<?

php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin Blog 4.2.0
|| # ---------------------------------------------------------------- # ||
|| # Copyright 2000-2012 vBulletin Solutions Inc. All Rights Reserved. ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/
// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);
// #################### DEFINE IMPORTANT CONSTANTS #######################
if (!defined('THIS_SCRIPT')) { define('THIS_SCRIPT', 'blog'); }
define('VB_PRODUCT', 'vbblog');
define('CSRF_PROTECTION', true);
define('VBBLOG_PERMS', true);
define('VBBLOG_STYLE', true);
define('VBBLOG_SCRIPT', true);
define('GET_EDIT_TEMPLATES', 'blog,comments,list');
if (!defined('FRIENDLY_URL_LINK'))
{
define('FRIENDLY_URL_LINK', 'blog');
}
// ################### PICK SOMETHING TO DO ######################
if (empty($_REQUEST['do']))
{
if (THIS_SCRIPT == 'entry' OR !empty($_REQUEST['blogid']) OR !empty($_RE
QUEST['blogtextid']) OR !empty($_REQUEST['b']) OR !empty($_REQUEST['bt']))
{
$_REQUEST['do'] = 'blog';
}
else if (!empty($_REQUEST['tag']) OR !empty($_REQUEST['userid']) OR !emp
ty($_REQUEST['u']) OR !empty($_REQUEST['username']) OR !empty($_REQUEST['blogcat
egoryid']))
{
$_REQUEST['do'] = 'list';
}
else if (!empty($_REQUEST['cp']))
{
$_REQUEST['do'] = 'custompage';
}
else
{
$_REQUEST['do'] = 'list';
}
}
// ################### PRE-CACHE TEMPLATES AND DATA ######################
// get special phrase groups
$phrasegroups = array(
'posting',
'vbblogglobal',
'postbit',
'vbblogcat',

);
// $actionphrases is broken in 3.6.7 so simulate
if (in_array($_REQUEST['do'], array('sendtofriend', 'dosendtofriend')))
{
$phrasegroups[] = 'messaging';
}
if (in_array($_REQUEST['do'], array('list', 'blog', 'comments')))
{
$phrasegroups[] = 'inlinemod';
}
// get special data templates from the datastore
$specialtemplates = array(
'smiliecache',
'bbcodecache',
'blogcategorycache',
'blogstats',
'blogfeatured_settings',
'blogfeatured_entries',
);
if (in_array($_REQUEST['do'], array('list', 'bloglist', 'comments')))
{
$specialtemplates[] = 'blogtagcloud';
}
if ($_REQUEST['do'] == 'blog')
{
$specialtemplates[] = 'bookmarksitecache';
}
// pre-cache templates used by all actions
$globaltemplates = array(
'BLOG',
'blog_css',
'blog_usercss',
'blog_header_custompage_link',
'ad_blogsidebar_start',
'ad_blogsidebar_middle',
'ad_blogsidebar_end',
'facebook_publishcheckbox',
'facebook_likebutton',
);
// pre-cache templates used by specific actions
$actiontemplates = array(
'blog'
=>
array(
'blog_bookmark',
'blog_comment',
'blog_comment_deleted',
'blog_comment_ignore',
'blog_entry_category',
'blog_entry',
'blog_entry_deleted',
'blog_entry_ignore',
'blog_show_entry',
'blog_show_entry_recent_entry_link',
'blog_sidebar_calendar',

'blog_sidebar_calendar_day',
'blog_sidebar_category_link',
'blog_sidebar_comment_link',
'blog_sidebar_custompage_link',
'blog_sidebar_entry_link',
'blog_sidebar_user',
'blog_sidebar_user_block_archive',
'blog_sidebar_user_block_category',
'blog_sidebar_user_block_comments',
'blog_sidebar_user_block_entries',
'blog_sidebar_user_block_search',
'blog_sidebar_user_block_tagcloud',
'blog_sidebar_user_block_visitors',
'blog_sidebar_user_block_custom',
'blog_tag_cloud_link',
'blog_taglist',
'blog_trackback',
'ad_blogshowentry_after',
'ad_blogshowentry_before',
'postbit_attachmentimage',
'postbit_attachmentthumbnail',
),
'comments'
=> array(
'blog_sidebar_calendar',
'blog_sidebar_calendar_day',
'blog_list_comments',
'blog_comment',
'blog_comment_deleted',
'blog_comment_ignore',
'blog_sidebar_category_link',
'blog_sidebar_generic',
'blog_sidebar_user',
'blog_sidebar_comment_link',
'blog_sidebar_custompage_link',
'blog_sidebar_entry_link',
'blog_sidebar_user_block_archive',
'blog_sidebar_user_block_category',
'blog_sidebar_user_block_comments',
'blog_sidebar_user_block_entries',
'blog_sidebar_user_block_search',
'blog_sidebar_user_block_tagcloud',
'blog_sidebar_user_block_visitors',
'blog_sidebar_user_block_custom',
'blog_tag_cloud_link',
'blog_taglist',
),
'none'
=> array(
'blog_list_entries',
),
'list'
=> array(
'blog_list_entries',
'blog_sidebar_generic',
'blog_entry',
'blog_entry_category',
'blog_entry_deleted',
'blog_entry_ignore',
'blog_sidebar_calendar',
'blog_sidebar_calendar_day',
'blog_sidebar_user',
'blog_sidebar_comment_link',

'blog_sidebar_custompage_link',
'blog_sidebar_entry_link',
'blog_sidebar_category_link',
'blog_sidebar_user_block_archive',
'blog_sidebar_user_block_category',
'blog_sidebar_user_block_comments',
'blog_sidebar_user_block_entries',
'blog_sidebar_user_block_search',
'blog_sidebar_user_block_tagcloud',
'blog_sidebar_user_block_visitors',
'blog_sidebar_user_block_custom',
'blog_tag_cloud_link',
'blog_taglist',
'ad_bloglist_first_entry',
'postbit_attachmentimage',
'postbit_attachmentthumbnail',
'blog_home_list_entry',
'blog_entry_featured',
'blog_home_list_comment',
),
'sendtofriend' => array(
'blog_send_to_friend',
'humanverify',
'newpost_errormessage',
'newpost_usernamecode',
'blog_sidebar_user',
'blog_sidebar_user_block_archive',
'blog_sidebar_user_block_category',
'blog_sidebar_user_block_comments',
'blog_sidebar_user_block_entries',
'blog_sidebar_user_block_search',
'blog_sidebar_user_block_tagcloud',
'blog_sidebar_user_block_visitors',
'blog_sidebar_user_block_custom',
'blog_sidebar_comment_link',
'blog_sidebar_custompage_link',
'blog_sidebar_entry_link',
'blog_sidebar_category_link',
'blog_sidebar_calendar',
'blog_sidebar_calendar_day',
'blog_tag_cloud_link',
),
'viewip'
=> array(
'blog_entry_ip',
),
'bloglist'
=> array(
'blog_blog_row',
'blog_list_blogs_all',
'blog_list_blogs_best',
'blog_list_blogs_blog',
'blog_list_blogs_blog_ignore',
'blog_sidebar_calendar',
'blog_sidebar_calendar_day',
'blog_sidebar_category_link',
'blog_sidebar_generic',
'forumdisplay_sortarrow',
'blog_tag_cloud_link',
),
'members'
=> array(
'blog_cp_css',

'blog_grouplist',
'blog_grouplist_userbit',
'blog_sidebar_calendar',
'blog_sidebar_calendar_day',
'blog_sidebar_category_link',
'blog_sidebar_user_block_archive',
'blog_sidebar_user_block_category',
'blog_sidebar_user_block_comments',
'blog_sidebar_user_block_entries',
'blog_sidebar_user_block_search',
'blog_sidebar_user_block_tagcloud',
'blog_sidebar_user_block_visitors',
'blog_sidebar_user_block_custom',
'blog_sidebar_comment_link',
'blog_sidebar_custompage_link',
'blog_sidebar_entry_link',
'blog_sidebar_user',
'blog_tag_cloud_link',
),
'custompage'
=> array(
'blog_custompage',
'blog_sidebar_calendar',
'blog_sidebar_calendar_day',
'blog_sidebar_user',
'blog_sidebar_comment_link',
'blog_sidebar_custompage_link',
'blog_sidebar_entry_link',
'blog_sidebar_category_link',
'blog_sidebar_user_block_archive',
'blog_sidebar_user_block_category',
'blog_sidebar_user_block_comments',
'blog_sidebar_user_block_entries',
'blog_sidebar_user_block_search',
'blog_sidebar_user_block_tagcloud',
'blog_sidebar_user_block_visitors',
'blog_sidebar_user_block_custom',
'blog_tag_cloud_link',
),
);
$actiontemplates['dosendtofriend'] =& $actiontemplates['sendtofriend'];
// ####################### PRE-BACK-END ACTIONS ##########################
function exec_postvar_call_back()
{
global $vbulletin;
$vbulletin->input->clean_gpc('r', 'goto', TYPE_STR);
if ($vbulletin->GPC['goto'] == 'newpost')
{
$vbulletin->noheader = true;
}
}
// ######################### REQUIRE BACK-END ############################
require_once('./global.php');
require_once(DIR . '/includes/functions_bigthree.php');
require_once(DIR . '/includes/blog_init.php');
require_once(DIR . '/includes/blog_functions_main.php');

verify_blog_url();
// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################
// ### STANDARD INITIALIZATIONS ###
$checked = array();
$blog = array();
$postattach = array();
$bloginfo = array();
$show['lightbox'] = ($vbulletin->options['lightboxenabled'] AND $vbulletin->opti
ons['usepopups']);
$show['moderatecomments'] = (!$vbulletin->options['blog_commentmoderation'] AND
$vbulletin->userinfo['permissions']['vbblog_comment_permissions'] & $vbulletin->
bf_ugp_vbblog_comment_permissions['blog_followcommentmoderation'] ? true : false
);
$show['pingback'] = ($vbulletin->options['vbblog_pingback'] AND $vbulletin->user
info['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_ge
neral_permissions['blog_canreceivepingback'] ? true : false);
$show['trackback'] = ($vbulletin->options['vbblog_trackback'] AND $vbulletin->us
erinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_
general_permissions['blog_canreceivepingback'] ? true : false);
$show['notify'] = ($vbulletin->options['vbblog_notifylinks'] AND $vbulletin->use
rinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_g
eneral_permissions['blog_cansendpingback'] ? true : false);
$navbits = array();
/* Check they can view a blog, any blog */
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbull
etin->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
if (!$vbulletin->userinfo['userid'] OR !($vbulletin->userinfo['permissio
ns']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissio
ns['blog_canviewown']))
{
print_no_permission();
}
}
($hook = vBulletinHook::fetch_hook('blog_start')) ? eval($hook) : false;
//We'll need this in a bit. This is the info to mark as escalate to Article
if ($vbulletin->products['vbcms'])
{
if (!isset(vB::$vbulletin->userinfo['permissions']['cms']))
{
require_once DIR . '/packages/vbcms/permissions.php';
vBCMS_Permissions::getUserPerms();
}
}
// #######################################################################
if ($_REQUEST['do'] == 'blog')
{
$vbulletin->input->clean_array_gpc('r', array(
'pagenumber' => TYPE_UINT,
'goto'
=> TYPE_STR,
'uh'
=> TYPE_BOOL,

));
$bloginfo = verify_blog($blogid);
verify_seo_url('entry', $bloginfo, array('pagenumber' => $_REQUEST['page
number']));
track_blog_visit($bloginfo['userid']);
$wheresql = array();
$state = array('visible');
($hook = vBulletinHook::fetch_hook('blog_entry_start')) ? eval($hook) :
false;
if (can_moderate_blog('canmoderateentries') OR is_member_of_blog($vbulle
tin->userinfo, $bloginfo))
{
$state[] = 'moderation';
}
if (can_moderate_blog() OR is_member_of_blog($vbulletin->userinfo, $blog
info))
{
$state[] = 'deleted';
$deljoinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_deletionlog AS
blog_deletionlog ON (blog.blogid = blog_deletionlog.primaryid AND blog_deletion
log.type = 'blogid')";
}
if (is_member_of_blog($vbulletin->userinfo, $bloginfo))
{
$state[] = 'draft';
}
else
{
$wheresql[] = "blog.dateline <= " . TIMENOW;
$wheresql[] = "blog.pending = 0";
}
$wheresql[] = "blog.userid = $bloginfo[userid]";
$wheresql[] = "blog.state IN ('" . implode("','", $state) . "')";
// remove blog entries that don't interest us
if ($coventry = fetch_coventry('string') AND !can_moderate_blog())
{
$wheresql[] = "blog.userid NOT IN ($coventry)";
}
if (!empty($vbulletin->userinfo['blogcategorypermissions']['cantview'])
AND $bloginfo['userid'] != $vbulletin->userinfo['userid'])
{
$joinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser AS c
u ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $vbull
etin->userinfo['blogcategorypermissions']['cantview']) . "))";
$wheresql[] = "cu.blogcategoryid IS NULL";
}
if (!can_moderate_blog() AND !is_member_of_blog($vbulletin->userinfo, $b
loginfo) AND !$bloginfo['buddyid'])
{

$wheresql[] = "~blog.options & " . $vbulletin->bf_misc_vbblogopt

ions['private'];
}
switch($vbulletin->GPC['goto'])
{
case 'next':
$wheresql[] = "blog.dateline > $bloginfo[dateline]";
if ($next = $db->query_first_slave("
SELECT blog.blogid
FROM " . TABLE_PREFIX . "blog AS blog
$joinsql
WHERE " . implode(" AND ", $wheresql) . "
ORDER BY blog.dateline
LIMIT 1
"))
{
$blogid = $next['blogid'];
}
else
{
standard_error(fetch_error('nonextnewest_blog'))
;
}
break;
case 'prev':
$wheresql[] = "blog.dateline < $bloginfo[dateline]";
if ($prev = $db->query_first_slave("
SELECT blog.blogid
FROM " . TABLE_PREFIX . "blog AS blog
$joinsql
WHERE " . implode(" AND ", $wheresql) . "
ORDER BY blog.dateline DESC
LIMIT 1
"))
{
$blogid = $prev['blogid'];
}
else
{
standard_error(fetch_error('nonextoldest_blog'))
;
}
break;
case 'newpost':
if ($vbulletin->options['threadmarking'] AND $vbulletin>userinfo['userid'])
{
$vbulletin->userinfo['lastvisit'] = max($bloginf
o['blogread'], $bloginfo['bloguserread'], TIMENOW - ($vbulletin->options['markin
glimit'] * 86400));
}
else if ($blogview = max(fetch_bbarray_cookie('blog_last
view', $bloginfo['blogid']), fetch_bbarray_cookie('blog_userread', $bloginfo['us
erid']), $vbulletin->userinfo['lastvisit']))
{
$vbulletin->userinfo['lastvisit'] = $blogview;
}
$comments = $db->query_first("

