$vbulletin->input->clean_array_gpc('p', array('blogid' => TYPE_UINT, 'editorid' => TYPE_STR)); $xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml'); if (!$vbulletin->options['quickedit']) { // if quick edit has been disabled after showthread is loaded, return a string to indicate such $xml->add_tag('disabled', 'true'); $xml->print_xml(); } else { $vbulletin->GPC['editorid'] = preg_replace('/\\W/s', '', $vbulletin->GPC['editorid']); $bloginfo = verify_blog($blogid); if (!fetch_entry_perm('edit', $bloginfo)) { $xml->add_tag('error', 'nopermission'); $xml->print_xml(); } $show['quick_edit_form_tag'] = false; $show['physicaldeleteoption'] = (fetch_entry_perm('remove', $bloginfo) or $bloginfo['state'] == 'draft' or $bloginfo['pending']); $show['softdeleteoption'] = (fetch_entry_perm('delete', $bloginfo) and $bloginfo['state'] != 'draft' and !$bloginfo['pending']); $show['deletepostoption'] = ($show['softdeleteoption'] or $show['physicaldeleteoption']); require_once DIR . '/includes/functions_editor.php'; require_once DIR . '/includes/functions_attach.php'; $posthash = md5(TIMENOW . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']); $poststarttime = TIMENOW; // Use our permission to attach or the person who owns the post? check what vB does in this situation if ($vbulletin->userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpostattach']) { $values = "values[blogid]={$bloginfo['blogid']}"; require_once DIR . '/packages/vbattach/attach.php'; $attach = new vB_Attach_Display_Content($vbulletin, 'vBBlog_BlogEntry'); $attachmentoption = $attach->fetch_edit_attachments($posthash, $poststarttime, $postattach, $bloginfo['blogid'], $values, $vbulletin->GPC['editorid'], $attachcount); $contenttypeid = $attach->fetch_contenttypeid(); } else { $attachmentoption = ''; $contenttypeid = 0;
/** * Constructs the blog sidebar specific for a user's blog * * @param array userinfo array * @param integer The month to show the calendar for * @param integer The year to show the calendar for * @param boolean Should posting rules be shown in the sidebar * * @return string HTML for sidebar */ function &build_user_sidebar(&$userinfo, $month = 0, $year = 0, $rules = false) { global $vbulletin, $show, $vbphrase, $vbcollapse, $headinclude, $ad_location, $blogrssinfo; ($hook = vBulletinHook::fetch_hook('blog_sidebar_user_start')) ? eval($hook) : false; $sidebar = array(); $blockorder = $userinfo['sidebar']; $freeblocks = array(); if ($userinfo['customblocks'] AND $userinfo['permissions']['vbblog_customblocks'] > 0) { if (count($userinfo['sidebar_customblocks']) != $userinfo['customblocks']) { $customblock = array(); $customblocks = $vbulletin->db->query_read_slave(" SELECT customblockid, pagetext, allowsmilie, title FROM " . TABLE_PREFIX . "blog_custom_block WHERE userid = " . $userinfo['userid'] . " AND type = 'block' "); while ($blockholder = $vbulletin->db->fetch_array($customblocks)) { $userinfo['sidebar_customblocks']["$blockholder[customblockid]"] = array( 'pagetext' => $blockholder['pagetext'], 'title' => $blockholder['title'], 'allowsmilie' => $blockholder['allowsmilie'], ); } } $blocktext = array(); require_once(DIR . '/includes/class_bbcode_blog.php'); $bbcode = new vB_BbCodeParser_Blog($vbulletin, fetch_tag_list()); $bbcode->set_parse_userinfo($userinfo, $userinfo['permissions']); foreach ($userinfo['sidebar_customblocks'] AS $customblockid => $blockinfo) { $customblock["custom$customblockid"] = array( 'message' => $bbcode->parse( $blockinfo['pagetext'], 'blog_entry', $blockinfo['allowsmilie'], false, $blockinfo['parsedtext'], $blockinfo['hasimages'], true ), 'title' => $blockinfo['title'], 'customblockid' => $customblockid, ); if ($bbcode->cached['text']) { $blocktext["$customblockid"] = array( 'parsedtext' => $bbcode->cached['text'], 'title' => $blockinfo['title'], 'allowsmilie' => $blockinfo['allowsmilie'], 'hasimages' => $bbcode->cached['has_images'], ); } } unset($bbcode); if (!empty($blocktext)) { $vbulletin->db->shutdown_query(" REPLACE INTO " . TABLE_PREFIX . "blog_custom_block_parsed (userid, styleid, languageid, blocktext) VALUES ($userinfo[userid], " . (STYLEID) . ", " . (LANGUAGEID) . ", '" . $vbulletin->db->escape_string(serialize($blocktext)) . "') "); } } if ($vbulletin->userinfo['permissions']['vbblog_customblocks']) { $show['editsidebar'] = true; } if ($vbulletin->userinfo['permissions']['vbblog_custompages']) { $show['editcustompage'] = true; } $useblock = array(); foreach ($vbulletin->bf_misc_vbblogblockoptions AS $key => $value) { if ($vbulletin->options['vbblog_blocks'] & $value) { switch ($key) { case 'block_archive': case 'block_category': case 'block_comments': case 'block_entries': case 'block_visitors': $show['editsidebar'] = true; break; case 'block_search': if ($show['blog_search']) { $show['editsidebar'] = true; } break; case 'block_tagcloud': if ($vbulletin->options['vbblog_tagging']) { $show['editsidebar'] = true; } break; default: ($hook = vBulletinHook::fetch_hook('blog_sidebar_user_block')) ? eval($hook) : false; } if (!isset($blockorder["$key"])) { $freeblocks["$key"] = 1; $useblock["$key"] = true; } else { $useblock["$key"] = $blockorder["$key"]; } } else { if (preg_match('#^block_#', $key)) { $useblock["$key"] = true; $blockorder["$key"] = 0; } } } if (!empty($freeblocks)) { $blockorder = array_merge($blockorder, $freeblocks); } if ($useblock['block_archive']) { $month = ($month < 1 OR $month > 12) ? vbdate('n', TIMENOW, false, false) : $month; $year = ($year > 2037 OR $year < 1970) ? vbdate('Y', TIMENOW, false, false) : $year; $show['moveable'] = ($blockorder['block_archive']); $sidebar['calendar'] = construct_calendar($month, $year, $userinfo); } fetch_avatar_html($userinfo); fetch_profilepic_html($userinfo); $userinfo['joindate'] = vbdate($vbulletin->options['registereddateformat'], $userinfo['joindate']); $userinfo['posts'] = vb_number_format($userinfo['posts']); $userinfo['entries'] = vb_number_format($userinfo['entries']); // ########################## Get Recent Visitors ######################################### if ($useblock['block_visitors']) { if ($vbulletin->options['profilemaxvisitors'] < 2) { $vbulletin->options['profilemaxvisitors'] = 2; } $hook_query_fields = $hook_query_joins = $hook_query_where = ''; ($hook = vBulletinHook::fetch_hook('blog_sidebar_user_visitors_query')) ? eval($hook) : false; // DISTINCT is nasty so add 5 to the limit as a fudge factor against pulling the same user twice (users can appear twice // due to stat tracking) $visitors_db = $vbulletin->db->query_read_slave(" SELECT user.userid, user.username, user.usergroupid, user.displaygroupid, blog_visitor.visible $hook_query_fields FROM " . TABLE_PREFIX . "blog_visitor AS blog_visitor INNER JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = blog_visitor.visitorid) $hook_query_joins WHERE blog_visitor.userid = $userinfo[userid] " . (!($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehidden']) ? " AND (visible = 1 OR blog_visitor.visitorid = " . $vbulletin->userinfo['userid'] . ")" : "") . " $hook_query_where ORDER BY blog_visitor.dateline DESC LIMIT " . ($vbulletin->options['profilemaxvisitors'] + 5) . " "); $visitors = array(); while ($user = $vbulletin->db->fetch_array($visitors_db)) { if (count($visitors) == $vbulletin->options['profilemaxvisitors']) { break; } $visitors["$user[username]"] = $user; } uksort($visitors, 'strnatcasecmp'); if ($vbulletin->userinfo['buddylist'] = trim($vbulletin->userinfo['buddylist'])) { $buddylist = preg_split('/\s+/', $vbulletin->userinfo['buddylist'], -1, PREG_SPLIT_NO_EMPTY); } else { $buddylist = array(); } $visitorbits = ''; $firstvisitor = true; foreach ($visitors AS $user) { fetch_musername($user); $user['invisiblemark'] = !$user['visible'] ? '*' : ''; $user['buddymark'] = in_array($user['userid'], $buddylist) ? '+' : ''; ($hook = vBulletinHook::fetch_hook('blog_sidebar_user_visitors_loop')) ? eval($hook) : false; $templater = vB_Template::create('memberinfo_visitorbit'); $templater->register('user', $user); $sidebar['visitorbits'] .= $templater->render(); $firstvisitor = false; } $sidebar['visitorcount'] = vb_number_format($vbulletin->db->num_rows($visitors_db)); } //########################### Get Recent Comments ##################################### if ($useblock['block_comments']) { $commentbits = ''; $wheresql = array(); $blogtextstate = array('visible'); if (can_moderate_blog('canmoderatecomments') OR is_member_of_blog($vbulletin->userinfo, $userinfo)) { $blogtextstate[] = 'moderation'; } $blogstate = array('visible'); if (can_moderate_blog('canmoderateentries') OR is_member_of_blog($vbulletin->userinfo, $userinfo)) { $blogstate[] = 'moderation'; } $wheresql = array( "blog.userid = $userinfo[userid]", "blog_text.blogtextid <> blog.firstblogtextid", "blog_text.state IN ('" . implode("','", $blogtextstate) . "')", "blog.state IN ('" . implode("','", $blogstate) . "')", "blog.dateline <= " . TIMENOW, "blog.pending = 0", ); if (!empty($vbulletin->userinfo['blogcategorypermissions']['cantview']) AND $userinfo['userid'] != $vbulletin->userinfo['userid']) { $joinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $vbulletin->userinfo['blogcategorypermissions']['cantview']) . "))"; $wheresql[] = "cu.blogcategoryid IS NULL"; } if (!can_moderate_blog() AND !is_member_of_blog($vbulletin->userinfo, $userinfo) AND !