function verify_blogid(&$blogid)
{
require_once(DIR . '/includes/blog_functions.php');
if (!($this->info['bloginfo'] = fetch_bloginfo($blogid)))
{
return false;
}
else
{
return true;
}
}
function delete()
{
if ($blogtextid = $this->existing['blogtextid'])
{
$db =& $this->registry->db;
require_once(DIR . '/includes/blog_functions_log_error.php');
if ($this->info['hard_delete'])
{
require_once(DIR . '/vb/search/indexcontroller/queue.php');
vb_Search_Indexcontroller_Queue::indexQueue('vBBlog', 'BlogComment', 'delete', $blogtextid);
$db->query_write("
DELETE " . TABLE_PREFIX . "blog_text, " . TABLE_PREFIX . "blog_textparsed
FROM " . TABLE_PREFIX . "blog_text
LEFT JOIN " . TABLE_PREFIX . "blog_textparsed ON (" . TABLE_PREFIX . "blog_textparsed.blogtextid = " . TABLE_PREFIX . "blog_text.blogtextid)
WHERE " . TABLE_PREFIX . "blog_text.blogtextid = $blogtextid
");
$db->query_write("
DELETE FROM " . TABLE_PREFIX . "blog_deletionlog
WHERE primaryid = $blogtextid AND type = 'blogtextid'
");
$db->query_write("
DELETE FROM " . TABLE_PREFIX . "blog_moderation
WHERE primaryid = $blogtextid AND type = 'blogtextid'
");
$db->query_write("
DELETE FROM " . TABLE_PREFIX . "blog_hash
WHERE blogtextid = " . intval($blogtextid) . " AND
dateline > " . (TIMENOW - 300)
);
if (!$this->info['skip_moderator_log'])
{
blog_moderator_action($this->existing, 'comment_x_by_y_removed', array($this->existing['title'], $this->existing['username']));
}
}
else
{
$this->set('state', 'deleted');
$this->save();
if (!$this->info['skip_moderator_log'])
{
blog_moderator_action($this->existing, 'comment_x_by_y_softdeleted', array($this->existing['title'], $this->existing['username']));
}
// soft delete
// We have a DM for this
$db->query_write("
REPLACE INTO " . TABLE_PREFIX . "blog_deletionlog
(primaryid, type, userid, username, reason, dateline)
VALUES
($blogtextid,
'blogtextid',
" . $this->registry->userinfo['userid'] . ",
'" . $db->escape_string($this->registry->userinfo['username']) . "',
'" . $db->escape_string($this->info['reason']) . "',
" . TIMENOW . ")
");
$db->query_write("
DELETE FROM " . TABLE_PREFIX . "blog_moderation
WHERE primaryid = $blogtextid AND type = 'blogtextid'
");
}
if (!$this->info['skip_build_blog_counters'])
{
build_blog_entry_counters($this->existing['blogid']);
if (empty($this->info['blog']['userid']))
{
$bloginfo = fetch_bloginfo($this->existing['blogid']);
build_blog_user_counters($bloginfo['userid']);
}
else
{
build_blog_user_counters($this->info['blog']['userid']);
}
}
($hook = vBulletinHook::fetch_hook('blog_textdata_delete')) ? eval($hook) : false;
return true;
}
return false;
}
($hook = vBulletinHook::fetch_hook('blog_sendtofriend_complete')) ? eval($hook) : false;
$url =& $vbulletin->url;
$templater = vB_Template::create('blog_send_to_friend');
$templater->register('bloginfo', $bloginfo);
$templater->register('errormessages', $errormessages);
$templater->register('human_verify', $human_verify);
$templater->register('imagereg', $imagereg);
$templater->register('stf', $stf);
$templater->register('url', $url);
$templater->register('usernamecode', $usernamecode);
$content = $templater->render();
}
// #######################################################################
if ($_POST['do'] == 'rate') {