SELECT MIN(blogtextid) AS blogtextid

FROM " . TABLE_PREFIX . "blog_text
WHERE
blogid = $bloginfo[blogid]
AND
blogtextid <> $bloginfo[firstblogtextid]
AND
state = 'visible'
AND
dateline > " . intval($vbulletin->userin
fo['lastvisit']) . "
" . (($coventry = fetch_coventry('string
') AND !can_moderate_blog()) ? "AND userid NOT IN ($coventry)" : "") . "
");
if ($comments['blogtextid'])
{
$pageinfo = array('bt' => $comments['blogtextid'
]);
exec_header_redirect(fetch_seo_url('entry|js', $
bloginfo, $pageinfo) . "#comment$comments[blogtextid]");
}
else
{
$pageinfo = array('bt' => $bloginfo['lastblogtex
tid']);
exec_header_redirect(fetch_seo_url('entry|js', $
bloginfo, $pageinfo) . "#comment$bloginfo[lastblogtextid]");
}
break;
}
$bloginfo = verify_blog($blogid);
if ($vbulletin->options['vbblog_nextprevlinks'])
{
$show['nextprevtitle'] = true;
if ($next = $db->query_first_slave("
SELECT blog.blogid, blog.title
FROM " . TABLE_PREFIX . "blog AS blog
$joinsql
WHERE " . implode(" AND ", $wheresql) . "
AND blog.dateline > $bloginfo[dateline]
ORDER BY blog.dateline
LIMIT 1
"))
{
$show['nexttitle'] = true;
}
if ($prev = $db->query_first_slave("
SELECT blog.blogid, blog.title
FROM " . TABLE_PREFIX . "blog AS blog
$joinsql
WHERE " . implode(" AND ", $wheresql) . "
AND blog.dateline < $bloginfo[dateline]
ORDER BY blog.dateline DESC
LIMIT 1
"))
{
$show['prevtitle'] = true;
}

$show['blognav'] = ($show['prevtitle'] OR $show['nexttitle']);

}
else
{
$show['blognav'] = true;
}
// this fetches permissions for the user who created the blog
cache_permissions($bloginfo, false);
$displayed_dateline = 0;
$show['quickcomment'] =
(
$vbulletin->options['quickreply']
AND
$vbulletin->userinfo['userid']
AND
$bloginfo['cancommentmyblog']
AND
($bloginfo['allowcomments'] OR is_member_of_blog($vbulletin->use
rinfo, $bloginfo) OR can_moderate_blog())
AND
(
(($vbulletin->userinfo['permissions']['vbblog_comment_pe
rmissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_cancommentown'
]) AND $bloginfo['userid'] == $vbulletin->userinfo['userid'])
OR
(($vbulletin->userinfo['permissions']['vbblog_comment_pe
rmissions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_cancommentothe
rs']) AND $bloginfo['userid'] != $vbulletin->userinfo['userid'])
)
AND
(
(
$bloginfo['state'] == 'moderation'
AND
(
can_moderate_blog('canmoderateentries')
OR
(
$vbulletin->userinfo['userid']
AND
$bloginfo['userid'] == $vbulleti
n->userinfo['userid']
AND
$bloginfo['postedby_userid'] !=
$vbulletin->userinfo['userid']
AND
$bloginfo['membermoderate']
)
)
)
OR
$bloginfo['state'] == 'visible'
)
AND
!$bloginfo['pending']
AND
!fetch_require_hvcheck('post')

);
$show['postcomment'] = fetch_can_comment($bloginfo, $vbulletin->userinfo
);
// *********************************************************************
************
// display ratings
if ($bloginfo['ratingnum'] >= $vbulletin->options['vbblog_ratingpost'])
{
$bloginfo['ratingavg'] = vb_number_format($bloginfo['ratingtotal
'] / $bloginfo['ratingnum'], 2);
$bloginfo['rating'] = intval(round($bloginfo['ratingtotal'] / $b
loginfo['ratingnum']));
$show['rating'] = true;
}
else
{
$show['rating'] = false;
}
// this is for a guest
$rated = intval(fetch_bbarray_cookie('blog_rate', $bloginfo['blogid']));
// voted already
if ($bloginfo['vote'] OR $rated)
{
$rate_index = $rated;
if ($bloginfo['vote'])
{
$rate_index = $bloginfo['vote'];
}
$voteselected["$rate_index"] = 'selected="selected"';
$votechecked["$rate_index"] = 'checked="checked"';
}
else
{
$voteselected[0] = 'selected="selected"';
$votechecked[0] = 'checked="checked"';
}
// *********************************************************************
************
// update views counter
if ($bloginfo['state'] != 'draft' AND !$bloginfo['pending'])
{
if ($vbulletin->options['blogviewslive'])
{
// doing it as they happen; for optimization purposes
$db->shutdown_query("
UPDATE " . TABLE_PREFIX . "blog
SET views = views + 1
WHERE blogid = " . intval($bloginfo['blogid'])
);
}
else
{
// or doing it once an hour
$db->shutdown_query("

INSERT INTO " . TABLE_PREFIX . "blog_views (blog

id)
VALUES (" . intval($bloginfo['blogid']) . ')'
);
}
}
require_once(DIR . '/includes/class_bbcode_blog.php');
require_once(DIR . '/includes/class_blog_response.php');
$bbcode = new vB_BbCodeParser_Blog($vbulletin, fetch_tag_list());
$factory = new vB_Blog_ResponseFactory($vbulletin, $bbcode, $bloginfo);
$responsebits = '';
$saveparsed = '';
$trackbackbits = '';
$pagetext_cachable = true;
$oldest_comment = TIMENOW;
// Comments
$deljoinsql = '';
$state = array('visible');
if (can_moderate_blog('canmoderatecomments') OR is_member_of_blog($vbull
etin->userinfo, $bloginfo))
{
$state[] = 'moderation';
}
if (can_moderate_blog() OR is_member_of_blog($vbulletin->userinfo, $blog
info))
{
$state[] = 'deleted';
$deljoinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_deletionlog AS
blog_deletionlog ON (blog_text.blogtextid = blog_deletionlog.primaryid AND blog
_deletionlog.type = 'blogtextid')";
}
else
{
$deljoinsql = '';
}
// Get our page
if ($blogtextid)
{
$getpagenum = $db->query_first("
SELECT COUNT(*) AS comments
FROM " . TABLE_PREFIX . "blog_text AS blog_text
WHERE blogid = $blogid
AND state IN ('" . implode("','", $state) . "')
AND blogtextid <> $bloginfo[firstblogtextid]
AND dateline <= $blogtextinfo[dateline]
");
$vbulletin->GPC['pagenumber'] = ceil($getpagenum['comments'] / $
vbulletin->options['blog_commentsperpage']);
}
if ($coventry = fetch_coventry('string') AND !can_moderate_blog())
{
$globalignore = "AND blog_text.userid NOT IN ($coventry)";
}
else

{
$globalignore = '';
}
$categories = array();
// Get categories
$cats = $db->query_read_slave("
SELECT blog_categoryuser.blogcategoryid, blog_categoryuser.useri
d, blog_category.userid AS creatorid
FROM " . TABLE_PREFIX . "blog_categoryuser AS blog_categoryuser
LEFT JOIN " . TABLE_PREFIX . "blog_category AS blog_category ON
(blog_category.blogcategoryid = blog_categoryuser.blogcategoryid)
WHERE blog_categoryuser.blogid = $bloginfo[blogid]
");
while ($category = $db->fetch_array($cats))
{
if (!($bloginfo['permissions']['vbblog_general_permissions'] & $
vbulletin->bf_ugp_vbblog_general_permissions['blog_cancreatecategory']) AND $cat
egory['creatorid'])
{
continue;
}
$category['title'] = $category['creatorid'] ? $bloginfo['categor
ycache']["$category[blogcategoryid]"]['title'] : $vbphrase['category' . $categor
y['blogcategoryid'] . '_title'];
$entry_categories["$bloginfo[blogid]"][] = $category;
}
// load attachments
if ($bloginfo['attach'])
{
require_once(DIR . '/packages/vbattach/attach.php');
$attach = new vB_Attach_Display_Content($vbulletin, 'vBBlog_Blog
Entry');
$postattach = $attach->fetch_postattach(0, $bloginfo['blogid']);
}
if ($vbulletin->options['vbblog_pingback'] AND $bloginfo['permissions'][
'vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['b
log_canreceivepingback'])
{
$show['pingbacklink'] = true;
$pingbackurl = fetch_seo_url('blogcallback|nosession|bburl', arr
ay());
header("X-Pingback: $pingbackurl");
}
if ($vbulletin->options['vbblog_trackback'] AND $bloginfo['permissions']
['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['
blog_canreceivepingback'])
{
$show['trackbackrdf'] = true;
$trackbackurl = fetch_seo_url('blogcallback|nosession|bburl', ar
ray(), array('b' => $bloginfo['blogid']));
$abouturl = fetch_seo_url('entry|bburl', $bloginfo);
}
// Load trackbacks
if ($show['pingbacklink'] OR $show['trackbackrdf'])
{

$canmoderation = (can_moderate_blog('canmoderatecomments') OR is
_member_of_blog($vbulletin->userinfo, $bloginfo));
if ($bloginfo['trackback_visible'] OR ($bloginfo['trackback_mode
ration'] AND $canmoderation))
{
$bgclass = 'alt2';
$trackbacks = $db->query_read("
SELECT blog_trackback.*
FROM " . TABLE_PREFIX . "blog_trackback AS blog_
trackback
WHERE blogid = $bloginfo[blogid]
" . (!$canmoderation ? "AND state = 'vis
ible'" : "") . "
");
while ($trackback = $db->fetch_array($trackbacks))
{
$response_handler =& $factory->create($trackback
);
$response_handler->cachable = false;
// we deliberately ignore the returned value sin
ce its been templated, we're not really interested in that :)
$trackbackbits .= $response_handler->construct()
;
}
$show['inlinemod_trackback'] = (
fetch_comment_perm('canremovecomments', $bloginf
o)
OR
fetch_comment_perm('candeletecomments', $bloginf
o)
OR
fetch_comment_perm('canmoderatecomments', $blogi
nfo)
);
$show['approve_trackback'] = true;
$show['delete_trackback'] = true;
}
}
if (!($vbulletin->userinfo['permissions']['vbblog_entry_permissions'] &
$vbulletin->bf_ugp_vbblog_entry_permissions['blog_cangetattach']))
{
$vbulletin->options['viewattachedimages'] = 0;
$vbulletin->options['attachthumbs'] = 0;
}
/* Handle the blog entry now */
require_once(DIR . '/includes/class_blog_entry.php');
$entry_factory = new vB_Blog_EntryFactory($vbulletin, $bbcode, $entry_ca
tegories);
$entry_handler =& $entry_factory->create($bloginfo);
$entry_handler->attachments = $postattach;
$entry_handler->userinfo = $bloginfo;
$entry_handler->construct();
$blog =& $entry_handler->blog;
$status =& $entry_handler->status;
// *********************************************************************
************
// save parsed post HTML

if (!empty($saveparsed))
{
$db->shutdown_query("
REPLACE INTO " . TABLE_PREFIX . "blog_textparsed (blogte
xtid, dateline, hasimages, pagetexthtml, styleid, languageid)
VALUES $saveparsed
");
unset($saveparsed);
}
// quick comment
if ($show['quickcomment'])
{
require_once(DIR . '/includes/functions_editor.php');
$editorid = construct_edit_toolbar(
'',
false,
'blog_comment',
$vbulletin->userinfo['permissions']['vbblog_comment_perm
issions'] & $vbulletin->bf_ugp_vbblog_comment_permissions['blog_allowsmilies'],
true,
false,
'qr',
'',
array(),
'content',
'vBBlog_BlogComment',
0,
$bloginfo['blogid'],
false,
true,
'title'
);
$show['ajax_js'] = true;
}
else if ($vbulletin->options['quickedit'])
{
$show['ajax_js'] = true;
}
$show['quickedit'] = $vbulletin->options['quickedit'];
// get ignored users
$ignore = array();
if (trim($vbulletin->userinfo['ignorelist']))
{
$ignorelist = preg_split('/( )+/', trim($vbulletin->userinfo['ig
norelist']), -1, PREG_SPLIT_NO_EMPTY);
foreach ($ignorelist AS $ignoreuserid)
{
$ignore["$ignoreuserid"] = 1;
}
}
DEVDEBUG('ignored users: ' . implode(', ', array_keys($ignore)));
// Comments
do
{
if (!$vbulletin->GPC['pagenumber'])
{

$vbulletin->GPC['pagenumber'] = 1;
}
$start = ($vbulletin->GPC['pagenumber'] - 1) * $vbulletin->optio
ns['blog_commentsperpage'];
$pagenumber = $vbulletin->GPC['pagenumber'];
$state_or = array(
"blog_text.state IN ('" . implode("','", $state) . "')"
);
// Get the viewing user's moderated entries
if ($vbulletin->userinfo['userid'] AND $bloginfo['comments_moder
ation'] > 0 AND !can_moderate_blog('canmoderatecomments') AND !is_member_of_blog
($vbulletin->userinfo, $bloginfo))
{
$state_or[] = "(blog_text.userid = " . $vbulletin->useri
nfo['userid'] . " AND state = 'moderation')";
}
$show['approve'] = $show['delete'] = $show['undelete'] = false;
$hook_query_fields = $hook_query_joins = $hook_query_where = '';
($hook = vBulletinHook::fetch_hook('blog_entry_comments_query'))
? eval($hook) : false;
$comments = $db->query_read("
SELECT SQL_CALC_FOUND_ROWS blog_text.*, blog_text.ipaddr
ess AS blogipaddress,
blog_textparsed.pagetexthtml, blog_textparsed.ha
simages,
user.*, userfield.*, blog_text.username AS postu
sername,
blog_editlog.userid AS edit_userid, blog_editlog
.dateline AS edit_dateline, blog_editlog.reason AS edit_reason, blog_editlog.use
rname AS edit_username
" . ($deljoinsql ? ",blog_deletionlog.moddelete
AS del_moddelete ,blog_deletionlog.userid AS del_userid, blog_deletionlog.userna
me AS del_username, blog_deletionlog.reason AS del_reason" : "") . "
" . ($vbulletin->options['avatarenabled'] ? ",av
atar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavata
r.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height A
S avheight" : "") . "
$hook_query_fields
FROM " . TABLE_PREFIX . "blog_text AS blog_text
LEFT JOIN " . TABLE_PREFIX . "blog_textparsed AS blog_te
xtparsed ON(blog_textparsed.blogtextid = blog_text.blogtextid AND blog_textparse
d.styleid = " . intval(STYLEID) . " AND blog_textparsed.languageid = " . intval(
LANGUAGEID) . ")
LEFT JOIN " . TABLE_PREFIX . "user AS user ON (blog_text
.userid = user.userid)
LEFT JOIN " . TABLE_PREFIX . "userfield AS userfield ON
(userfield.userid = blog_text.userid)
LEFT JOIN " . TABLE_PREFIX . "blog_editlog AS blog_editl
og ON (blog_editlog.blogtextid = blog_text.blogtextid)
" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN "
. TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOI
N " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user
.userid)" : "") . "
$deljoinsql
$hook_query_joins

WHERE blogid = $bloginfo[blogid]

AND blog_text.blogtextid <> " . $bloginfo['first
blogtextid'] . "
AND (" . implode(" OR ", $state_or) . ")
$globalignore
$hook_query_where
ORDER BY blog_text.dateline ASC
LIMIT $start, " . $vbulletin->options['blog_commentsperp
age']
);
list($comment_count) = $db->query_first("SELECT FOUND_ROWS()", D
BARRAY_NUM);
if ($start >= $comment_count)
{
$vbulletin->GPC['pagenumber'] = ceil($comment_count / $v
bulletin->options['blog_commentsperpage']);
}
}
while ($start >= $comment_count AND $comment_count);
$pagenav = construct_page_nav(
$vbulletin->GPC['pagenumber'],
$vbulletin->options['blog_commentsperpage'],
$comment_count,
'',
'',
'comments',
'entry',
$bloginfo
);
$counter = 0;
while ($comment = $db->fetch_array($comments))
{
if ($comment['state'] == 'visible')
{
$counter++;
}
$comment['firstshown'] = ($counter == 1 AND $comment['state'] ==
'visible');
$response_handler =& $factory->create($comment, 'Comment', $igno
re);
$response_handler->userinfo = $bloginfo;
$response_handler->cachable = $pagetext_cachable;
$responsebits .= $response_handler->construct();
if ($pagetext_cachable AND $comment['pagetexthtml'] == '')
{
if (!empty($saveparsed))
{
$saveparsed .= ',';
}
$saveparsed .= "($comment[blogtextid], " . intval($blogi
nfo['lastcomment']) . ', ' . intval($response_handler->parsed_cache['has_images'
]) . ", '" . $db->escape_string($response_handler->parsed_cache['text']) . "', "
. intval(STYLEID) . ", " . intval(LANGUAGEID) . ")";
}
if ($comment['dateline'] > $displayed_dateline)