$userinfo['buddyid']) { $wheresql[] = "~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private']; } $hook_query_fields = $hook_query_joins = $hook_query_where = ''; ($hook = vBulletinHook::fetch_hook('blog_sidebar_user_comments_query')) ? eval($hook) : false; $comments = $vbulletin->db->query_read(" SELECT blog.blogid, lastblogtextid AS blogtextid, blog_text.userid, blog_text.state, IF(blog_text.userid = 0, blog_text.username, user.username) AS username, blog.blogid, blog.title " . ($vbulletin->options['avatarenabled'] ? ",avatar.avatarpath, user.avatarrevision, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheight" : "") . " $hook_query_fields FROM " . TABLE_PREFIX . "blog AS blog LEFT JOIN " . TABLE_PREFIX . "blog_text AS blog_text ON (blog.lastblogtextid = blog_text.blogtextid) LEFT JOIN " . TABLE_PREFIX . "user AS user ON (blog_text.userid = user.userid) " . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)" : "") . " $joinsql $hook_query_joins WHERE " . implode(" AND ", $wheresql) . " $hook_query_where ORDER BY blog.lastcomment DESC LIMIT 5 "); while ($comment = $vbulletin->db->fetch_array($comments)) { $show['deleted'] = ($comment['state'] == 'deleted') ? true : false; $show['moderation'] = ($comment['state'] == 'moderation') ? true : false; if ($comment['hascustomavatar'] AND $vbulletin->options['avatarenabled']) { if ($vbulletin->options['usefileavatar']) { $comment['avatarurl'] = $vbulletin->options['avatarurl'] . '/avatar' . $comment['userid'] . '_' . $comment['avatarrevision'] . '.gif'; } else { $comment['avatarurl'] = 'image.php?' . $vbulletin->session->vars['sessionurl'] . 'u=' . $comment['userid'] . '&dateline=' . $comment['avatardateline']; } $comment['avwidthpx'] = intval($comment['avwidth']); $comment['avheightpx'] = intval($comment['avheight']); if ($comment['avwidth'] AND $comment['avheight']) { $comment['avwidth'] = 'width="' . $userinfo['avwidth'] . '"'; $comment['avheight'] = 'height="' . $userinfo['avheight'] . '"'; } else { $comment['avwidth'] = ''; $comment['avheight'] = ''; } } else { $comment['avatarurl'] = ''; } ($hook = vBulletinHook::fetch_hook('blog_sidebar_user_comments_loop')) ? eval($hook) : false; $templater = vB_Template::create('blog_sidebar_comment_link'); $templater->register('comment', $comment); $templater->register('pageinfo', array('bt' => $comment['blogtextid'])); $sidebar['commentbits'] .= $templater->render(); } } //########################### Get Recent Entries ##################################### if ($useblock['block_entries']) { $wheresql = array(); $state = array('visible'); if (can_moderate_blog('canmoderateentries') OR is_member_of_blog($vbulletin->userinfo, $userinfo)) { $state[] = 'moderation'; } if (is_member_of_blog($vbulletin->userinfo, $userinfo)) { $state[] = 'draft'; } else { $wheresql[] = "blog.dateline <= " . TIMENOW; $wheresql[] = "blog.pending = 0"; } $wheresql[] = "blog.userid = $userinfo[userid]"; $wheresql[] = "blog.state IN ('" . implode("','", $state) . "')"; if (!empty($vbulletin->userinfo['blogcategorypermissions']['cantview']) AND $userinfo['userid'] != $vbulletin->userinfo['userid']) { $joinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $vbulletin->userinfo['blogcategorypermissions']['cantview']) . "))"; $wheresql[] = "cu.blogcategoryid IS NULL"; } if (!can_moderate_blog() AND !is_member_of_blog($vbulletin->userinfo, $userinfo) AND !