$vbulletin->input->clean_array_gpc('p', array('vote' => TYPE_UINT, 'ajax' => TYPE_BOOL, 'blogid' => TYPE_UINT));
$bloginfo = fetch_bloginfo($vbulletin->GPC['blogid']);
track_blog_visit($bloginfo['userid']);
if ($vbulletin->GPC['vote'] < 1 or $vbulletin->GPC['vote'] > 5) {
standard_error(fetch_error('invalidvote'));
}
if ($bloginfo['state'] !== 'visible') {
print_no_permission();
}
$rated = intval(fetch_bbarray_cookie('blog_rate', $bloginfo['blogid']));
($hook = vBulletinHook::fetch_hook('blog_rate_start')) ? eval($hook) : false;
$update = false;
if ($vbulletin->userinfo['userid']) {
if ($rating = $db->query_first("\r\n\t\t\tSELECT *\r\n\t\t\tFROM " . TABLE_PREFIX . "blog_rate\r\n\t\t\tWHERE userid = " . $vbulletin->userinfo['userid'] . "\r\n\t\t\t\tAND blogid = {$bloginfo['blogid']}\r\n\t\t")) {
if ($vbulletin->options['votechange']) {
if ($vbulletin->GPC['vote'] != $rating['vote']) {
$blograte =& datamanager_init('Blog_Rate', $vbulletin, ERRTYPE_STANDARD);
/**
* Fetches information about the selected blog with permission checks, almost identical to fetch_bloginfo
*
* @param integer The blog post we want info about
* @param mixed Should a permission check be performed as well
*
* @return array Array of information about the blog or prints an error if it doesn't exist / permission problems
*/
function verify_blog($blogid, $alert = true, $perm_check = true)
{
global $vbulletin, $vbphrase;
$bloginfo = fetch_bloginfo($blogid);
if (!$bloginfo)
{
if ($alert)
{
standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink']));
}
else
{
return 0;
}
}
if ($perm_check)
{
if (
(
//belongs to the user and the user can't view own (why?)
!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] &
$vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) AND
$bloginfo['userid'] == $vbulletin->userinfo['userid']
) OR
(
//does not belong to the user and the user can't view others.
!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] &
$vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']) AND
$bloginfo['userid'] != $vbulletin->userinfo['userid']
)
)
{
print_no_permission();
}
if ($bloginfo['state'] == 'deleted' AND !can_moderate_blog())
{
if (!is_member_of_blog($vbulletin->userinfo, $bloginfo) OR $perm_check === 'modifychild')
{
// the blog entry is deleted
standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink']));
}
}
else if (($bloginfo['pending'] OR $bloginfo['state'] == 'draft') AND !is_member_of_blog($vbulletin->userinfo, $bloginfo))
{
// can't view a pending/draft if you aren't the author
standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink']));
}
else if ($bloginfo['state'] == 'moderation' AND !can_moderate_blog('canmoderateentries'))
{
// the blog entry is awaiting moderation
if (!is_member_of_blog($vbulletin->userinfo, $bloginfo) OR $perm_check === 'modifychild')
{
standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink']));
}
}
else if (in_coventry($bloginfo['userid']) AND !can_moderate_blog())
{
standard_error(fetch_error('invalidid', $vbphrase['blog'], $vbulletin->options['contactuslink']));
}
else if (!$bloginfo['canviewmyblog']) // Check Socnet permissions
{
print_no_permission();
}
}
return $bloginfo;
}
/**
* Updating the votecount for that thread
*
* @param boolean Do the query?