{
$displayed_dateline = $comment['dateline'];
}
$oldest_comment = $comment['dateline'];
if ($comment['state'] == 'deleted' OR $ignore["$comment[userid]"
])
{

// be aware $factory->create can change $response['state

']
$show['quickload'] = true;
}
}
// This is only used by Quick Comment but init it either way
$effective_lastcomment = max($displayed_dateline, $bloginfo['lastcomment
']);
$show['delete'] = (fetch_comment_perm('candeletecomments', $bloginfo) OR
fetch_comment_perm('canremovecomments', $bloginfo));
$show['undelete'] = fetch_comment_perm('canundeletecomments', $bloginfo)
;
$show['approve'] = fetch_comment_perm('canmoderatecomments', $bloginfo);
$show['inlinemod'] = ($responsebits AND ($show['delete'] OR $show['appro
ve'] OR $show['undelete']));
// Only allow AJAX QC on the last page and after one comment
$allow_ajax_qc = ($comment_count > 0 AND ($vbulletin->GPC['pagenumber']
== ceil($comment_count / $vbulletin->options['blog_commentsperpage']))) ? 1 : 0;
if ($vbulletin->userinfo['userid'])
{
mark_blog_read($bloginfo, $vbulletin->userinfo['userid'], $oldes
t_comment);
}
// Todo: allow ratings option or permission, hardcoded but we may want t
o add this
$show['blograting'] = ($bloginfo['state'] == 'visible');
$show['rateblog'] =
(
$show['blograting']
AND
(
(
(!$bloginfo['vote'] AND $vbulletin->userinfo['us
erid'])
OR
(!$rated AND !$vbulletin->userinfo['userid'])
)
OR
$vbulletin->options['votechange']
)
);
// Build Social Bookmark Links
$guestuser = array(
'userid'
=> 0,
'usergroupid' => 0,
);
cache_permissions($guestuser, false);

$bookmarksites = '';
if (
$guestuser['permissions']['forumpermissions'] & $vbulletin->bf_u
gp_forumpermissions['canview']
AND
$guestuser['permissions']['vbblog_general_permissions'] & $vbull
etin->bf_ugp_vbblog_general_permissions['blog_canviewothers']
AND
$bloginfo['state'] == 'visible'
AND
$bloginfo['guest_canviewmyblog']
AND
!$bloginfo['pending']
)
{
if ($vbulletin->options['socialbookmarks'] AND is_array($vbullet
in->bookmarksitecache) AND !empty($vbulletin->bookmarksitecache))
{
$raw_title = html_entity_decode($bloginfo['title'], ENT_
QUOTES);
foreach($vbulletin->bookmarksitecache AS $bookmarksite)
{
$bookmarksite['link'] = str_replace(
array('{URL}', '{TITLE}'),
array(urlencode(fetch_seo_url('entry|bbu
rl|nosession', $bloginfo)), urlencode($bookmarksite['utf8encode'] ? utf8_encode(
$raw_title) : $raw_title)),
$bookmarksite['url']
);
($hook = vBulletinHook::fetch_hook('blog_entry_b
ookmarkbit')) ? eval($hook) : false;
$templater = vB_Template::create('blog_bookmark'
);
$templater->register('bloginfo', $blogin
fo);
$templater->register('bookmarksite', $bo
okmarksite);
$bookmarksites .= $templater->render();
}
}
$show['guestview'] = true;
}
else
{
$show['guestview'] = false;
}
$show['trackbacks'] = ($vbulletin->GPC['pagenumber'] <= 1);
$show['titlefirst'] = true;
$show['entryonly'] = ($bloginfo['pending'] OR $bloginfo['state'] == 'dra
ft' OR ((!$bloginfo['allowcomments'] AND !is_member_of_blog($vbulletin->userinfo
, $bloginfo) AND !can_moderate_blog() AND empty($responsebits))));
$show['privateentry'] = ($bloginfo['private']);
$perform_floodcheck = (
!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbu
lletin->bf_ugp_adminpermissions['cancontrolpanel'])

AND $vbulletin->options['emailfloodtime']
AND $vbulletin->userinfo['userid']
);
$show['registeruserid'] = true;
$bloguserid = $bloginfo['userid'];
$blogheader = parse_blog_description($bloginfo);
$sidebar =& build_user_sidebar($bloginfo);
$ad_location['blogshowentry_before'] = vB_Template::create('ad_blogshowe
ntry_before')->render();
$ad_location['blogshowentry_after'] = vB_Template::create('ad_blogshowen
try_after')->render();
// navbar and output
$navbits[fetch_seo_url('blog', $bloginfo, null, 'userid', 'blog_title')]
= $bloginfo['blog_title'];
$navbits[fetch_seo_url('entry', $bloginfo)] = $bloginfo['title'];
// prepare the member action drop-down menu
if ($bloginfo['userid'] != $bloginfo['postedby_userid'])
{
$memberaction_dropdown = construct_memberaction_dropdown(fetch_u
serinfo($bloginfo['postedby_userid']));
}
else
{
$memberaction_dropdown = construct_memberaction_dropdown($blogin
fo);
}
if ($show['guestview'])
{
// facebook options
if (is_facebookenabled())
{
// display publish to Facebook checkbox in quick editor?
$fbpublishcheckbox = construct_fbpublishcheckbox();
}
// display the like button for this thread?
$fblikebutton = construct_fblikebutton();
}
($hook = vBulletinHook::fetch_hook('blog_entry_complete')) ? eval($hook)
: false;
$templater = vB_Template::create('blog_show_entry');
$templater->register('pageinfo_ip', array('do' => 'viewip'));
$templater->register('pageinfo_sf', array('do' => 'sendtofriend'
));
$templater->register('blogheader', $blogheader);
$templater->register('ad_location', $ad_location);
$templater->register('allow_ajax_qc', $allow_ajax_qc);
$templater->register('blog', $blog);
$templater->register('bloginfo', $bloginfo);
$templater->register('memberaction_dropdown', $memberaction_drop
down);
$templater->register('blogtextinfo', $blogtextinfo);
$templater->register('bookmarksites', $bookmarksites);

$templater->register('editorid', $editorid);
$templater->register('effective_lastcomment', $effective_lastcom
ment);
$templater->register('gobutton', $gobutton);
$templater->register('messagearea', $messagearea);
$templater->register('next', $next);
$templater->register('pagenav', $pagenav);
$templater->register('prev', $prev);
$templater->register('responsebits', $responsebits);
$templater->register('status', $status);
$templater->register('trackbackbits', $trackbackbits);
$templater->register('url', $url);
$templater->register('vbulletin', $vbulletin);
$templater->register('votechecked', $votechecked);
$templater->register('voteselected', $voteselected);
$templater->register('fbpublishcheckbox', $fbpublishcheckbox);
$templater->register('fblikebutton', $fblikebutton);
$templater->register('trackbackurl', fetch_seo_url('blogcallback
|nosession|bburl', array(), array('b' => $bloginfo['blogid'])));
if ($show['quickedit'] AND !$show['quickcomment'])
{
$templater->register('editor_clientscript', vB_Template:
:create('editor_clientscript')->render());
$templater->register('editor_js', vB_Ckeditor::getJsIncl
udes());
}
//See if we want to display the authorization to escalate a blog
post to
// an article
if (count(vB::$vbulletin->userinfo['permissions']['cms']['cancre
ate']))
{
$templater->register('promote_sectionid', vB::$vbulletin
->userinfo['permissions']['cms']['canpublish'][0]);
$templater->register('articletypeid', vB_Types::instance
()->getContentTypeID('vBCms_Article'));
$query = 'contenttypeid='. vB_Types::instance()->getCont
entTypeID('vBCms_Article') .
'&amp;blogid=' . $blog['blogid'] . '&amp;parenti
d=1';
$promote_url = vB_Route::create('vBCms_Route_Content', '
1/addcontent/')->getCurrentURL(null, null, $query);
$templater->register('promote_url', $promote_url);
}
$templater->register('vbulletin', $vbulletin);
$content = $templater->render();
}
// #######################################################################
if ($_REQUEST['do'] == 'list')
{
$vbulletin->input->clean_array_gpc('r', array(
'pagenumber'
=> TYPE_UINT,
'perpage'
=> TYPE_UINT,
'month'
=> TYPE_UINT,
'year'
=> TYPE_UINT,
'day'
=> TYPE_UINT,
'blogtype'
=> TYPE_NOHTML,

'commenttype'
'type'
'blogcategoryid'
'userid'
'username'
'tag'
'span'
'featured'

=>
=>
=>
=>
=>
=>
=>
=>

TYPE_NOHTML,
TYPE_STR,
TYPE_INT,
TYPE_UINT,
TYPE_NOHTML,
TYPE_NOHTML,
TYPE_UINT,
TYPE_STR,

));
require_once(DIR . '/includes/class_bbcode_blog.php');
if ($vbulletin->GPC['username'])
{
$user = $db->query_first_slave("SELECT userid FROM " . TABLE_PRE
FIX . "user WHERE username = '" . $db->escape_string($vbulletin->GPC['username']
) . "'");
$vbulletin->GPC['userid'] = $user['userid'];
}
if ($vbulletin->GPC['userid'])
{
$userinfo = verify_id('user', $vbulletin->GPC['userid'], 1, 1, 1
0);
$show['entry_userinfo'] = false;
verify_seo_url('blog', $userinfo, array('pagenumber' => $_REQUES
T['pagenumber']), 'userid', 'username');
if ($vbulletin->userinfo['userid'] != $userinfo['userid'] AND em
pty($userinfo['bloguserid']))
{
standard_error(fetch_error('blog_noblog', $userinfo['use
rname']));
}
if (!$userinfo['canviewmyblog'])
{
print_no_permission();
}
if (in_coventry($userinfo['userid']) AND !can_moderate_blog())
{
standard_error(fetch_error('invalidid', $vbphrase['blog'
], $vbulletin->options['contactuslink']));
}
if ($vbulletin->userinfo['userid'] == $userinfo['userid'] AND !(
$vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->
bf_ugp_vbblog_general_permissions['blog_canviewown']))
{
print_no_permission();
}
if ($vbulletin->userinfo['userid'] != $userinfo['userid'] AND !(
$vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->
bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
// Can't view other's entries so off you go to your own
blog.

$bloginfo = array(
'userid' => $vbulletin->userinfo['userid'],
'title' => $vbulletin->userinfo['blog_title'] ?
$vbulletin->userinfo['blog_title'] : $vbulletin->userinfo['username'],
);
exec_header_redirect(fetch_seo_url('blog|js', $bloginfo)
);
}
track_blog_visit($userinfo['userid']);
$show['registeruserid'] = true;
$bloguserid = $userinfo['userid'];
}
else
{
$userinfo = array();
$show['entry_userinfo'] = true;
$show['hidesidebar'] = true;
}
// Begin blog home page
if (!$userinfo AND !$vbulletin->GPC['pagenumber'] AND (!$vbulletin->GPC[
'blogtype'] OR $vbulletin->GPC['blogtype'] == 'recent'))
{
$show['bloghome'] = true;
if (!($vbulletin->userinfo['permissions']['vbblog_general_permis
sions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
// Can't view other's entries so off you go to your own
blog.
exec_header_redirect(fetch_seo_url('blog|js', $vbulletin
->userinfo));
}
$month = vbdate('n', TIMENOW, false, false);
$year = vbdate('Y', TIMENOW, false, false);
($hook = vBulletinHook::fetch_hook('blog_intro_start')) ? eval($
hook) : false;
if (!empty($vbulletin->blogfeatured_settings))
{
$build_datastore = false;
$featuredblogs = array();
$blogs = array();
$fetch_attach = false;
foreach($vbulletin->blogfeatured_settings AS $featureid
=> $entry)
{
if ($entry['type'] != 'specific')
{
if (!$vbulletin->blogfeatured_entries["$
featureid"] OR $vbulletin->blogfeatured_entries["$featureid"]['dateline'] < (TIM
ENOW - $entry['refresh']))
{
$blogid = fetch_featured_entry($
entry, $blogs);
$build_datastore = true;

}
else
{
$blogid = $vbulletin->blogfeatur
ed_entries["$featureid"]['blogid'];
}
}
else
{
$blogid = $entry['blogid'];
}
if ($blogid)
{
$blogs["$blogid"] = $entry;
}
if ($entry['bbcode'])
{
$fetch_attach = true;
}
$featuredblogs["$featureid"] = array(
'blogid' => $blogid,
'dateline' => TIMENOW,
);
}
if ($build_datastore OR $vbulletin->blogfeatured_entries
=== NULL OR empty($vbulletin->blogfeatured_entries))
{
build_datastore('blogfeatured_entries', serializ
e($featuredblogs), 1);
}
if (!empty($blogs))
{
$wheresql = array(
"blog.dateline <= " . TIMENOW,
"blog.pending = 0",
"blog.state = 'visible'",
"bu.options_buddy & " . $vbulletin->bf_m
isc_vbblogsocnetoptions['canviewmyblog'],
"bu.options_member & " . $vbulletin->bf_
misc_vbblogsocnetoptions['canviewmyblog'],
"~blog.options & " . $vbulletin->bf_misc
_vbblogoptions['private'],
);
// Include check for guest viewing permission on
ly if guests can actually view the blog
if ($vbulletin->usergroupcache[1]['vbblog_genera
l_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewoth
ers'])
{
$wheresql[] = "bu.options_guest & " . $v
bulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'];
}
$joinsql = array();

if (!empty($vbulletin->userinfo['blogcategoryper
missions']['cantview']))
{
$joinsql[] = "LEFT JOIN " . TABLE_PREFIX
. "blog_categoryuser AS cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN
(" . implode(", ", $vbulletin->userinfo['blogcategorypermissions']['cantview'])
. "))";
if ($vbulletin->userinfo['userid'])
{
$wheresql[] = "(cu.blogcategoryi
d IS NULL OR blog.userid = " . $vbulletin->userinfo['userid'] . ")";
}
else
{
$wheresql[] = "cu.blogcategoryid
IS NULL";
}
}
// Can't use fetch_coventry as if the current us
er is in coventry and triggers the cache their blog could be picked
if (trim($vbulletin->options['globalignore']) !=
'')
{
if ($coventry = preg_split('#\s+#s', $vb
ulletin->options['globalignore'], -1, PREG_SPLIT_NO_EMPTY))
{
$wheresql[] = "blog.userid NOT I
N (" . implode(',', $coventry) . ")";
}
}
if ($vbulletin->userinfo['userid'])
{
$wheresql[] = "(bu.options_ignore & " .
$vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR ignored.relation
id IS NULL)";
$joinsql[] = "LEFT JOIN " . TABLE_PREFIX
. "userlist AS ignored ON ignored.userid = blog.userid AND ignored.relationid =
" . $vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore'";
$joinsql[] = "LEFT JOIN " . TABLE_PREFIX
. "userlist AS buddy ON (buddy.userid = bu.bloguserid AND buddy.relationid = "
. $vbulletin->userinfo['userid'] . " AND buddy.type = 'buddy')";
}
$attachcount = true;
$postattach = array();
$categories = array();
$bloglist =& fetch_blog_list(array_keys($blogs),
$fetch_attach, $postattach, $categories, $joinsql, $wheresql);
// get ignored users
$ignore = array();
if (trim($vbulletin->userinfo['ignorelist']))
{
$ignorelist = preg_split('/( )+/', trim(
$vbulletin->userinfo['ignorelist']), -1, PREG_SPLIT_NO_EMPTY);
foreach ($ignorelist AS $ignoreuserid)
{
$ignore["$ignoreuserid"] = 1;