$userinfo['buddyid']) { $wheresql[] = "~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private']; } $hook_query_fields = $hook_query_joins = $hook_query_where = ''; ($hook = vBulletinHook::fetch_hook('blog_sidebar_user_entries_query')) ? eval($hook) : false; // Recent Entries $entries = $vbulletin->db->query_read_slave(" SELECT blog.blogid, blog.title, blog.dateline, blog.state, blog.pending " . ($deljoinsql ? ",blog_deletionlog.primaryid" : "") . " $hook_query_fields FROM " . TABLE_PREFIX . "blog AS blog $joinsql $hook_query_joins WHERE " . implode(" AND ", $wheresql) . " $hook_query_where ORDER BY blog.dateline DESC LIMIT 5 "); while ($entry = $vbulletin->db->fetch_array($entries)) { if ($entry['dateline'] > TIMENOW OR $entry['pending']) { $status['phrase'] = $vbphrase['pending_blog_entry']; $status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/blog/pending_small.gif"; $show['status'] = true; } else if ($entry['state'] == 'deleted') { $status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/blog/trashcan.gif"; $status['phrase'] = $vbphrase['deleted_blog_entry']; $show['status'] = true; } else if ($entry['state'] == 'moderation') { $status['phrase'] = $vbphrase['moderated_blog_entry']; $status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/blog/moderated.gif"; $show['status'] = true; } else if ($entry['state'] == 'draft') { $status['phrase'] = $vbphrase['draft_blog_entry']; $status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/blog/draft_small.gif"; $show['status'] = true; } else { $show['status'] = false; } $entry['date'] = vbdate($vbulletin->options['dateformat'], $entry['dateline']); $entry['time'] = vbdate($vbulletin->options['timeformat'], $entry['dateline']); ($hook = vBulletinHook::fetch_hook('blog_sidebar_user_entries_loop')) ? eval($hook) : false; $templater = vB_Template::create('blog_sidebar_entry_link'); $templater->register('status', $status); $templater->register('entry', $entry); $templater->register('userinfo', $userinfo); $sidebar['entrybits'] .= $templater->render(); } } if ($useblock['block_category']) { //########################### Get Category Bits ##################################### $blog = array('userid' => $userinfo['userid'], 'title' => $userinfo['blog_title']); $categorybits = ''; if (!empty($userinfo['categorycache'])) { if (empty($userinfo['permissions'])) { cache_permissions($userinfo, false); } $beenhere = $prevdepth = 0; foreach ($userinfo['categorycache'] AS $category) { $show['ul'] = $admincat = false; if (!$category['userid']) { if (!$vbulletin->blogcategorycache["{$category['blogcategoryid']}"]) { continue; } $category['title'] = $vbphrase['category' . $category['blogcategoryid'] . '_title']; if (!($vbulletin->userinfo['blogcategorypermissions']["$category[blogcategoryid]"] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewcategory']) AND $userinfo['userid'] != $vbulletin->userinfo['userid'] ) { continue; } $admincat = true; } else if (!($userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_cancreatecategory'])) { continue; } if (!$admincat AND $sidebar['globalcategorybits'] AND !$sidebar['localcategorybits']) { for ($x = $prevdepth; $x > 0; $x--) { $sidebar['globalcategorybits'] .= '</li></ul>'; } $sidebar['globalcategorybits'] .= '</li>'; $beenhere = $prevdepth = 0; } $indentbits = ''; if ($category['depth'] == $prevdepth AND $beenhere) { $indentbits = '</li>'; } else if ($category['depth'] > $prevdepth) { // Need an UL $show['ul'] = true; } else if ($category['depth'] < $prevdepth) { for ($x = ($prevdepth - $category['depth']); $x > 0; $x--) { $indentbits .= '</li></ul>'; } $indentbits .= '</li>'; } $show['catlink'] = ($vbulletin->GPC['blogcategoryid'] != $category['blogcategoryid']) ? true : false; if ($admincat) { $show['globalcats'] = true; $templater = vB_Template::create('blog_sidebar_category_link'); $templater->register('category', $category); $templater->register('blog', $blog); $templater->register('pageinfo', array('blogcategoryid' => $category['blogcategoryid'])); $sidebar['globalcategorybits'] .= $templater->render(); } else { $show['localcats'] = true; $templater = vB_Template::create('blog_sidebar_category_link'); $templater->register('category', $category); $templater->register('blog', $blog); $templater->register('pageinfo', array('blogcategoryid' => $category['blogcategoryid'])); $sidebar['localcategorybits'] .= $templater->render(); } $prevdepth = $category['depth']; $beenhere = true; } if ($sidebar['localcategorybits']) { for ($x = $prevdepth; $x > 0; $x--) { $sidebar['localcategorybits'] .= '</li></ul>'; } $sidebar['localcategorybits'] .= '</li>'; } else if ($sidebar['globalcategorybits']) { for ($x = $prevdepth; $x > 0; $x--) { $sidebar['globalcategorybits'] .= '</li></ul>'; } $sidebar['globalcategorybits'] .