*/
function post_save_each($doquery = true)
{
// Are we handleing a multi DM
if (!$this->condition OR $this->existing['vote'] != $this->fetch_field('vote'))
{
if ($this->info['blog'])
{
$bloginfo =& $this->info['blog'];
}
else
{
$bloginfo = fetch_bloginfo($this->fetch_field('blogid'));
}
if (!$this->condition)
{
// Increment the vote count for the thread that has just been voted on
$blogman =& datamanager_init('Blog', $this->registry, ERRTYPE_SILENT, 'blog');
$blogman->set_existing($bloginfo);
$blogman->set('ratingtotal', "ratingtotal + " . intval($this->fetch_field('vote')), false);
$blogman->set('ratingnum', 'ratingnum + 1', false);
$blogman->set('rating', 'ratingtotal / ratingnum', false);
$blogman->save();
}
else
{
// this is an update
$votediff = $this->fetch_field('vote') - $this->existing['vote'];
$blogman =& datamanager_init('Blog', $this->registry, ERRTYPE_SILENT, 'blog');
$blogman->set_existing($bloginfo);
$blogman->set('ratingtotal', "ratingtotal + $votediff", false);
$blogman->set('rating', "ratingtotal / ratingnum", false);
$blogman->save();
}
build_blog_user_counters($bloginfo['userid']);
if ($this->fetch_field('userid') == $this->registry->userinfo['userid'])
{
set_bbarray_cookie('blog_rate', $this->fetch_field('blogid'), $this->fetch_field('vote'), 1);
}
}
($hook = vBulletinHook::fetch_hook('blog_ratedata_postsave')) ? eval($hook) : false;
}
{
require_once(DIR . '/packages/vbattach/attach.php');
$attach = new vB_Attach_Display_Content($vbulletin, 'vBBlog_BlogEntry');
$post['attachments'] = $attach->fetch_postattach(0, $bloginfo['blogid']);
}
require_once(DIR . '/includes/class_blog_entry.php');
require_once(DIR . '/includes/class_bbcode_blog.php');
require_once(DIR . '/includes/class_xml.php');
$bbcode = new vB_BbCodeParser_Blog_Snippet($vbulletin, fetch_tag_list());
$factory = new vB_Blog_EntryFactory($vbulletin, $bbcode, $categories);
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('entrybits');
$bloginfo = fetch_bloginfo($bloginfo['blogid'], false);
// TODO - We need to know from AJAX whether $userinfo is set, e.g. do=list&u=9 OR do=list
$entry_handler =& $factory->create($bloginfo);
if ($vbulletin->userinfo['userid'] == $bloginfo['userid'])
{
$entry_handler->userinfo = $vbulletin->userinfo;
}
// no attachment support for lists at this time
$entry_handler->attachments = $post['attachments'];
$rentry = process_replacement_vars($entry_handler->construct());
$xml->add_tag('message', process_replacement_vars($rentry));
$xml->close_group();
$xml->print_xml();
}
else
/**
* Verify parameters match
*
* @var array
*
* @return boolean
*/
function verify_pingback_ping(&$pinfo)
{
$params = array(
'string',
'string',
);
require_once(DIR . '/includes/blog_functions_post.php');
if ($this->build_xmlrpc_array($params, $pinfo))
{
// XML-RPC is valid if we are here
// 1 - Verify that the second URL matches the URL to our blog but don't validate the blogid here
// 2 - Insert the information into the blog_pinghistory table
// 3 - Cron script will verify the entries and insert pingbacks
// This allows us to kill floods for the most part
if (!empty($this->xmlrpc_array[0]['string']))
{
if (preg_match('#^' . preg_quote($this->registry->options['bburl'], '#') . '\/blog(?:_callback)?.php\?b(?:logid)?=(\d+)$#si', trim($this->xmlrpc_array[1]['string']), $matches))
{
$blogid = intval($matches[1]);
$sourcemd5 = md5(trim($this->xmlrpc_array[0]['string']));
if ($blogid)
{
$result = $this->registry->db->query_write("
INSERT IGNORE INTO " . TABLE_PREFIX . "blog_pinghistory
(blogid, sourcemd5, sourceurl, dateline)
VALUES
($blogid, '$sourcemd5', '" . $this->registry->db->escape_string(trim($this->xmlrpc_array[0]['string'])) . "', " . TIMENOW . ")
");
if ($this->registry->db->affected_rows($result))
{
$this->build_xml_response('accepted');
require_once(DIR . '/includes/blog_functions.php');
if ($bloginfo = fetch_bloginfo($blogid))
{
if ($bloginfo['state'] == 'visible')
{
cache_permissions($bloginfo, false);
// verify user has permission to receive pingbacks
if ($bloginfo['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canreceivepingback'])
{