}
}
DEVDEBUG('ignored users: ' . implode(', ', array
_keys($ignore)));
require_once(DIR . '/includes/class_bbcode_blog.
php');
require_once(DIR . '/includes/class_blog_entry.p
hp');
$featured_blogbits = '';
while ($blog = $db->fetch_array($bloglist))
{
if ($blogs["$blog[blogid]"]['bbcode'])
{
$bbcode = new vB_BbCodeParser_Bl
og_Snippet($vbulletin, fetch_tag_list());
}
else
{
$bbcode = new vB_BbCodeParser_Bl
og_Snippet_Featured($vbulletin, fetch_tag_list());
}
$factory = new vB_Blog_EntryFactory($vbu
lletin, $bbcode, $categories);
$blog['blogtitle'] = $blog['blogtitle']
? $blog['blogtitle'] : $blog['username'];
$entry_handler =& $factory->create($blog
, '_Featured', $ignore);
$entry_handler->cachable = false;
if ($blogs["$blog[blogid]"]['bbcode'])
{
$entry_handler->attachments = $p
ostattach["$blog[blogid]"];
}
$blogs["$blog[blogid]"]['entry'] = $entr
y_handler->construct();
$show['featured'] = true;
unset($bbcode);
unset($factory);
}
// this obtuse loop puts the featured entries in
the proper display order since $blogs is already sorted properly
$featuredblogids = array();
foreach($blogs AS $blogid => $entry)
{
$featured_blogbits .= $entry['entry'];
$featuredblogids[] = $blogid;
}
}
}
}
// End blog home page
if (!$userinfo)
{

$blogtype = 'latest';
if ($blogtype == 'latest')
{
$display = array(
'latest'
'latest_link'
'rating'
'rating_link'
'blograting'
'blograting_link'
);
}
else if ($blogtype == 'rating')
{
$display = array(
'latest'
'latest_link'
'rating'
'rating_link'
'blograting'
'blograting_link'
);
}
else
{
$display = array(
'latest'
'latest_link'
'rating'
'rating_link'
'blograting'
'blograting_link'
);
}

=>
=>
=>
=>
=>
=>

'',
'none',
'none',
'',
'none',
'',

=>
=>
=>
=>
=>
=>

'none',
'',
'',
'none',
'none',
'',

=>
=>
=>
=>
=>
=>

'none',
'',
'none',
'',
'',
'none',

$recentblogbits =& fetch_latest_blogs($blogtype);

$recentcommentbits =& fetch_latest_comments('latest');
if (!VB_API)
{
$show['entryfindmore'] = ($recentblogbits);
$show['commentfindmore'] = ($recentcommentbits);
}
if (!$recentblogbits)
{
$recentblogbits = fetch_error('blog_no_entries');
}
if (!$recentcommentbits)
{
$recentcommentbits = fetch_error('blog_no_comments');
}
($hook = vBulletinHook::fetch_hook('blog_intro_complete')) ? eva
l($hook) : false;
}
$blogtype = $type = '';
$month = $year = $day = 0;

$sql1 = array();
$sql2 = array();
$sql1join = $sql2join = array();
($hook = vBulletinHook::fetch_hook('blog_list_entries_start')) ? eval($h
ook) : false;
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions']
& $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
$sql1[] = "blog.userid = " . $vbulletin->userinfo['userid'];
}
if ($vbulletin->userinfo['userid'] AND !($vbulletin->userinfo['permissio
ns']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissio
ns['blog_canviewown']))
{
$sql1[] = "blog.userid <> " . $vbulletin->userinfo['userid'];
}
$state = array('visible');
if (can_moderate_blog('canmoderateentries') OR ($userinfo['userid'] AND
$vbulletin->userinfo['userid'] == $userinfo['userid']))
{
$state[] = 'moderation';
}
$deljoinsql = '';
if (can_moderate_blog() OR $vbulletin->userinfo['userid'])
{
if (can_moderate_blog() OR $vbulletin->userinfo['userid'] == $us
erinfo['userid'])
{
$state[] = 'deleted';
$deljoinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_deleti
onlog AS blog_deletionlog ON (blog.blogid = blog_deletionlog.primaryid AND blog_
deletionlog.type = 'blogid')";
}
else if ($vbulletin->userinfo['userid'] AND $vbulletin->userinfo
['blog_deleted'])
{
$deljoinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_deleti
onlog AS blog_deletionlog ON (blog.blogid = blog_deletionlog.primaryid AND blog_
deletionlog.type = 'blogid')";
}
}
if ($vbulletin->GPC['month'] AND $vbulletin->GPC['year'])
{
$month = ($vbulletin->GPC['month'] < 1 OR $vbulletin->GPC['month
'] > 12) ? vbdate('n', TIMENOW, false, false) : $vbulletin->GPC['month'];
$year = ($vbulletin->GPC['year'] > 2037 OR $vbulletin->GPC['year
'] < 1970) ? vbdate('Y', TIMENOW, false, false) : $vbulletin->GPC['year'];
if ($day = $vbulletin->GPC['day'])
{
if ($day > gmdate('t', gmmktime(12, 0, 0, $month, $day,
$year)))
{
// Invalid day, toss it out
$day = 0;
}

}
$today = getdate(TIMENOW - $vbulletin->options['hourdiff']);
if (
(
$year > $today['year']
OR
($month > $today['mon'] AND $year == $today['yea
r'])
)
AND
(
($userinfo AND !is_member_of_blog($vbulletin->us
erinfo, $userinfo))
OR
(!$userinfo AND !$vbulletin->userinfo['userid'])
)
)
{
print_no_permission();
}
require_once(DIR .
if ($day)
{
$starttime
$endtime =
}
else
{
$starttime
$endtime =
}

'/includes/functions_misc.php');
= vbmktime(0, 0, 0, $month, $day, $year);
vbmktime(0, 0, 0, $month, $day + 1, $year);

= vbmktime(0, 0, 0, $month, 1, $year);

vbmktime(0, 0, 0, $month + 1, 1, $year);

$sql1[] = "blog.dateline >= $starttime";

$sql1[] = "blog.dateline < $endtime";
$orderby = "blog.dateline DESC";
$orderby_union = "dateline_order DESC";
}
else
{
switch($vbulletin->GPC['blogtype'])
{
case 'best':
$blogtype = 'best';
$sql1[] = "blog.ratingnum >= " . intval($vbullet
in->options['vbblog_ratingpost']);
if (!$userinfo)
{
$sql2[] = "blog.ratingnum >= " . intval(
$vbulletin->options['vbblog_ratingpost']);
}
$orderby = "blog.rating DESC, blog.blogid";
$orderby_union = "rating_order DESC, blogid_orde
r";
break;
default:
$blogtype = 'recent';

$orderby = "blog.dateline DESC";

$orderby_union = "dateline_order DESC";
}
if ($vbulletin->GPC['span'])
{
$lasttime = TIMENOW - 86400;
$sql1[] = "blog.dateline >= $lasttime";
if (!$userinfo)
{
$sql2[] = "blog.dateline >= $lasttime";
}
}
}
if ($vbulletin->GPC['type'])
{
$type = $vbulletin->GPC['type'];
switch ($vbulletin->GPC['type'])
{
case 'draft':
if ($userinfo AND is_member_of_blog($vbulletin->
userinfo, $userinfo))
{
$sql1[] = 'blog.state = "draft"';
}
break;
case 'pending':
if ($userinfo AND is_member_of_blog($vbulletin->
userinfo, $userinfo))
{
$sql1[] = "(blog.dateline > " . TIMENOW
. " OR blog.pending = 1)";
}
break;
case 'moderated':
if (($userinfo AND is_member_of_blog($vbulletin>userinfo, $userinfo)) OR can_moderate_blog('canmoderateentries'))
{
$sql1[] = "blog.state = 'moderation'";
if (!$userinfo)
{
$sql2[] = "blog.state = 'moderat
ion'";
}
}
break;
case 'deleted':
if (($userinfo AND is_member_of_blog($vbulletin>userinfo, $userinfo)) OR can_moderate_blog())
{
$sql1[] = "blog.state = 'deleted'";
if (!$userinfo)
{
$sql2[] = "blog.state = 'deleted
'";
}
}
break;

case 'visible':
if (($userinfo AND is_member_of_blog($vbulletin>userinfo, $userinfo)) OR can_moderate_blog())
{
$sql1[] = "blog.state = 'visible'";
$sql1[] = "blog.pending = 0";
$sql1[] = "blog.dateline <= " . TIMENOW;
if (!$userinfo)
{
$sql2[] = "blog.state = 'visible
'";
$sql2[] = "blog.pending = 0";
$sql2[] = "blog.dateline <= " .
TIMENOW;
}
}
break;
default:
$type = '';
}
}
$categoryinfo = array();
if ($userinfo)
{
if ($vbulletin->GPC['blogcategoryid'])
{
if ($vbulletin->GPC['blogcategoryid'] > 0)
{
if (
(
(
$userinfo['userid'] != $
vbulletin->userinfo['userid']
OR
!$vbulletin->userinfo['c
ategorycache']["{$vbulletin->GPC['blogcategoryid']}"]['entrycount']
)
AND
isset($vbulletin->userinfo['blog
categorypermissions']["{$vbulletin->GPC['blogcategoryid']}"])
AND
!($vbulletin->userinfo['blogcate
gorypermissions']["{$vbulletin->GPC['blogcategoryid']}"] & $vbulletin->bf_ugp_vb
blog_general_permissions['blog_canviewcategory'])
)
)
{
standard_error(fetch_error('invalidid',
$vbphrase['category'], $vbulletin->options['contactuslink']));
}
$userids = array(0);
if ($userinfo['permissions']['vbblog_general_per
missions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_cancreatecatego
ry'])
{
$userids[] = $userinfo['userid'];
}
// categories are cached with the user record bu
t the description isn't

if ($categoryinfo = $db->query_first_slave("
SELECT title, description, blogcategoryi
d, userid
FROM " . TABLE_PREFIX . "blog_category
WHERE blogcategoryid = " . $vbulletin->G
PC['blogcategoryid'] . "
AND userid IN(" . implode(", ",
$userids) . ")
"))
{
$sql1join[] = "INNER JOIN " . TABLE_PREF
IX . "blog_categoryuser AS blog_categoryuser ON (blog_categoryuser.blogid = blog
.blogid AND blog_categoryuser.userid = $userinfo[userid] AND blog_categoryuser.b
logcategoryid = $categoryinfo[blogcategoryid])";
if ($categoryinfo['userid'] == 0)
{
$categoryinfo['title'] = $vbphra
se['category' . $categoryinfo['blogcategoryid'] . '_title'];
$categoryinfo['description'] = $
vbphrase['category' . $categoryinfo['blogcategoryid'] . '_desc'];
}
}
}
else
{
$sql1join[] = "LEFT JOIN " . TABLE_PREFIX . "blo
g_categoryuser AS blog_categoryuser ON (blog_categoryuser.blogid = blog.blogid)"
;
$sql1[] = "blog_categoryuser.userid IS NULL";
$categoryinfo = array(
'title'
=> $vbphrase['uncategor
ized'],
'blogcategoryid' => -1,
'description'
=> $vbphrase['uncategor
ized_description'],
);
}
}
$sql1[] = "blog.userid = $userinfo[userid]";
if (!can_moderate_blog() AND $userinfo['userid'] != $vbulletin->
userinfo['userid'])
{
if (!$vbulletin->userinfo['userid'] OR !$userinfo['buddy
id'] OR !$userinfo['buddy_canviewmyblog'])
{
$sql1[] = "~blog.options & " . $vbulletin->bf_mi
sc_vbblogoptions['private'];
}
}
$blogheader = parse_blog_description($userinfo);
$sidebar =& build_user_sidebar($userinfo, $month, $year);
$navbits[fetch_seo_url('blog', array('userid' => $userinfo['user
id'], 'title' => $blogheader['title']))] = $blogheader['title'];
}
else
{
if (!can_moderate_blog())
{

if ($coventry = fetch_coventry('string'))
{
$sql1[] = "blog.userid NOT IN ($coventry)";
}
if ($vbulletin->userinfo['userid'])
{
$userlist_sql = array();
$userlist_sql[] = "(options_ignore & " . $vbulle
tin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS
NOT NULL)";
$userlist_sql[] = "(options_buddy & " . $vbullet
in->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT
NULL)";
$userlist_sql[] = "(options_member & " . $vbulle
tin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " . $
vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid
IS NULL) AND (options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canv
iewmyblog'] . " OR ignored.relationid IS NULL))";
$sql1[] = "(" . implode(" OR ", $userlist_sql) .
")";
$sql1join[] = "LEFT JOIN " . TABLE_PREFIX . "use
rlist AS buddy ON (buddy.userid = blog.userid AND buddy.relationid = " . $vbulle
tin->userinfo['userid'] . " AND buddy.type = 'buddy')";
$sql1join[] = "LEFT JOIN " . TABLE_PREFIX . "use
rlist AS ignored ON (ignored.userid = blog.userid AND ignored.relationid = " . $
vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore')";
$sql1[] = "(~blog.options & " . $vbulletin->bf_m
isc_vbblogoptions['private'] . "
OR
(options_buddy & " . $vbulletin->bf_misc
_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL))
";
}
else
{
$sql1[] = "options_guest & " . $vbulletin->bf_mi
sc_vbblogsocnetoptions['canviewmyblog'];
$sql1[] = "~blog.options & " . $vbulletin->bf_mi
sc_vbblogoptions['private'];
}
}
$sql2[] = "blog.userid IN (" . $vbulletin->userinfo['memberblogi
ds'] . ")";
if ($vbulletin->GPC['month'] AND $vbulletin->GPC['year'])
{
$sql2[] = "blog.dateline >= $starttime";
$sql2[] = "blog.dateline < $endtime";
}
// Limit results when we are viewing "All Entries"
if ((!$vbulletin->GPC['month'] OR !$vbulletin->GPC['year']) AND
!$type AND !$blogtype AND $vbulletin->options['vbblog_recententrycutoff'])
{
switch($vbulletin->options['vbblog_recententrycutoff'])
{
case '1d':

case
case
case
case

$option
break;
'1w':
$option
break;
'1m':
$option
break;
'3m':
$option
break;
'6m':
$option
break;

= '1w';
= '1m';
= '3m';
= '6m';
= '1y';

ate('s'),

ate('s'),
ate('d'),

ate('s'),

switch($option)
{
case '1d':
$cutoff = mktime(date('H'), date('i'),
date('m'), date('d') - 1, date('y'));
break;
case '1m':
case '3m':
case '6m':
$cutoff = mktime(date('H'), date('i'),
date('m') - intval($vbulletin->options['vbblog_recententrycutoff']),
date('y'));
break;
case '1y':
$cutoff = mktime(date('H'), date('i'),
date('m'), date('d'), date('y') - 1);
break;
case '1w':
default:
$cutoff = TIMENOW - 604800;
}
if ($cutoff)
{
$sql1[] = "blog.dateline >= $cutoff";
$sql2[] = "blog.dateline >= $cutoff";
}
}

d
d

if ($vbulletin->GPC['blogcategoryid'])
{
if (
!isset($vbulletin->userinfo['blogcategorypermiss
ions']["{$vbulletin->GPC['blogcategoryid']}"])
OR
!($vbulletin->userinfo['blogcategorypermissions'
]["{$vbulletin->GPC['blogcategoryid']}"] & $vbulletin->bf_ugp_vbblog_general_per
missions['blog_canviewcategory'])
)
{
standard_error(fetch_error('invalidid',
$vbphrase['category'], $vbulletin->options['contactuslink']));
}
$sql1join[] = "INNER JOIN " . TABLE_PREFIX . "bl
og_categoryuser AS blog_categoryuser ON (blog_categoryuser.blogid = blog.blogid

