VALUES
($blogid, " . TIMENOW . ", '" . $this->info['emailupdate'] . "', $userid)
");
}
($hook = vBulletinHook::fetch_hook('blog_fpdata_postsave')) ? eval($hook) : false;
}
}
#$vbulletin->url = 'blog.php?' . $vbulletin->session->vars['sessionurl'] . "b=$bloginfo[blogid]#trackbacks";
eval(print_standard_redirect('redirect_blog_edittrackback'));
}
}
// #######################################################################
if ($_REQUEST['do'] == 'edittrackback') {
$vbulletin->input->clean_array_gpc('r', array('blogtrackbackid' => TYPE_UINT));
if (!($trackbackinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "blog_trackback WHERE blogtrackbackid = " . $vbulletin->GPC['blogtrackbackid']))) {
standard_error(fetch_error('invalidid', $vbphrase['trackback'], $vbulletin->options['contactuslink']));
}
$bloginfo = verify_blog($trackbackinfo['blogid']);
if ($trackbackinfo['state'] == 'moderation' and !can_moderate_blog('canmoderatecomments') and ($vbulletin->userinfo['userid'] != $bloginfo['userid'] or !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canmanageblogcomments']))) {
standard_error(fetch_error('invalidid', $vbphrase['trackback'], $vbulletin->options['contactuslink']));
}
if ($bloginfo['state'] == 'deleted' and !can_moderate_blog('candeleteentries') or $bloginfo['state'] == 'moderation' and !can_moderate_blog('canmoderateentries')) {
print_no_permission();
}
if ($show['errors']) {
$trackbackinfo['title'] = $title;
$trackbackinfo['snippet'] = $snippet;
}
$sidebar =& build_user_sidebar($bloginfo);
// draw nav bar
$navbits = array('blog.php?' . $vbulletin->session->vars['sessionurl'] . "u={$bloginfo['userid']}" => $bloginfo['blog_title'], 'blog.php?' . $vbulletin->session->vars['sessionurl'] . "b={$bloginfo['blogid']}" => $bloginfo['title'], '' => $vbphrase['edit_trackback']);
($hook = vBulletinHook::fetch_hook('blog_post_edittrackback_complete')) ? eval($hook) : false;
// complete
$url = $vbulletin->url;
$templater = vB_Template::create('blog_edit_trackback');
$templater->register('bloginfo', $bloginfo);
$templater->register('errorlist', $errorlist);