= '</li>'; } } if ($userinfo['uncatentries']) { $show['ul'] = false; $show['localcats'] = true; $blogcategoryid = -1; $category = array( 'title' => $vbphrase['uncategorized'], 'entrycount' => $userinfo['uncatentries'], 'blogcategoryid' => $blogcategoryid, ); $show['catlink'] = ($vbulletin->GPC['blogcategoryid'] != $blogcategoryid) ? true : false; $templater = vB_Template::create('blog_sidebar_category_link'); $templater->register('category', $category); $templater->register('blog', $blog); $templater->register('pageinfo', array('blogcategoryid' => $category['blogcategoryid'])); $sidebar['localcategorybits'] .= $templater->render(); $sidebar['localcategorybits'] .= '</li>'; } $show['editcat'] = ($userinfo['userid'] == $vbulletin->userinfo['userid'] OR can_moderate_blog('caneditcategories')); $show['editcat_userid'] = ($userinfo['userid'] != $vbulletin->userinfo['userid']); } $show['subscribelink'] = ($vbulletin->userinfo['userid']); $show['blogsubscribed'] = $userinfo['blogsubscribed']; $show['pending'] = (is_member_of_blog($vbulletin->userinfo, $userinfo) AND $userinfo['blog_pending']); $show['draft'] = (is_member_of_blog($vbulletin->userinfo, $userinfo) AND $userinfo['blog_draft']); $show['approvecomments'] = (is_member_of_blog($vbulletin->userinfo, $userinfo) AND $userinfo['blog_comments_moderation']); if ($userinfo['blogid']) { $show['editentry'] = fetch_entry_perm('edit', $userinfo); $perform_floodcheck = ( !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) AND $vbulletin->options['emailfloodtime'] AND $vbulletin->userinfo['userid'] ); $show['emailentry'] = ( $userinfo['state'] != 'visible' OR $userinfo['pending'] OR !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canemail']) OR !$vbulletin->options['enableemail'] OR ( $perform_floodcheck AND ($timepassed = TIMENOW - $vbulletin->userinfo['emailstamp']) < $vbulletin->options['emailfloodtime']) ) ? false : true; } $show['emaillink'] = ( $userinfo['showemail'] AND $vbulletin->options['displayemails'] AND ( !$vbulletin->options['secureemail'] OR ( $vbulletin->options['secureemail'] AND $vbulletin->options['enableemail'] ) ) AND $vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canemailmember'] ); $show['homepage'] = ($userinfo['homepage'] != '' AND $userinfo['homepage'] != 'http://'); $show['pmlink'] = ($vbulletin->options['enablepms'] AND $vbulletin->userinfo['permissions']['pmquota'] AND ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] OR ($userinfo['receivepm'] AND $vbulletin->perm_cache["{$userinfo['userid']}"]['pmquota']) )) ? true : false; $show['gotoblog'] = ($vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']); $show['rssfeed'] = ($vbulletin->usergroupcache['1']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']) ? true : false; $show['categorylink'] = ($show['canpostitems'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_cancreatecategory']); $usercsspermissions = array( 'caneditfontfamily' => $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_caneditfontfamily'] ? true : false, 'caneditfontsize' => $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_caneditfontsize'] ? true : false, 'caneditcolors' => $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_caneditcolors'] ? true : false, 'caneditbgimage' => ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_caneditbgimage']) ? true : false, 'caneditborders' => $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_caneditborders'] ? true : false ); $show['customizeblog'] = (in_array(true, $usercsspermissions) AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_cancustomizeblog']); if ( $userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canhavegroupblog'] OR $userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canjoingroupblog'] ) { $show['managegroupblog'] = true; $blogmembers = explode(',', $userinfo['memberids']); $show['groupblog'] = (count($blogmembers) > 1); $show['memberblog'] = (is_member_of_blog($vbulletin->userinfo, $userinfo) AND $userinfo['userid'] != $vbulletin->userinfo['userid']); $show['postgroupblog'] = ( is_member_of_blog($vbulletin->userinfo, $userinfo) AND $vbulletin->userinfo['userid'] != $userinfo['userid'] AND $userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost'] AND $userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'] ); } else { $show['groupblog'] = $show['managegroupblog'] = $show['postgroupblog'] = $show['memberblog'] = false; } $show['postblog'] = ( $vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_permissions['blog_canpost'] AND $vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown'] ); $show['hidepostblogbutton'] = (THIS_SCRIPT == 'blog_post' AND in_array($_REQUEST['do'], array('editblog', 'newblog', 'comment'))); if ($vbulletin->userinfo['userid'] AND !