AND blog_categoryuser.blogcategoryid = {$vbulletin->GPC['blogcategoryid']})";

$sql2join[] = "INNER JOIN " . TABLE_PREFIX . "bl
og_categoryuser AS blog_categoryuser ON (blog_categoryuser.blogid = blog.blogid
AND blog_categoryuser.blogcategoryid = {$vbulletin->GPC['blogcategoryid']})";
$categoryinfo['title'] = $vbphrase['category' .
$vbulletin->GPC['blogcategoryid'] . '_title'];
$categoryinfo['description'] = $vbphrase['catego
ry' . $vbulletin->GPC['blogcategoryid'] . '_desc'];
}
$sidebar =& build_overview_sidebar($month, $year);
}
if (!$userinfo OR
{
$sql1[] =
$sql1[] =
$sql1[] =
}

!is_member_of_blog($vbulletin->userinfo, $userinfo))
"state IN('" . implode("', '", $state) . "')";
"blog.pending = 0";
"blog.dateline <= " . TIMENOW;

if (!empty($vbulletin->userinfo['blogcategorypermissions']['cantview']))
{
$sql1join[] = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser A
S cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $vb
ulletin->userinfo['blogcategorypermissions']['cantview']) . "))";
if ($vbulletin->userinfo['userid'])
{
$sql1[]= "(cu.blogcategoryid IS NULL OR blog.userid = "
. $vbulletin->userinfo['userid'] . ")";
}
else
{
$sql1[] = "cu.blogcategoryid IS NULL";
}
}
if ($vbulletin->GPC['tag'])
{
$tag = $db->query_first("
SELECT tagid
FROM " . TABLE_PREFIX . "tag
WHERE tagtext = '" . $db->escape_string($vbulletin->GPC[
'tag']) . "'
");
if (!$tag)
{
standard_error(fetch_error('invalidid', $vbphrase['tag']
, $vbulletin->options['contactuslink']));
}
$contenttypeid = vB_Types::instance()->getContentTypeID('vBBlog_
BlogEntry');
$tagcontent_join = "INNER JOIN " . TABLE_PREFIX . "tagcontent AS
tagcontent ON
(blog.blogid = tagcontent.contentid AND tagcontent.tagid
= $tag[tagid] AND contenttypeid = $contenttypeid)";
$sql1join[] = $tagcontent_join;
$sql2join[] = $tagcontent_join;
}

// Clear SQL2 since we can't use it.

if (!$vbulletin->userinfo['userid'] OR !($vbulletin->userinfo['permissio
ns']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permissio
ns['blog_canviewown']))
{
$sql2 = array();
}
$selectedfilter = array(
$type => 'selected="selected"'
);
if ($vbulletin->options['vbblog_perpage'] > $vbulletin->options['vbblog_
maxperpage'])
{
$vbulletin->options['vbblog_perpage'] = $vbulletin->options['vbb
log_maxperpage'];
}
// Set Perpage .. this limits it to 10. Any reason for more?
if ($vbulletin->GPC['perpage'] == 0)
{
$perpage = $vbulletin->options['vbblog_perpage'];
}
else if ($vbulletin->GPC['perpage'] > $vbulletin->options['vbblog_maxper
page'])
{
$perpage = $vbulletin->options['vbblog_maxperpage'];
}
else
{
$perpage = $vbulletin->GPC['perpage'];
}
$pagenavurl = array();
// Remove featured blog items at blog home
if ($featuredblogids OR $vbulletin->GPC['featured'])
{
if (!$featuredblogids)
{
$temparray = explode(",", $vbulletin->GPC['featured']);
foreach ($temparray as $v)
{
$featuredblogids[] = intval($v);
}
}
$sql1[] = "blog.blogid NOT IN (" . implode(", ", $featuredblogid
s) . ")";
if (!empty($sql2))
{
$sql2[] = "blog.blogid NOT IN (" . implode(", ", $featur
edblogids) . ")";
}
$pagenavurl['featured'] = implode(",", $featuredblogids);
}
$hook_query_joins1 = $hook_query_where1 = $hook_query_fields1 = '';
$hook_query_joins2 = $hook_query_where2 = $hook_query_fields2 = '';
($hook = vBulletinHook::fetch_hook('blog_list_entries_blog_query')) ? ev
al($hook) : false;

$totalposts = 0;
do
{
if (!$vbulletin->GPC['pagenumber'])
{
$vbulletin->GPC['pagenumber'] = 1;
}
$start = ($vbulletin->GPC['pagenumber'] - 1) * $perpage;
$blogs = $db->query_read_slave("
" . (!empty($sql2) ? "(" : "") . "
SELECT SQL_CALC_FOUND_ROWS attach, blog.blogid,
blog.dateline, blog.rating
" . (!empty($sql2) ? ",blog.blogid AS blogid_ord
er, blog.dateline AS dateline_order, blog.rating AS rating_order" : "") . "
$hook_query_fields1
FROM " . TABLE_PREFIX . "blog AS blog
" . (!empty($sql1join) ? implode("\r\n", $sql1jo
in) : "") . "
LEFT JOIN " . TABLE_PREFIX . "blog_user AS blog_
user ON (blog_user.bloguserid = blog.userid)
$hook_query_joins1
WHERE " . implode(" AND ", $sql1) . "
$hook_query_where1
" . (!empty($sql2) ? ") UNION (
SELECT attach, blog.blogid, blog.dateline, ratin
g,
blog.blogid AS blogid_order, blog.dateli
ne AS dateline_order, blog.rating AS rating_order
$hook_query_fields2
FROM " . TABLE_PREFIX . "blog AS blog
" . (!empty($sql2join) ? implode("\r\n", $sql2jo
in) : "") . "
$hook_query_joins2
WHERE " . implode(" AND ", $sql2) . "
$hook_query_where2
)" : "") . "
ORDER BY " . (!empty($sql2) ? $orderby_union : $orderby)
. "
LIMIT $start, $perpage
");
list($totalposts) = $db->query_first_slave("SELECT FOUND_ROWS()"
, DBARRAY_NUM);
if ($start >= $totalposts)
{
$vbulletin->GPC['pagenumber'] = ceil($totalposts / $perp
age);
}
}
while ($start >= $totalposts AND $totalposts);
if (!$userinfo)
{
$pagenavurl['do'] = 'list';
}
if ($blogcategoryid = $vbulletin->GPC['blogcategoryid'])
{

$pagenavurl['blogcategoryid'] = $blogcategoryid;
}
if ($vbulletin->GPC['month'] AND $vbulletin->GPC['year'])
{
$pagenavurl['m'] = $month;
$pagenavurl['y'] = $year;
if ($day)
{
$pagenavurl['d'] = $day;
}
}
if ($vbulletin->GPC['blogtype'])
{
$pagenavurl['blogtype'] = $blogtype;
}
if ($type)
{
$pagenavurl['type'] = $type;
}
if ($perpage != $vbulletin->options['vbblog_perpage'])
{
$pagenavurl['pp'] = $perpage;
}
if ($vbulletin->GPC['tag'])
{
$pagenavurl['tag'] = urlencode(unhtmlspecialchars($vbulletin->GP
C['tag']));
}
$pagenav = construct_page_nav(
$vbulletin->GPC['pagenumber'],
$perpage,
$totalposts,
'',
'',
'',
($userinfo ? 'blog' : 'bloghome'),
($userinfo ? $userinfo : array()),
$pagenavurl
);
$postattach = array();
$blogids = array();
$attachcount = 0;
while ($blog = $db->fetch_array($blogs))
{
$blogids[] = $blog['blogid'];
$attachcount += $blog['attach'];
}
$categorytitle = '';
$categories = array();
$postattach = array();
if (!empty($blogids))

{
$blogs =& fetch_blog_list($blogids, $attachcount, $postattach, $
categories, null, null, $deljoinsql, $orderby);
// get ignored users
$ignore = array();
if (trim($vbulletin->userinfo['ignorelist']))
{
$ignorelist = preg_split('/( )+/', trim($vbulletin->user
info['ignorelist']), -1, PREG_SPLIT_NO_EMPTY);
foreach ($ignorelist AS $ignoreuserid)
{
$ignore["$ignoreuserid"] = 1;
}
}
DEVDEBUG('ignored users: ' . implode(', ', array_keys($ignore)))
;
require_once(DIR . '/includes/class_blog_entry.php');
$bbcode = new vB_BbCodeParser_Blog_Snippet($vbulletin, fetch_tag
_list());
$factory = new vB_Blog_EntryFactory($vbulletin, $bbcode, $catego
ries);
$blogbits = '';
$counter = 0;
while ($blog = $db->fetch_array($blogs))
{
if ($blog['state'] == 'visible')
{
$counter++;
}
$entry_handler =& $factory->create($blog, $userinfo ? '_
User' : '', $ignore);
$entry_handler->is_first = false;
$entry_handler->userinfo = $userinfo;
$entry_handler->attachments = $postattach["$blog[blogid]
"];
if ($counter == 1 AND $blog['state'] == 'visible')
{
if ($ad_location['bloglist_first_entry'] = trim(
vB_Template::create('ad_bloglist_first_entry')->render(true)))
{
$entry_handler->is_first = true;
}
}
$blogbits .= $entry_handler->construct();
if ($show['tags'])
{
$show['tageditor'] = true;
}
if ($blog['state'] == 'deleted' OR $ignore["$blog[userid
]"])
{
$show['quickload'] = true;
}

}
$show['delete'] = (
(
// # owner can always delete drafts so this need
s to be on
!empty($userinfo) AND is_member_of_blog($vbullet
in->userinfo, $userinfo)
)
OR
can_moderate_blog('candeleteentries')
OR
can_moderate_blog('canremoveentries')
);
$show['undelete'] = (
(
can_moderate_blog('candeleteentries')
OR
(
!empty($userinfo)
AND
(
(
$vbulletin->user
info['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entr
y_permissions['blog_candeleteentry']
AND
$userinfo['useri
d'] == $vbulletin->userinfo['userid']
)
OR
(
is_member_of_blo
g($vbulletin->userinfo, $userinfo)
AND
$userinf
o['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbblog_entry_p
ermissions['blog_candeleteentry']
AND
$vbullet
in->userinfo['permissions']['vbblog_entry_permissions'] & $vbulletin->bf_ugp_vbb
log_entry_permissions['blog_candeleteentry']
AND
(
$userinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['canm
anageotherentry']
OR
$userinfo['grouppermissions'] & $vbulletin->bf_misc_vbbloggrouppermissions['cand
eleteentry']
)
)
)
)
)

);
$show['approve'] = (can_moderate_blog('canmoderateentries') OR (
$vbulletin->userinfo['userid'] AND $userinfo['userid'] == $vbulletin->userinfo['
userid']));
$show['inlinemod'] = ($show['undelete'] OR $show['delete'] OR $s
how['unapprove']);
}
if ($vbulletin->GPC['month'] AND $vbulletin->GPC['year'])
{
if (!empty($categoryinfo))
{
$pageinfo = array(
'blogcategoryid' => $categoryinfo['blogcategoryi
d'],
);
$navbits[fetch_seo_url('blog', $userinfo, $pageinfo, 'us
erid', 'blog_title')] = $categoryinfo['title'];
}
$monthname = $vbphrase[strtolower(gmdate('F', gmmktime(12, 0, 0,
$month, 1, $year)))];
if ($type)
{
$navbits[] = $day ? construct_phrase($vbphrase[$type . '
_entries_for_x_y_z'], $monthname, $day, $year) : construct_phrase($vbphrase[$typ
e . '_entries_for_x_y'], $monthname, $year);
}
else
{
$navbits[] = $day ? construct_phrase($vbphrase['entries_
for_x_y_z'], $monthname, $day, $year) : construct_phrase($vbphrase['entries_for_
x_y'], $monthname, $year);
}
}
else if ($show['bloghome'])
{
$navbits[fetch_seo_url('bloghome', array())] = $vbphrase['blogs'
];
$navbits[] = $vbphrase['recent_blogs_posts'];
}
else if ($type)
{
if (!empty($categoryinfo))
{
$navbits[] = $categoryinfo['title'];
}
elseif ($blogtype != 'recent')
{
$navbits[] = $vbphrase[$blogtype . '_' . $type . '_blog_
entries'];
}
else
{
$navbits[] = $vbphrase[$type . '_blog_entries'];
}
}
else if ($blogtype != 'recent')
{

if (!empty($categoryinfo))
{
$pageinfo = array(
'blogcategoryid' => $categoryinfo['blogcategoryi
d'],
);
$navbits[fetch_seo_url('blog', $userinfo, $pageinfo, 'us
erid', 'blog_title')] = $categoryinfo['title'];
}
$navbits[] = $vbphrase[$blogtype . '_blog_entries'];
}
else if (!empty($categoryinfo))
{
$navbits[] = $categoryinfo['title'];
}
$show['filter'] = (can_moderate_blog() OR ($vbulletin->userinfo['userid'
] AND $vbulletin->userinfo['userid'] == $userinfo['userid']));
$show['filter_moderation'] = (can_moderate_blog('canmoderateentries') OR
$vbulletin->userinfo['userid'] == $userinfo['userid']);
$show['filter_owner'] = ($vbulletin->userinfo['userid'] == $userinfo['us
erid']);
$show['category_description'] = (!empty($categoryinfo));
if ($vbulletin->options['quickedit'])
{
$show['quickedit'] = true;
}
if (empty($navbits))
{
$navbits = array('' => $vbphrase['blog_entries']);
}
($hook = vBulletinHook::fetch_hook('blog_list_entries_complete')) ? eval
($hook) : false;
$templater = vB_Template::create('blog_list_entries');
$templater->register('blogheader', $blogheader);
$templater->register('featured_blogbits', $featured_blogbits);
$templater->register('display', $display);
$templater->register('recentblogbits', $recentblogbits);
$templater->register('recentcommentbits', $recentcommentbits);
$templater->register('blogbits', $blogbits);
$templater->register('blogcategoryid', $blogcategoryid);
$templater->register('blogtype', $blogtype);
$templater->register('categoryinfo', $categoryinfo);
$templater->register('day', $day);
$templater->register('month', $month);
$templater->register('pagenav', $pagenav);
$templater->register('selectedfilter', $selectedfilter);
$templater->register('url', $url);
$templater->register('userinfo', $userinfo);
$templater->register('vBeditTemplate', $vBeditTemplate);
$templater->register('year', $year);
$templater->register('editor_js', vB_Ckeditor::getJsIncludes());
$content = $templater->render();
}

// #######################################################################
if ($_REQUEST['do'] == 'bloglist')
{
$vbulletin->input->clean_array_gpc('r', array(
'pagenumber'
=> TYPE_UINT,
'perpage'
=> TYPE_UINT,
'blogtype'
=> TYPE_NOHTML,
'sortorder'
=> TYPE_NOHTML,
'sortfield'
=> TYPE_NOHTML,
));
$type = '';
$sql = array();
$sqljoin = array();
$sqlfields = array();
($hook = vBulletinHook::fetch_hook('blog_list_start')) ? eval($hook) : f
alse;
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions']
& $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
$sql[] = "blog.userid = " . $vbulletin->userinfo['userid'];
}
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions']
& $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']))
{
$sql[] = "blog.userid <> " . $vbulletin->userinfo['userid'];
}
if ($coventry = fetch_coventry('string') AND !can_moderate_blog())
{
$sql[] = "blog.userid NOT IN ($coventry)";
}
if (!can_moderate_blog())
{
if ($vbulletin->userinfo['userid'])
{
$userlist_sql = array();
$userlist_sql[] = "blog_user.bloguserid = " . $vbulletin
->userinfo['userid'];
$userlist_sql[] = "(options_ignore & " . $vbulletin->bf_
misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL
)";
$userlist_sql[] = "(options_buddy & " . $vbulletin->bf_m
isc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)";
$userlist_sql[] = "(options_member & " . $vbulletin->bf_
misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " . $vbulleti
n->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL)
AND (options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblo
g'] . " OR ignored.relationid IS NULL))";
$sql[] = "(" . implode(" OR ", $userlist_sql) . ")";
$sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS
buddy ON (buddy.userid = blog_user.bloguserid AND buddy.relationid = " . $vbulle
tin->userinfo['userid'] . " AND buddy.type = 'buddy')";
$sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS
ignored ON (ignored.userid = blog_user.bloguserid AND ignored.relationid = " . $
vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore')";