$dataman =& datamanager_init('Blog_Trackback', $this->registry, ERRTYPE_ARRAY);
$dataman->set('blogid', $blogid);
$dataman->set('url', trim($this->xmlrpc_array[0]['string']));
$dataman->set('userid', $bloginfo['userid']);
$dataman->set_info('akismet_key', $bloginfo['akismet_key']);
$dataman->pre_save();
if (!empty($dataman->errors))
{
write_trackback_log('pingback', 'in', 6, array('GLOBALS' => $GLOBALS['HTTP_RAW_POST_DATA'], 'errors' => $dataman->errors));
}
else
{
$dataman->save();
write_trackback_log('pingback', 'in', 0, $GLOBALS['HTTP_RAW_POST_DATA']);
}
}
else
{
write_trackback_log('pingback', 'in', 4, $GLOBALS['HTTP_RAW_POST_DATA']);
}
}
else
{
write_trackback_log('pingback', 'in', 7, $GLOBALS['HTTP_RAW_POST_DATA']);
}
}
else
{
write_trackback_log('pingback', 'in', 5, $GLOBALS['HTTP_RAW_POST_DATA']);
}
return true;
}
else
{
write_trackback_log('pingback', 'in', 3, $GLOBALS['HTTP_RAW_POST_DATA']);
}
}
else
{
write_trackback_log('pingback', 'in', 2, $GLOBALS['HTTP_RAW_POST_DATA']);
}
}
else
{
write_trackback_log('pingback', 'in', 2, $GLOBALS['HTTP_RAW_POST_DATA']);
}
}
else
{
write_trackback_log('pingback', 'in', 1, $GLOBALS['HTTP_RAW_POST_DATA']);
}
}
else
{
write_trackback_log('pingback', 'in', 1, $GLOBALS['HTTP_RAW_POST_DATA']);
}
$xml_error_struct = $this->build_fault_struct(-32500, $this->faultcodes['-32500']);
$this->build_xml_response($xml_error_struct, true);
// $this->build_xmlrpc_array sets build_xml_response() on failure
return false;
}
function send_xml_response()
{
require_once(DIR . '/includes/class_xml.php');
$this->xml_object = new vB_XML_Builder($this->registry);
$this->xml_object->doc = '';
$this->xml_object->add_group('response');
if ($this->sourceurl AND $this->registry->options['vbblog_trackback'])
{
$sourcemd5 = md5($this->sourceurl);
$result = $this->registry->db->query_write("
INSERT IGNORE INTO " . TABLE_PREFIX . "blog_pinghistory
(blogid, sourcemd5, sourceurl, dateline)
VALUES ({$this->blogid}, '$sourcemd5', '" . $this->registry->db->escape_string($this->sourceurl) . "', " . TIMENOW . ")
");
require_once(DIR . '/includes/blog_functions_post.php');
if ($this->registry->db->affected_rows($result))
{
require_once(DIR . '/includes/blog_functions.php');
if ($bloginfo = fetch_bloginfo($this->blogid))
{
if ($bloginfo['state'] == 'visible')
{
cache_permissions($bloginfo, false);
if ($bloginfo['permissions']['vbblog_general_permissions'] & $this->registry->bf_ugp_vbblog_general_permissions['blog_canreceivepingback'])
{
// verify user has permission to receive trackbacks
$dataman =& datamanager_init('Blog_Trackback', $this->registry, ERRTYPE_SILENT);
$dataman->set('blogid', $this->blogid);
$dataman->set('url', $this->sourceurl);
$dataman->set('userid', $bloginfo['userid']);
$dataman->set_info('akismet_key', $bloginfo['akismet_key']);
if (!empty($dataman->errors))
{
write_trackback_log('trackback', 'in', 6, array('GLOBALS' => '', 'errors' => $dataman->errors), $bloginfo, $this->sourceurl);
}
else
{
$dataman->save();
write_trackback_log('trackback', 'in', 0, '', $bloginfo, $this->sourceurl);
}
}
else
{
write_trackback_log('trackback', 'in', 4, '', $bloginfo, $this->sourceurl);
}
}
else
{
write_trackback_log('trackback', 'in', 7, '', $bloginfo, $this->sourceurl);
}
}
else
{
write_trackback_log('trackback', 'in', 5, '', array(), $this->sourceurl);
}
if (defined('NOSHUTDOWNFUNC'))
{
$this->registry->db->close();
}
$this->xml_object->add_tag('error', 0);
$this->xml_object->close_group('response');
$this->xml_object->send_content_type_header();
$this->xml_object->send_content_length_header();
echo $this->xml_object->fetch_xml_tag() . $this->xml_object->output();
return;
}
else
{
write_trackback_log('trackback', 'in', 3, '', array(), $this->sourceurl);
}
}
if (defined('NOSHUTDOWNFUNC'))
{
$this->registry->db->close();
}
$this->xml_object->add_tag('error', 1);
$this->xml_object->add_tag('message', 'Invalid');
$this->xml_object->close_group('response');
$this->xml_object->send_content_type_header();
$this->xml_object->send_content_length_header();
echo $this->xml_object->fetch_xml_tag() . $this->xml_object->output();
return;
}