$userinfo['member_canviewmyblog']) { if (is_member_of_blog($vbulletin->userinfo, $userinfo)) { $show['privateblog'] = true; } else if ($userinfo['buddyid'] AND $userinfo['buddy_canviewmyblog']) { $show['privateblog'] = $show['privateblog_contact'] = true; } else if (can_moderate_blog()) { $show['privateblog'] = $show['privateblog_moderator'] = true; } } $userinfo['onlinestatus'] = 0; // now decide if we can see the user or not if ($userinfo['lastactivity'] > (TIMENOW - $vbulletin->options['cookietimeout']) AND $userinfo['lastvisit'] != $userinfo['lastactivity']) { if ($userinfo['invisible']) { if (($vbulletin->userinfo['permissions']['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehidden']) OR $vbulletin->userinfo['userid'] == $userinfo['userid']) { // user is online and invisible BUT bbuser can see them $userinfo['onlinestatus'] = 2; } } else { // user is online and visible $userinfo['onlinestatus'] = 1; } } if ($useblock['block_tagcloud']) { $sidebar['tagcloud'] = fetch_blog_tagcloud('usage', true, $userinfo['userid']); } if ($useblock['block_search']) { $sidebar['search'] = $show['blog_search']; } $blogrules = $rules ? construct_blog_rules($rules, $userinfo) : ''; $customblockcount = 0; $moveableblocks = 0; foreach ($blockorder AS $blockname => $status) { switch($blockname) { case 'block_comments': $pageinfo = array('do' => 'comments'); break; default: $pageinfo = array(); } if ($status) { $show['moveable'] = true; if (preg_match('#^block_#', $blockname)) { $templater = vB_Template::create('blog_sidebar_user_' . $blockname); $templater->register('userinfo', $userinfo); $templater->register('sidebar', $sidebar); $templater->register('month', $month); $templater->register('year', $year); $templater->register('pageinfo', $pageinfo); $sidebar['user_customized_blocks'] .= $templater->render(); } else if (!empty($customblock["$blockname"]) AND $customblockcount < $userinfo['permissions']['vbblog_customblocks']) // custom block { $collapseimg = $vbcollapse["collapseimg_blog_block_$blockname"]; $collapseobj = $vbcollapse["collapseobj_blog_block_$blockname"]; $block =& $customblock["$blockname"]; $customblockcount++; $show['editblock'] = ($userinfo['userid'] == $vbulletin->userinfo['userid'] OR can_moderate_blog('caneditcustomblocks')); $templater = vB_Template::create('blog_sidebar_user_block_custom'); $templater->register('block', $block); $templater->register('blockname', $blockname); $sidebar['user_customized_blocks'] .= $templater->render(); } $moveableblocks++; } else if ($useblock["$blockname"]) { $show['moveable'] = false; $templater = vB_Template::create('blog_sidebar_user_' . $blockname); $templater->register('userinfo', $userinfo); $templater->register('sidebar', $sidebar); $templater->register('month', $month); $templater->register('year', $year); $templater->register('pageinfo', $pageinfo); $sidebar["$blockname"] = $templater->render(); } } if ($userinfo['permissions']['vbblog_custompages'] AND !empty($userinfo['custompages']['side'])) { foreach ($userinfo['custompages']['side'] AS $page) { $templater = vB_Template::create('blog_sidebar_custompage_link'); $templater->register('page', $page); $sidebar['custompages'] .= $templater->render(); } } if ($moveableblocks > 1 AND $vbulletin->userinfo['userid'] == $userinfo['userid']) { $show['moveable_blocks'] = true; } $show['bloguserinfo'] = true; $blogrssinfo = array( 'bloguserid' => $userinfo['bloguserid'], 'blog_title' => $userinfo['blog_title'], ); set_sidebar_ads($ad_location, $show); $headinclude .= construct_usercss_blog($userinfo, $show['blog_usercss_switch']); construct_usercss_switch_blog($show['blog_usercss_switch'], $blog_usercss_switch_phrase); ($hook = vBulletinHook::fetch_hook('blog_sidebar_user_complete')) ? eval($hook) : false; $templater = vB_Template::create('blog_sidebar_user'); $templater->register('ad_location', $ad_location); $templater->register('userinfo', $userinfo); $templater->register('sidebar', $sidebar); $templater->register('blogrules', $blogrules); $templater->register('pageinfo_markread', array('do' => 'markread', 'readhash' => $vbulletin->userinfo['logouthash'])); return $templater->render(); }