$sqlfields[] = "ignored.relationid AS ignoreid, buddy.re

lationid AS buddyid";
}
else
{
$sql[] = "options_guest & " . $vbulletin->bf_misc_vbblog
socnetoptions['canviewmyblog'];
}
}
$sqljoin[] = $vbulletin->options['avatarenabled'] ? "LEFT JOIN " . TABLE
_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOIN " . TA
BLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user.userid)
" : "";
if ($vbulletin->userinfo['userid'] AND in_coventry($vbulletin->userinfo[
'userid'], true))
{
$sqlfields[] = "IF(blog_tachyentry.userid IS NULL, blog.lastcomm
ent, blog_tachyentry.lastcomment) AS lastcomment";
$sqlfields[] = "IF(blog_tachyentry.userid IS NULL, blog.lastcomm
enter, blog_tachyentry.lastcommenter) AS lastcommenter";
$sqlfields[] = "IF(blog_tachyentry.userid IS NULL, blog.lastblog
textid, blog_tachyentry.lastblogtextid) AS lastblogtextid";
$sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "blog_tachyentry AS b
log_tachyentry ON (blog_tachyentry.blogid = blog_user.lastblogid AND blog_tachye
ntry.userid = " . $vbulletin->userinfo['userid'] . ")";
$sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "blog_text AS blog_te
xt ON (blog_text.blogtextid = IF(blog_tachyentry.userid IS NULL, blog.lastblogte
xtid, blog_tachyentry.lastblogtextid))";
}
else
{
$sqljoin[] = "LEFT JOIN " . TABLE_PREFIX . "blog_text AS blog_te
xt ON (blog_text.blogtextid = blog_user.lastblogtextid)";
}
$sidebar =& build_overview_sidebar($month, $year);
switch($vbulletin->GPC['blogtype'])
{
case 'best':
$blogtype = 'best';
break;
default:
$blogtype = 'all';
}
$pagenavurl = array('do' => 'bloglist');
// Set Perpage .. this limits it to 10. Any reason for more?
if ($vbulletin->options['vbblog_perpage'] > $vbulletin->options['vbblog_
maxperpage'])
{
$vbulletin->options['vbblog_perpage'] = $vbulletin->options['vbb
log_maxperpage'];
}
if ($vbulletin->GPC['perpage'] == 0)
{
if ($blogtype == 'all')

{
$perpage = 15;
}
else
{
$perpage = $vbulletin->options['vbblog_perpage'];
}
}
else if ($vbulletin->GPC['perpage'] > $vbulletin->options['vbblog_maxper
page'] AND $blogtype == 'best')
{
$perpage = $vbulletin->options['vbblog_maxperpage'];
$pagenavurl['pp'] = $perpage;
}
else if ($vbulletin->GPC['perpage'] > 20 AND $blogtype == 'all')
{
$perpage = 20;
$pagenavurl['pp'] = $perpage;
}
else
{
$perpage = $vbulletin->GPC['perpage'];
$pagenavurl['pp'] = $perpage;
}
// This uses the lastblog,entries index which avoids the filesort! files
ort + limit = BAD
$sql[] = "blog_user.lastblog > 0";
$sql[] = "blog_user.entries > 0";
switch($blogtype)
{
case 'best':
$sql[] = "blog_user.ratingnum >= 0";// . intval($vbullet
in->options['vbblog_ratinguser']);
$orderby = "blog_user.rating DESC";
$pagenavurl['blogtype'] = $blogtype;
break;
case 'all':
$sortfield =& $vbulletin->GPC['sortfield'];
if ($vbulletin->GPC['sortorder'] != 'asc')
{
$vbulletin->GPC['sortorder'] = 'desc';
$sqlsortorder = 'DESC';
$order = array('desc' => 'selected="selected"');
}
else
{
$sqlsortorder = '';
$order = array('asc' => 'selected="selected"');
}
switch ($sortfield)
{
case 'username':
$sqlsortfield = 'user.' . $sortfield;
break;
case 'title':
$sqlsortfield = 'blogtitle';
break;

case 'entries':
$sqlsortfield = 'blog_user.entries';
break;
case 'comments':
case 'lastblog':
$sqlsortfield = 'blog_user.' . $sortfiel
d;
break;
case 'rating':
$sqlsortfield = 'order_rating';
break;
default:
$sqlsortfield = 'blog_user.lastblog';
$sortfield = 'lastblog';
}
if ($sortfield != 'lastblog')
{
$pagenavurl['sort'] = $sortfield;
}
if ($vbulletin->GPC['sortorder'] != 'desc')
{
$pagenavurl['order'] = 'asc';
}
$orderby = $sqlsortfield . ' ' . $sqlsortorder;
$sort = array($sortfield => 'selected="selected"');
//bloghome is a "generation only" url class, which curre
ntly means that it
//will be locked to FRIENDLY_URL_OFF anyway. However th
e current use very much depends
//on the classic format since we add params to the query
string somewhere in the templates
//(using sorturl as a base in multiple locations). No s
ense borrowing trouble now, but
//if we change the behavior of the bloghome url generati
on we'll need to fix that before
//we change so if we hard code the FRIENDLY_URL_OFF here
it won't mysteriously break
//if changes are made to the class.
require_once(DIR . '/includes/class_friendly_url.php');
$pagevars = array('do' => 'bloglist');
if ($perpage != 15)
{
$pagevars['pp'] = $perpage;
}
$sorturl = vB_Friendly_Url::fetchLibrary($vbulletin, 'bl
oghome', array(), $pagevars)->get_url(FRIENDLY_URL_OFF);
$oppositesort = ($vbulletin->GPC['sortorder'] == 'asc' ?
'desc' : 'asc');
$sortorder = array(
'title' => ($sortfield == 'title') ? $oppositeso
rt : 'asc',
'entries' => ($sortfield == 'entries') ? $opposi
tesort : 'desc',
'comments' => ($sortfield == 'comments') ? $oppo

sitesort : 'desc',
'lastblog' => ($sortfield == 'lastblog') ? $oppo
sitesort : 'desc',
);
$templater = vB_Template::create('forumdisplay_sortarrow
');
$templater->register('oppositesort', $oppositeso
rt);
$sortarrow["$sortfield"] = $templater->render();
}
// get ignored users
$ignore = array();
if (trim($vbulletin->userinfo['ignorelist']))
{
$ignorelist = preg_split('/( )+/', trim($vbulletin->userinfo['ig
norelist']), -1, PREG_SPLIT_NO_EMPTY);
foreach ($ignorelist AS $ignoreuserid)
{
$ignore["$ignoreuserid"] = 1;
}
}
DEVDEBUG('ignored users: ' . implode(', ', array_keys($ignore)));
$totalblogs = 0;
($hook = vBulletinHook::fetch_hook('blog_list_blog_query')) ? eval($hook
) : false;
do
{
if (!$vbulletin->GPC['pagenumber'])
{
$vbulletin->GPC['pagenumber'] = 1;
}
$start = ($vbulletin->GPC['pagenumber'] - 1) * $perpage;
$blogs = $db->query_read_slave("
SELECT SQL_CALC_FOUND_ROWS
user.*,
blog.firstblogtextid,
blog_text.pagetext,
IF (blog_user.title <> '', blog_user.title, user
.username) AS blogtitle,
IF (blog_user.ratingnum >= " . intval($vbulletin
->options['vbblog_ratinguser']) . ", blog_user.rating, 0) AS order_rating,
blog_user.lastblog, blog_user.lastblogid AS last
blogid, blog_user.lastblogtitle,
blog_user.lastcomment, blog_user.lastblogtextid
AS lastblogtextid, blog_user.lastcommenter,
blog_user.ratingnum, blog_user.ratingtotal, blog
_user.title, blog_user.entries, blog_user.comments, blog_user.title, blog.catego
ries,
blog2.categories AS categories_lastcomment,
IF(user.displaygroupid = 0, user.usergroupid, us
er.displaygroupid) AS displaygroupid, infractiongroupid, options_ignore, options
_buddy, options_member, options_guest
" . ($vbulletin->options['avatarenabled'] ? ",av
atar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavata
r.dateline AS avatardateline,customavatar.width AS avwidth,customavatar.height A
S avheight" : "") . "

" . ($vbulletin->userinfo['userid'] ? ", IF(blog

_subscribeuser.blogsubscribeuserid, 1, 0) AS blogsubscribed" : "") . "
" . (!empty($sqlfields) ? ", " . implode(", ", $
sqlfields) : "") . "
FROM " . TABLE_PREFIX . "blog_user AS blog_user
LEFT JOIN " . TABLE_PREFIX . "user AS user ON (blog_user
.bloguserid = user.userid)
LEFT JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blog
id = blog_user.lastblogid)
" . ($vbulletin->userinfo['userid'] ? "LEFT JOIN " . TAB
LE_PREFIX . "blog_subscribeuser AS blog_subscribeuser ON (blog.userid = blog_sub
scribeuser.bloguserid AND blog_subscribeuser.userid = " . $vbulletin->userinfo['
userid'] . ")" : "") . "
" . implode("\r\n", $sqljoin) . "
LEFT JOIN " . TABLE_PREFIX . "blog AS blog2 ON (blog2.bl
ogid = blog_text.blogid)
WHERE " . implode("\r\n\tAND ", $sql) . "
ORDER BY $orderby
LIMIT $start, $perpage
");
$totalblogs = $db->found_rows();
if ($start >= $totalblogs)
{
$vbulletin->GPC['pagenumber'] = ceil($totalblogs / $perp
age);
}
}
while ($start >= $totalblogs AND $totalblogs);
$pagenav = construct_page_nav(
$vbulletin->GPC['pagenumber'],
$perpage,
$totalblogs,
'',
'',
'',
'bloghome',
array(),
$pagenavurl
);
while ($blog = $db->fetch_array($blogs))
{
$blog = array_merge($blog, convert_bits_to_array($blog['options'
], $vbulletin->bf_misc_useroptions));
$blog = array_merge($blog, convert_bits_to_array($blog['adminopt
ions'], $vbulletin->bf_misc_adminoptions));
$show['private'] = false;
if (can_moderate() AND $blog['userid'] != $vbulletin->userinfo['
userid'])
{
$membercanview = $blog['options_member'] & $vbulletin->b
f_misc_vbblogsocnetoptions['canviewmyblog'];
$buddiescanview = $blog['options_buddy'] & $vbulletin->b
f_misc_vbblogsocnetoptions['canviewmyblog'];
if (!$membercanview AND (!$blog['buddyid'] OR !$buddiesc
anview))
{

$show['private'] = true;
}
}
if ($blog['ratingnum'] > 0 AND $blog['ratingnum'] >= $vbulletin>options['vbblog_ratinguser'])
{
$blog['ratingavg'] = vb_number_format($blog['ratingtotal
'] / $blog['ratingnum'], 2);
$blog['rating'] = intval(round($blog['ratingtotal'] / $b
log['ratingnum']));
$show['rating'] = true;
}
else
{
$blog['ratingavg'] = 0;
$blog['rating'] = 0;
$show['rating'] = false;
}
$blog['entries'] = vb_number_format($blog['entries']);
$blog['comments'] = vb_number_format($blog['comments']);
$blog['lastentrydate'] = vbdate($vbulletin->options['dateformat'
], $blog['lastblog'], true);
$blog['lastentrytime'] = vbdate($vbulletin->options['timeformat'
], $blog['lastblog']);
$lastentrycats = explode(',', $blog['categories']);
$lastcommentcats = explode(',', $blog['categories_lastcomment'])
;
$show['lastentry'] = array_intersect($vbulletin->userinfo['blogc
ategorypermissions']['cantview'], $lastentrycats) ? false : true;
$show['lastcomment'] = array_intersect($vbulletin->userinfo['blo
gcategorypermissions']['cantview'], $lastcommentcats) ? false : true;
if ($blogtype == 'all')
{
$blog['entrytitle'] = fetch_trimmed_title($blog['lastblo
gtitle'], 20);
if ($blog['title'])
{
$blog['title'] = fetch_trimmed_title($blog['titl
e'], 50);
}
$templater = vB_Template::create('blog_blog_row');
$templater->register('blog', $blog);
$templater->register('thread', $thread);
$blogbits .= $templater->render();
}
else
{
fetch_musername($blog);
fetch_avatar_html($blog);
$blog['onlinestatus'] = 0;
$blog['commentexcerpt'] = htmlspecialchars_uni(fetch_tri
mmed_title($blog['pagetext'], 50));
// now decide if we can see the user or not

if ($blog['lastactivity'] > (TIMENOW - $vbulletin->optio

ns['cookietimeout']) AND $blog['lastvisit'] != $blog['lastactivity'])
{
if ($blog['invisible'])
{
if (($vbulletin->userinfo['permissions']
['genericpermissions'] & $vbulletin->bf_ugp_genericpermissions['canseehidden'])
OR $blog['userid'] == $vbulletin->userinfo['userid'])
{
// user is online and invisible
BUT bbuser can see them
$blog['onlinestatus'] = 2;
}
}
else
{
// user is online and visible
$blog['onlinestatus'] = 1;
}
}
$blog['commentdate']
ormat'], $blog['lastcomment'], true);
$blog['commenttime']
ormat'], $blog['lastcomment']);
$show['lastcomment']
lastblogtextid'] AND $blog['lastblogtextid']

= vbdate($vbulletin->options['datef
= vbdate($vbulletin->options['timef
= ($show['lastcomment'] AND $blog['
!= $blog['firstblogtextid']);

if (!$blog['title'])
{
$blog['title'] = $blog['username'];
}
$pageinfo = array('bt' => $blog['lastblogtextid']);
if ($ignore["$blog[userid]"])
{
$templater = vB_Template::create('blog_list_blog
s_blog_ignore');
$templater->register('blog', $blog);
$templater->register('status', $status);
$templater->register('pageinfo', $pagein
fo);
$blogbits .= $templater->render();
}
else
{
$templater = vB_Template::create('blog_list_blog
s_blog');
$templater->register('blog', $blog);
$templater->register('pageinfo', $pagein
fo);
$blogbits .= $templater->render();
}
}
}
($hook = vBulletinHook::fetch_hook('blog_list_complete')) ? eval($hook)
: false;
if ($blogtype == 'all')