AND blog.state = 'deleted' $wheresql "); while ($post = $db->fetch_array($posts)) { $post = array_merge($post, convert_bits_to_array($post['blogoptions'], $vbulletin->bf_misc_vbblogoptions)); // Check permissions..... if (($post['userid'] != $vbulletin->userinfo['userid'] AND !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers'])) OR ($post['userid'] == $vbulletin->userinfo['userid'] AND !($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']))) { print_no_permission(); } cache_permissions($post, false); if (!fetch_entry_perm('undelete', $post)) { standard_error(fetch_error('you_do_not_have_permission_to_manage_deleted_entries')); } $blogarray["$post[blogid]"] = $post; if (empty($userlist["$post[userid]"])) { $userlist["$post[userid]"] = 1; } else { $userlist["$post[userid]"]++; } }
/** * pre_delete function - extend if the contenttype needs to do anything * * @param array list of deleted attachment ids to delete * @param boolean verify permission to delete * * @return boolean */ public function pre_delete($list, $checkperms = true) { @ignore_user_abort(true); // init lists $this->lists = array( 'bloglist' => array(), ); if ($checkperms) { // Verify that we have permission to view these attachmentids $attachmultiple = new vB_Attachment_Display_Multiple($this->registry); $attachments = $attachmultiple->fetch_results("a.attachmentid IN (" . implode(", ", $list) . ")"); if (count($list) != count($attachments)) { return false; } } $replaced = array(); $ids = $this->registry->db->query_read(" SELECT a.attachmentid, a.userid, IF(a.contentid = 0, 1, 0) AS inprogress, blog.blogid, blog.firstblogtextid, blog.dateline AS blog_dateline, blog.state, blog.postedby_userid, bu.memberids, bu.memberblogids, gm.permissions AS grouppermissions, user.membergroupids, user.usergroupid, user.infractiongroupids, blog_deletionlog.moddelete AS del_moddelete, blog_deletionlog.userid AS del_userid, blog_deletionlog.username AS del_username, blog_deletionlog.reason AS del_reason FROM " . TABLE_PREFIX . "attachment AS a LEFT JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blogid = a.contentid) LEFT JOIN " . TABLE_PREFIX . "blog_user AS bu ON (bu.bloguserid = blog.userid) LEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.userid = blog.userid) LEFT JOIN " . TABLE_PREFIX . "blog_groupmembership AS gm ON (blog.userid = gm.bloguserid AND gm.userid = " . $this->registry->userinfo['userid'] . ") LEFT JOIN " . TABLE_PREFIX . "blog_deletionlog AS blog_deletionlog ON (blog.blogid = blog_deletionlog.primaryid AND blog_deletionlog.type = 'blogid') WHERE a.attachmentid IN (" . implode(", ", $list) . ") "); while ($id = $this->registry->db->fetch_array($ids)) { cache_permissions($id, false); if ($checkperms AND !$id['inprogress'] AND !fetch_entry_perm('edit', $id)) { return false; } if ($id['blogid']) { $this->lists['bloglist']["{$id['blogid']}"]++; if ($this->log) { if (($this->registry->userinfo['permissions']['genericoptions'] & $this->registry->bf_ugp_genericoptions['showeditedby']) AND $id['p_dateline'] < (TIMENOW - ($this->registry->options['noeditedbytime'] * 60))) { if (empty($replaced["$id[firstblogtextid]"])) { /*insert query*/ $this->registry->db->query_write(" REPLACE INTO " . TABLE_PREFIX . "blog_editlog (blogtextid, userid, username, dateline) VALUES ( $id[firstblogtextid], " . $this->registry->userinfo['userid'] . ", '" . $this->registry->db->escape_string($this->registry->userinfo['username']) . "', " . TIMENOW . " ) "); $replaced["$id[firstblogtextid]"] = true; } } if (!is_member_of_blog($this->registry->userinfo, $id) AND can_moderate_blog('caneditentries')) { $bloginfo = array( 'blogid' => $id['blogid'], 'attachmentid' => $id['attachmentid'], ); require_once(DIR . '/includes/blog_functions_log_error.php'); log_moderator_action($bloginfo, 'attachment_removed'); } } } } return true; }
function process_display() { global $show, $vbphrase; static $delete, $approve; $blog =& $this->blog; if ($this->blog['ratingnum'] >= $this->registry->options['vbblog_ratingpost'] AND $this->blog['ratingnum']) { $this->blog['ratingavg'] = vb_number_format($this->blog['ratingtotal'] / $this->blog['ratingnum'], 2); $this->blog['rating'] = intval(round($this->blog['ratingtotal'] / $this->blog['ratingnum'])); $show['rating'] = true; } else { $show['rating'] = false; } if (!$this->blog['blogtitle']) { $this->blog['blogtitle'] = $this->blog['username']; } $categorybits = array(); if (!empty($this->categories["{$this->blog[blogid]}"])) { foreach ($this->categories["{$this->blog[blogid]}"] AS $index => $category) { $category['blogtitle']= $this->blog['blogtitle']; $show['cattitleonly'] = (!$category['creatorid'] AND !($this->registry->userinfo['blogcategorypermissions']["$category[blogcategoryid]"] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canviewcategory'])); $templater = vB_Template::create('blog_entry_category'); $templater->register('category', $category); $templater->register('pageinfo', array('blogcategoryid' => $category['blogcategoryid'])); $categorybits[] = $templater->render(); } } else { $category = array( 'blogcategoryid' => -1, 'title' => $vbphrase['uncategorized'], 'userid' => $this->blog['userid'], 'blogtitle' => $this->blog['blogtitle'], ); $templater = vB_Template::create('blog_entry_category'); $templater->register('category', $category); $templater->register('pageinfo', array('blogcategoryid' => $category['blogcategoryid'])); $categorybits[] = $templater->render(); } $show['category'] = true; $this->blog['categorybits'] = implode(', ', $categorybits); $show['trackback_moderation'] = ($this->blog['trackback_moderation'] AND ($this->blog['userid'] == $this->registry->userinfo['userid'] OR can_moderate_blog('canmoderatecomments'))) ? true : false; $show['comment_moderation'] = ($this->blog['hidden'] AND ($this->blog['userid'] == $this->registry->userinfo['userid'] OR can_moderate_blog('canmoderatecomments'))) ? true : false; $show['edit'] = fetch_entry_perm('edit', $this->blog); $show['delete'] = fetch_entry_perm('delete', $this->blog); $show['remove'] = fetch_entry_perm('remove', $this->blog); $show['undelete'] = fetch_entry_perm('undelete', $this->blog); $show['approve'] = fetch_entry_perm('moderate', $this->blog); $show['inlinemod'] = (($show['delete'] OR $show['remove'] OR $show['approve'] OR $show['undelete']) AND ( can_moderate_blog() OR ( !empty($this->userinfo) AND is_member_of_blog($this->registry->userinfo, $this->userinfo) ) )); if ($this->blog['dateline'] > TIMENOW OR $this->blog['pending']) { $this->status['phrase'] = $vbphrase['pending_blog_entry']; $this->status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/blog/pending.gif"; $show['status'] = true; } else if ($this->blog['state'] == 'deleted') { $this->status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/trashcan.gif"; $this->status['phrase'] = $vbphrase['deleted_blog_entry']; $show['status'] = true; } else if ($this->blog['state'] == 'moderation') { $this->status['phrase'] = $vbphrase['moderated_blog_entry']; $this->status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/moderated.gif"; $show['status'] = true; } else if ($this->blog['state'] == 'draft') { $this->status['phrase'] = $vbphrase['draft_blog_entry']; $this->status['image'] = vB_Template_Runtime::fetchStyleVar('imgdir_misc') . "/blog/draft.gif"; $show['status'] = true; } else { $show['status'] = false; } $show['private'] = false; if ($blog['private']) { $show['private'] = true; } else if (can_moderate() AND !is_member_of_blog($this->registry->userinfo, $blog)) { $membercanview = $blog['options_member'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; $buddiescanview = $blog['options_buddy'] & $this->registry->bf_misc_vbblogsocnetoptions['canviewmyblog']; if (!$membercanview AND (!$blog['buddyid'] OR !$buddiescanview)) { $show['private'] = true; } } if ($this->blog['edit_userid']) { $this->blog['edit_date'] = vbdate($this->registry->options['dateformat'], $this->blog['edit_dateline'], true); $this->blog['edit_time'] = vbdate($this->registry->options['timeformat'], $this->blog['edit_dateline']); if ($this->blog['edit_reason']) { $this->blog['edit_reason'] = fetch_word_wrapped_string($this->blog['edit_reason']); } $show['entryedited'] = true; } else { $show['entryedited'] = false; } $show['tags'] = false; if ($this->registry->options['vbblog_tagging']) { require_once(DIR . '/includes/blog_functions_tag.php'); $this->blog['tag_list'] = fetch_entry_tagbits($this->blog, $this->userinfo); $show['tag_edit'] = ( (($this->registry->userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_cantagown']) AND $this->bloginfo['userid'] == $this->registry->userinfo['userid']) OR ($this->registry->userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_cantagothers']) OR (($this->registry->userinfo['permissions']['vbblog_entry_permissions'] & $this->registry->bf_ugp_vbblog_entry_permissions['blog_candeletetagown']) AND $this->bloginfo['userid'] == $this->registry->userinfo['userid']) OR can_moderate_blog('caneditentries') ); $show['tags'] = ($show['tag_edit'] OR $this->blog['taglist']); $show['notags'] = !$this->blog['taglist']; } }