{
$navbits[] = $vbphrase['blog_list'];
$templater = vB_Template::create('blog_list_blogs_all');
$templater->register('blogbits', $blogbits);
$templater->register('pagenav', $pagenav);
$templater->register('sortarrow', $sortarrow);
$templater->register('sorturl', $sorturl);
$templater->register('sortorder', $sortorder);
$content = $templater->render();
}
else
{
$navbits[] = $vbphrase['best_blogs'];
$templater = vB_Template::create('blog_list_blogs_best');
$templater->register('blogbits', $blogbits);
$templater->register('pagenav', $pagenav);
$content = $templater->render();
}
}
// #######################################################################
if ($_REQUEST['do'] == 'comments')
{
$vbulletin->input->clean_array_gpc('r', array(
'perpage'
=> TYPE_UINT,
'pagenumber' => TYPE_UINT,
'userid'
=> TYPE_UINT,
'type'
=> TYPE_STR,
));
$sql_and = array();
$sql_or = array();
($hook = vBulletinHook::fetch_hook('blog_comments_start')) ? eval($hook)
: false;
// Set Perpage .. this limits it to 10. Any reason for more?
if ($vbulletin->GPC['perpage'] == 0 OR $vbulletin->GPC['perpage'] > $vbu
lletin->options['blog_commentsperpage'])
{
$perpage = $vbulletin->options['blog_commentsperpage'];
}
else
{
$perpage = $vbulletin->GPC['perpage'];
}
if ($vbulletin->GPC['userid'])
{
$userinfo = verify_id('user', $vbulletin->GPC['userid'], 1, 1, 1
0);
cache_permissions($userinfo, false);
$show['entry_userinfo'] = false;
if (!$userinfo['canviewmyblog'])
{
print_no_permission();
}
if (in_coventry($userinfo['userid']) AND !can_moderate_blog())
{
standard_error(fetch_error('invalidid', $vbphrase['blog'

], $vbulletin->options['contactuslink']));
}
if ($vbulletin->userinfo['userid'] == $userinfo['userid'] AND !(
$vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->
bf_ugp_vbblog_general_permissions['blog_canviewown']))
{
print_no_permission();
}
if ($vbulletin->userinfo['userid'] != $userinfo['userid'] AND !(
$vbulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->
bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
if ($vbulletin->userinfo['permissions']['vbblog_general_
permissions'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']
)
{
// Can't view other's entries so off you go to y
our own blog.
$bloginfo = array(
'userid' => $vbulletin->userinfo['userid
'],
'title' => $vbulletin->userinfo['blog_t
itle'] ? $vbulletin->userinfo['blog_title'] : $vbulletin->userinfo['username'],
);
exec_header_redirect(fetch_seo_url('blog|js', $b
loginfo));
}
else
{
print_no_permission();
}
}
$sql_and[] = "blog_text.bloguserid = $userinfo[userid]";
track_blog_visit($userinfo['userid']);
}
else
{
$userinfo = array();
$show['entry_userinfo'] = true;
}
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions']
& $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
$sql_and[] = "blog.userid = " . $vbulletin->userinfo['userid'];
}
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions']
& $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) AND $vbullet
in->userinfo['userid'])
{
$sql_and[] = "blog.userid <> " . $vbulletin->userinfo['userid'];
}
$state = array('visible');
$commentstate = array('visible');
if (can_moderate_blog('canmoderatecomments') OR (!empty($userinfo) AND i

s_member_of_blog($vbulletin->userinfo, $userinfo)))
{
$commentstate[] = 'moderation';
}
if (can_moderate_blog('canmoderateentries') OR (!empty($userinfo) AND is
_member_of_blog($vbulletin->userinfo, $userinfo)))
{
$state[] = 'moderation';
}
if (can_moderate_blog() OR (!empty($userinfo) AND is_member_of_blog($vbu
lletin->userinfo, $userinfo)))
{
$state[] = 'deleted';
$commentstate[] = 'deleted';
$deljoinsql = "LEFT JOIN " . TABLE_PREFIX . "blog_deletionlog AS
blog_deletionlog ON (blog_text.blogtextid = blog_deletionlog.primaryid AND blog
_deletionlog.type = 'blogtextid')";
}
$sql_and[]
$sql_and[]
$sql_and[]
$sql_and[]

=
=
=
=

"blog.state IN('" . implode("', '", $state) . "')";

"blog.dateline <= " . TIMENOW;
"blog.pending = 0";
"blog_text.state IN('" . implode("', '", $commentstate) . "

')";
$sql_and[] = "blog.firstblogtextid <> blog_text.blogtextid";
$type = '';
if ($vbulletin->GPC['type'])
{
$type = $vbulletin->GPC['type'];
switch ($vbulletin->GPC['type'])
{
case 'moderated':
if ((!empty($userinfo) AND is_member_of_blog($vb
ulletin->userinfo, $userinfo)) OR can_moderate_blog('canmoderateentries'))
{
$sql_and[] = "blog_text.state = 'moderat
ion'";
}
break;
case 'deleted':
if ((!empty($userinfo) AND is_member_of_blog($vb
ulletin->userinfo, $userinfo)) OR can_moderate_blog())
{
$sql_and[] = "blog_text.state = 'deleted
'";
}
break;
default:
$type = '';
}
}
if (!$userinfo AND !$type)
{
// Limit results when we are viewing "All Comments", from the "F
ind More" link on blog home
if ($vbulletin->options['vbblog_recentcommentcutoff'])
{
switch($vbulletin->options['vbblog_recentcommentcutoff']

)
{
case '1d':
$option
break;
case '1w':
$option
break;
case '1m':
$option
break;
case '3m':
$option
break;
case '6m':
$option
break;

= '1w';
= '1m';
= '3m';
= '6m';
= '1y';

}
switch($option)
{
case '1m':
case '3m':
case '6m':
$sql_and[] = "blog_text.dateline >= " .
mktime(date('H'), date('i'), date('s'), date('m') - intval($vbulletin->options[
'vbblog_recentcommentcutoff']), date('d'), date('y'));
break;
case '1y':
$cutoff = $sql_and[] = "blog_text.dateli
ne >= " . mktime(date('H'), date('i'), date('s'), date('m'), date('d'), date('y'
) - 1);
break;
case '1w':
$sql_and[] = "blog_text.dateline >= " .
(TIMENOW - 604800);
}
}
}
$selectedfilter = array(
$type => 'selected="selected"'
);
$sql_join = array();
if (!can_moderate_blog())
{
if ($vbulletin->userinfo['userid'])
{
if ($userinfo['userid'] != $vbulletin->userinfo['userid'
])
{
$sql_or[] = "blog.userid IN (" . $vbulletin->use
rinfo['memberblogids'] . ")";
$sql_or[] = "(options_ignore & " . $vbulletin->b
f_misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NU
LL)";
$sql_or[] = "(options_buddy & " . $vbulletin->bf
_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)
";

$sql_or[] = "(options_member & " . $vbulletin->b

f_misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " . $vbulle
tin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NUL
L) AND (options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyb
log'] . " OR ignored.relationid IS NULL))";
$sql_and[] = "(" . implode(" OR ", $sql_or) . ")
";
$sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "use
rlist AS buddy ON (buddy.userid = blog.userid AND buddy.relationid = " . $vbulle
tin->userinfo['userid'] . " AND buddy.type = 'buddy')";
$sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "use
rlist AS ignored ON (ignored.userid = blog.userid AND ignored.relationid = " . $
vbulletin->userinfo['userid'] . " AND ignored.type = 'ignore')";
$sql_and[] = "
(blog.userid IN (" . $vbulletin->userinf
o['memberblogids'] . ")
OR
~blog.options & " . $vbulletin->bf_misc_
vbblogoptions['private'] . "
OR
(options_buddy & " . $vbulletin->bf_misc
_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL))";
$sqlfields = ",ignored.relationid AS ignoreid, b
uddy.relationid AS buddyid";
}
}
else
{
$sql_and[] = "options_guest & " . $vbulletin->bf_misc_vb
blogsocnetoptions['canviewmyblog'];
$sql_and[] = "~blog.options & " . $vbulletin->bf_misc_vb
blogoptions['private'];
}
}
($hook = vBulletinHook::fetch_hook('blog_comments_comments_query')) ? ev
al($hook) : false;
// get ignored users
$ignore = array();
if (trim($vbulletin->userinfo['ignorelist']))
{
$ignorelist = preg_split('/( )+/', trim($vbulletin->userinfo['ig
norelist']), -1, PREG_SPLIT_NO_EMPTY);
foreach ($ignorelist AS $ignoreuserid)
{
$ignore["$ignoreuserid"] = 1;
}
}
DEVDEBUG('ignored users: ' . implode(', ', array_keys($ignore)));
$comment_count = 0;
$responsebits = '';
$pagetext_cachable = true;
require_once(DIR . '/includes/class_bbcode_blog.php');
require_once(DIR . '/includes/class_blog_response.php');

$bbcode = new vB_BbCodeParser_Blog($vbulletin, fetch_tag_list());

$factory = new vB_Blog_ResponseFactory($vbulletin, $bbcode, $bloginfo);
if (!empty($vbulletin->userinfo['blogcategorypermissions']['cantview']))
{
$sql_join[] = "LEFT JOIN " . TABLE_PREFIX . "blog_categoryuser A
S cu ON (cu.blogid = blog.blogid AND cu.blogcategoryid IN (" . implode(", ", $vb
ulletin->userinfo['blogcategorypermissions']['cantview']) . "))";
$sql_and[] = "cu.blogcategoryid IS NULL";
}
// Add union query here so blog owners can see comments attached to dele
ted entries of their own
do
{
if (!$vbulletin->GPC['pagenumber'])
{
$vbulletin->GPC['pagenumber'] = 1;
}
$start = ($vbulletin->GPC['pagenumber'] - 1) * $vbulletin->optio
ns['blog_commentsperpage'];
$pagenumber = $vbulletin->GPC['pagenumber'];
$comments = $db->query_read("
SELECT SQL_CALC_FOUND_ROWS
blog_text.username AS postusername, blog_text.ip
address AS blogipaddress, blog_text.state, blog_text.dateline, blog_text.pagetex
t, blog_text.allowsmilie, blog_text.blogtextid, blog_text.title,
blog.pending, blog.userid AS blog_userid, blog.b
logid, blog.title AS entrytitle, blog.state AS blog_state, blog.firstblogtextid,
blog.options AS blogoptions, blog_user.memberids, blog_user.memberblogids, blog
.postedby_userid, blog.postedby_username,
user2.usergroupid AS blog_usergroupid, user2.inf
ractiongroupids AS blog_infractiongroupids, user2.membergroupids AS blog_memberg
roupids,
user.*,
blog_user.title AS blogtitle,
IF(user.displaygroupid = 0, user.usergroupid, us
er.displaygroupid) AS displaygroupid, user.infractiongroupid, options_ignore, op
tions_buddy, options_member, options_guest,
blog_editlog.userid AS edit_userid, blog_editlog
.dateline AS edit_dateline, blog_editlog.reason AS edit_reason, blog_editlog.use
rname AS edit_username
" . ($vbulletin->options['avatarenabled'] ? ",avatar.ava
tarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateli
ne AS avatardateline,customavatar.width AS avwidth,customavatar.height AS avheig
ht" : "") . "
" . ($deljoinsql ? ",blog_deletionlog.moddelete AS del_m
oddelete, blog_deletionlog.userid AS del_userid, blog_deletionlog.username AS de
l_username, blog_deletionlog.reason AS del_reason" : "") . "
" . (($vbulletin->options['threadmarking'] AND $vbulleti
n->userinfo['userid']) ? ", blog_read.readtime AS blogread, blog_userread.readti
me AS bloguserread" : "") . "
" . ($vbulletin->userinfo['userid'] ? ", gm.permissions
AS grouppermissions" : "") . "
$sqlfields
FROM " . TABLE_PREFIX . "blog_text AS blog_text
LEFT JOIN " . TABLE_PREFIX . "blog AS blog ON (blog.blog
id = blog_text.blogid)
LEFT JOIN " . TABLE_PREFIX . "user AS user ON (user.user
id = blog_text.userid)

LEFT JOIN " . TABLE_PREFIX . "user AS user2 ON (user2.us

erid = blog.userid)
LEFT JOIN " . TABLE_PREFIX . "blog_user AS blog_user ON
(blog_user.bloguserid = blog.userid)
LEFT JOIN " . TABLE_PREFIX . "blog_editlog AS blog_editl
og ON (blog_editlog.blogtextid = blog_text.blogtextid)
" . (($vbulletin->options['threadmarking'] AND $vbulleti
n->userinfo['userid']) ? "
LEFT JOIN " . TABLE_PREFIX . "blog_read AS blog_read ON
(blog_read.blogid = blog.blogid AND blog_read.userid = " . $vbulletin->userinfo[
'userid'] . ")
LEFT JOIN " . TABLE_PREFIX . "blog_userread AS blog_user
read ON (blog_userread.bloguserid = blog.userid AND blog_userread.userid = " . $
vbulletin->userinfo['userid'] . ")" : "") . "
" . ($vbulletin->userinfo['userid'] ? "LEFT JOIN " . TAB
LE_PREFIX . "blog_groupmembership AS gm ON (blog.userid = gm.bloguserid AND gm.u
serid = " . $vbulletin->userinfo['userid'] . ")" : '') . "
$deljoinsql
" . (!empty($sql_join) ? implode("\r\n", $sql_join) : ""
) . "
" . ($vbulletin->options['avatarenabled'] ? "LEFT JOIN "
. TABLE_PREFIX . "avatar AS avatar ON(avatar.avatarid = user.avatarid) LEFT JOI
N " . TABLE_PREFIX . "customavatar AS customavatar ON(customavatar.userid = user
.userid)" : "") . "
WHERE " . implode("\r\n\tAND ", $sql_and) . "
ORDER BY blog_text.dateline DESC
LIMIT $start, $perpage
");
list($comment_count) = $db->query_first("SELECT FOUND_ROWS()", D
BARRAY_NUM);
if ($start >= $comment_count)
{
$vbulletin->GPC['pagenumber'] = ceil($comment_count / $p
erpage);
}
}
while ($start >= $comment_count AND $comment_count);
$pagenavurl = array('do' => 'comments');
if ($type)
{
$pagenavurl['type'] = $type;
}
if ($perpage != $vbulletin->options['blog_commentsperpage'])
{
$pagenavurl['pp'] = $perpage;
}
$pagenav = construct_page_nav(
$vbulletin->GPC['pagenumber'],
$perpage,
$comment_count,
'',
'',
'',
($userinfo ? 'blog' : 'bloghome'),
($userinfo ? $userinfo : array()),
$pagenavurl
);

$record_count = 0;
while ($comment = $db->fetch_array($comments))
{
$response_handler =& $factory->create($comment, 'Comment', $igno
re);
$record_count++;
$response_handler->userinfo = $userinfo;
$response_handler->cachable = $pagetext_cachable;
$response_handler->linkblog = true;
$responsebits .= $response_handler->construct();
if ($pagetext_cachable AND $comment['pagetexthtml'] == '')
{
if (!empty($saveparsed))
{
$saveparsed .= ',';
}
$saveparsed .= "($comment[blogtextid], " . intval($blogi
nfo['lastcomment']) . ', ' . intval($response_handler->parsed_cache['has_images'
]) . ", '" . $db->escape_string($response_handler->parsed_cache['text']) . "', "
. intval(STYLEID) . ", " . intval(LANGUAGEID) . ")";
}
if ($comment['dateline'] > $displayed_dateline)
{
$displayed_dateline = $comment['dateline'];
}
if ($comment['state'] == 'deleted' OR $ignore["$comment[userid]"
])
{

// be aware $factory->create can change $response['state

']
$show['quickload'] = true;
}
}
$show['delete'] = true;
$show['undelete'] = true;
$show['approve'] = true;
$show['inlinemod'] = (($show['delete'] OR $show['approve'] OR $show['und
elete'])
AND
(
can_moderate_blog()
OR
(
!empty($userinfo)
AND
is_member_of_blog($vbulletin->userinfo, $userinfo)
)
));
if ($userinfo)
{
$blogheader = parse_blog_description($userinfo);
$sidebar =& build_user_sidebar($userinfo, $month, $year);
$navbits[fetch_seo_url('blog', array('userid' => $userinfo['user
id'], 'title' => $blogheader['title']))] = $blogheader['title'];

}
else
{
$sidebar =& build_overview_sidebar();
}
if ($type)
{
$navbits[] = $vbphrase[$type . '_comments'];
}
else
{
$navbits[] = $vbphrase['comments'];
}
if ($vbulletin->options['quickedit'])
{
$show['quickedit'] = true;
}
$show['filter'] = (can_moderate_blog() OR ($vbulletin->userinfo['userid'
] AND $vbulletin->userinfo['userid'] == $userinfo['userid']));
$show['filter_moderation'] = (can_moderate_blog('canmoderatecomments') O
R $vbulletin->userinfo['userid'] == $userinfo['userid']);
($hook = vBulletinHook::fetch_hook('blog_comments_complete')) ? eval($ho
ok) : false;
$templater = vB_Template::create('blog_list_comments');
$templater->register('bloginfo', $bloginfo);
$templater->register('blogheader', $blogheader);
$templater->register('pagenav', $pagenav);
$templater->register('start', $start + 1);
$templater->register('end', $record_count + $start);
$templater->register('responsebits', $responsebits);
$templater->register('selectedfilter', $selectedfilter);
$templater->register('url', $url);
$templater->register('userinfo', $userinfo);
$templater->register('vBeditTemplate', $vBeditTemplate);
$templater->register('comment_count', $comment_count);
$content = $templater->render();
}
// #######################################################################
if ($_REQUEST['do'] == 'sendtofriend' OR $_POST['do'] == 'dosendtofriend')
{
$bloginfo = verify_blog($blogid);
if ($bloginfo['state'] != 'visible' OR $bloginfo['pending'])
{
print_no_permission();
}
if (!$vbulletin->options['enableemail'] OR !($vbulletin->userinfo['permi
ssions']['vbblog_general_permissions'] & $vbulletin->bf_ugp_vbblog_general_permi
ssions['blog_canemail']))
{
standard_error(fetch_error('emaildisabled'));
}

if (!$bloginfo OR
(!($vbulletin->userinfo['permissions']['vbblog_general_permissio
ns'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']) AND $bl
oginfo['userid'] == $vbulletin->userinfo['userid']) OR
(!($vbulletin->userinfo['permissions']['vbblog_general_permissio
ns'] & $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']) AND
$bloginfo['userid'] != $vbulletin->userinfo['userid']))
{
print_no_permission();
}
$perform_floodcheck = (
!($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminper
missions['cancontrolpanel'])
AND $vbulletin->options['emailfloodtime']
AND $vbulletin->userinfo['userid']
);
if ($perform_floodcheck AND ($timepassed = TIMENOW - $vbulletin->userinf
o['emailstamp']) < $vbulletin->options['emailfloodtime'])
{
standard_error(fetch_error('emailfloodcheck', $vbulletin->option
s['emailfloodtime'], ($vbulletin->options['emailfloodtime'] - $timepassed)));
}
track_blog_visit($bloginfo['userid']);
}
// ############################### start do send to friend #####################
##########
if ($_POST['do'] == 'dosendtofriend')
{
$vbulletin->input->clean_array_gpc('p', array(
'sendtoname' => TYPE_STR,
'sendtoemail' => TYPE_STR,
'emailsubject' => TYPE_STR,
'emailmessage' => TYPE_STR,
'username'
=> TYPE_STR,
'imagestamp' => TYPE_STR,
'imagehash'
=> TYPE_STR,
'humanverify' => TYPE_ARRAY,
));
// Values that are used in phrases or error messages
$sendtoname =& $vbulletin->GPC['sendtoname'];
$emailmessage =& $vbulletin->GPC['emailmessage'];
$errors = array();
if ($sendtoname == '' OR !is_valid_email($vbulletin->GPC['sendtoemail'])
OR $vbulletin->GPC['emailsubject'] == '' OR $emailmessage == '')
{
$errors[] = fetch_error('requiredfields');
}
if ($perform_floodcheck)
{
require_once(DIR . '/includes/class_floodcheck.php');
$floodcheck = new vB_FloodCheck($vbulletin, 'user', 'emailstamp'
);
$floodcheck->commit_key($vbulletin->userinfo['userid'], TIMENOW,

TIMENOW - $vbulletin->options['emailfloodtime']);
if ($floodcheck->is_flooding())
{
$errors[] = fetch_error('emailfloodcheck', $vbulletin->o
ptions['emailfloodtime'], $floodcheck->flood_wait());
}
}
if (fetch_require_hvcheck('contactus'))
{
require_once(DIR . '/includes/class_humanverify.php');
$verify =& vB_HumanVerify::fetch_library($vbulletin);
if (!$verify->verify_token($vbulletin->GPC['humanverify']))
{
$errors[] = fetch_error($verify->fetch_error());
}
}
($hook = vBulletinHook::fetch_hook('blog_dosendtofriend_start')) ? eval(
$hook) : false;
if ($vbulletin->GPC['username'] != '')
{
if ($userinfo = $db->query_first_slave("
SELECT user.*, userfield.*
FROM " . TABLE_PREFIX . "user AS user," . TABLE_PREFIX .
"userfield AS userfield
WHERE username='" . $db->escape_string(htmlspecialchars_
uni($vbulletin->GPC['username'])) . "'
AND user.userid = userfield.userid"
))
{
$errors[] = fetch_error('usernametaken', $vbulletin->GPC
['username'], $vbulletin->session->vars['sessionurl']);
}
else
{
$postusername = htmlspecialchars_uni($vbulletin->GPC['us
ername']);
}
}
else
{
$postusername = $vbulletin->userinfo['username'];
}
if (empty($errors))
{
eval(fetch_email_phrases('sendtofriend'));
vbmail($vbulletin->GPC['sendtoemail'], $vbulletin->GPC['emailsub
ject'], $message);
($hook = vBulletinHook::fetch_hook('blog_dosendtofriend_complete
')) ? eval($hook) : false;
$sendtoname = htmlspecialchars_uni($sendtoname);
$vbulletin->url = fetch_seo_url('entry', $bloginfo);
print_standard_redirect(array('redirect_blog_sentemail',$sendton

ame));
}
else
{
$_REQUEST['do'] = 'sendtofriend';
$errormessages = '';
if (!empty($errors))
{
$show['errors'] = true;
$templater = vB_Template::create('newpost_errormessage')
;
$templater->register('errors', $errors);
$errormessages .= $templater->render();
}
}
}
// ############################### start send to friend ########################
#######
if ($_REQUEST['do'] == 'sendtofriend')
{
($hook = vBulletinHook::fetch_hook('blog_sendtofriend_start')) ? eval($h
ook) : false;
$bloginfo['title'] = fetch_word_wrapped_string($bloginfo['title'], $vbul
letin->options['blog_wordwrap']);
if ($show['errors'])
{
$stf = array(
'name'
=> htmlspecialchars_uni($vbulletin->GPC['sendt
oname']),
'email' => htmlspecialchars_uni($vbulletin->GPC['sendt
oemail']),
'title' => htmlspecialchars_uni($vbulletin->GPC['email
subject']),
'message' => htmlspecialchars_uni($vbulletin->GPC['email
message']),
);
}
else
{
$stf = array(
'name'
=> '',
'email' => '',
'title' => $bloginfo['title'],
'message' => construct_phrase($vbphrase['blog_thought_mi
ght_be_interested'],
fetch_seo_url('entry|nosession|bburl', $bloginfo
, array('referrerid' => $vbulletin->userinfo['userid'])),
$vbulletin->userinfo['username']),
);
}
$usernamecode = vB_Template::create('newpost_usernamecode')->render();
// image verification
$human_verify = '';
if (fetch_require_hvcheck('contactus'))

{
require_once(DIR . '/includes/class_humanverify.php');
$verification =& vB_HumanVerify::fetch_library($vbulletin);
$human_verify = $verification->output_token();
}
$sidebar =& build_user_sidebar($bloginfo);
$navbits[fetch_seo_url('blog', $bloginfo, null, 'userid', 'blog_title')]
= $bloginfo['blog_title'];
$navbits[fetch_seo_url('entry', $bloginfo)] = $bloginfo['title'];
$navbits[] = $vbphrase['email_to_friend'];
$bloginfo['title_trimmed'] = fetch_trimmed_title($bloginfo['title']);
($hook = vBulletinHook::fetch_hook('blog_sendtofriend_complete')) ? eval
($hook) : false;
$url =& $vbulletin->url;
$templater = vB_Template::create('blog_send_to_friend');
$templater->register('bloginfo', $bloginfo);
$templater->register('errormessages', $errormessages);
$templater->register('human_verify', $human_verify);
$templater->register('imagereg', $imagereg);
$templater->register('stf', $stf);
$templater->register('url', $url);
$templater->register('usernamecode', $usernamecode);
$content = $templater->render();
}
// #######################################################################
if ($_POST['do'] == 'rate')
{
$vbulletin->input->clean_array_gpc('p', array(
'vote'
=> TYPE_UINT,
'ajax'
=> TYPE_BOOL,
'blogid'
=> TYPE_UINT,
));
$bloginfo = fetch_bloginfo($vbulletin->GPC['blogid']);
track_blog_visit($bloginfo['userid']);
if ($vbulletin->GPC['vote'] < 1 OR $vbulletin->GPC['vote'] > 5)
{
standard_error(fetch_error('invalidvote'));
}
if ($bloginfo['state'] !== 'visible')
{
print_no_permission();
}
$rated = intval(fetch_bbarray_cookie('blog_rate', $bloginfo['blogid']));
($hook = vBulletinHook::fetch_hook('blog_rate_start')) ? eval($hook) : f
alse;
$update = false;

if ($vbulletin->userinfo['userid'])
{
if ($rating = $db->query_first("
SELECT *
FROM " . TABLE_PREFIX . "blog_rate
WHERE userid = " . $vbulletin->userinfo['userid'] . "
AND blogid = $bloginfo[blogid]
"))
{
if ($vbulletin->options['votechange'])
{
if ($vbulletin->GPC['vote'] != $rating['vote'])
{
$blograte =& datamanager_init('Blog_Rate
', $vbulletin, ERRTYPE_STANDARD);
$blograte->set_info('blog', $bloginfo);
$blograte->set_existing($rating);
$blograte->set('vote', $vbulletin->GPC['
vote']);
($hook = vBulletinHook::fetch_hook('blog
_rate_update')) ? eval($hook) : false;
$blograte->save();
}
$update = true;
if (!$vbulletin->GPC['ajax'])
{
$vbulletin->url = fetch_seo_url('entry',
$bloginfo);
print_standard_redirect('redirect_blog_r
ate_add');
}
}
else if (!$vbulletin->GPC['ajax'])
{
standard_error(fetch_error('blog_rate_voted'));
}
}
else
{
$blograte =& datamanager_init('Blog_Rate', $vbulletin, E
RRTYPE_STANDARD);
$blograte->set_info('blog', $bloginfo);
$blograte->set('blogid', $bloginfo['blogid']);
$blograte->set('userid', $vbulletin->userinfo['userid'])
;
$blograte->set('vote', $vbulletin->GPC['vote']);
($hook = vBulletinHook::fetch_hook('blog_rate_add')) ? e
val($hook) : false;
$blograte->save();
$update = true;
if (!$vbulletin->GPC['ajax'])
{
$vbulletin->url = fetch_seo_url('entry', $blogin
fo);
print_standard_redirect('redirect_blog_rate_add'

);
}
}
}
else
{
// Check for cookie on user's computer for this blogid
if ($rated AND !$vbulletin->options['votechange'])
{
if (!$vbulletin->GPC['ajax'])
{
standard_error(fetch_error('blog_rate_voted'));
}
}
else
{
// Check for entry in Database for this Ip Addr/blogid
if ($rating = $db->query_first("
SELECT *
FROM " . TABLE_PREFIX . "blog_rate
WHERE ipaddress = '" . $db->escape_string(IPADDR
ESS) . "'
AND blogid = $bloginfo[blogid]
"))
{
if ($vbulletin->options['votechange'])
{
if ($vbulletin->GPC['vote'] != $rating['
vote'])
{
$blograte =& datamanager_init('B
log_Rate', $vbulletin, ERRTYPE_STANDARD);
$blograte->set_info('blog', $blo
ginfo);
$blograte->set_existing($rating)
;
$blograte->set('vote', $vbulleti
n->GPC['vote']);
($hook = vBulletinHook::fetch_ho
ok('blog_rate_update')) ? eval($hook) : false;
$blograte->save();
}
$update = true;
if (!$vbulletin->GPC['ajax'])
{
$vbulletin->url = fetch_seo_url(
'entry', $bloginfo);
print_standard_redirect('redirec
t_blog_rate_add');
}
}
else if (!$vbulletin->GPC['ajax'])
{
set_bbarray_cookie('blog_rate', $rating[
'blogid'], $rating['vote'], 1);
standard_error(fetch_error('blog_rate_vo
ted'));

}
}
else
{
$blograte =& datamanager_init('Blog_Rate', $vbul
letin, ERRTYPE_STANDARD);
$blograte->set_info('blog', $bloginfo);
$blograte->set('blogid', $bloginfo['blogid']);
$blograte->set('userid', 0);
$blograte->set('vote', $vbulletin->GPC['vote']);
$blograte->set('ipaddress', IPADDRESS);
($hook = vBulletinHook::fetch_hook('blog_rate_ad
d')) ? eval($hook) : false;
$blograte->save();
$update = true;
if (!$vbulletin->GPC['ajax'])
{
$vbulletin->url = fetch_seo_url('entry',
$bloginfo);
print_standard_redirect('redirect_blog_r
ate_add');
}
}
}
}
require_once(DIR . '/includes/class_xml.php');
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$xml->add_group('threadrating');
if ($update)
{
$blog = $db->query_first_slave("
SELECT ratingtotal, ratingnum
FROM " . TABLE_PREFIX . "blog
WHERE blogid = $bloginfo[blogid]
");
if ($blog['ratingnum'] > 0 AND $blog['ratingnum'] >= $vbulletin>options['vbblog_ratingpost'])
{
// Show Voteavg
$blog['ratingavg'] = vb_number_format($blog['ratingtotal
'] / $blog['ratingnum'], 2);
$blog['rating'] = intval(round($blog['ratingtotal'] / $b
log['ratingnum']));
$xml->add_tag('voteavg', "<img class=\"inlineimg\" src=\
"" . vB_Template_Runtime::fetchStyleVar('imgdir_rating') . "/rating-15_$blog[rat
ing].png\" alt=\"" . construct_phrase($vbphrase['rating_x_votes_y_average'], $bl
og['ratingnum'], $blog['ratingavg']) . "\" border=\"0\" />");
}
else
{
$xml->add_tag('voteavg', '');
}
if (!function_exists('fetch_phrase'))
{
require_once(DIR . '/includes/functions_misc.php');

}
$xml->add_tag('message', fetch_phrase('redirect_blog_rate_add',
'frontredirect', 'redirect_'));
}
else
// Already voted error...
{
if (!empty($rating['blogid']))
{
set_bbarray_cookie('blog_rate', $rating['blogid'], $rati
ng['vote'], 1);
}
$xml->add_tag('error', fetch_error('blog_rate_voted'));
}
$xml->close_group();
$xml->print_xml();
}
// ############################### start random blog ###########################
####
if ($_REQUEST['do'] == 'random')
{
$sql = array(
"state = 'visible'",
"dateline <= " . TIMENOW,
"blog.pending = 0",
);
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions']
& $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewown']))
{
$sql[] = "blog.userid <> " . $vbulletin->userinfo['userid'];
}
if (!($vbulletin->userinfo['permissions']['vbblog_general_permissions']
& $vbulletin->bf_ugp_vbblog_general_permissions['blog_canviewothers']))
{
$sql[] = "blog.userid = " . $vbulletin->userinfo['userid'];
}
if ($coventry = fetch_coventry('string') AND !can_moderate_blog())
{
$sql[] = "blog.userid NOT IN ($coventry)";
}
$sql1join = array();
if (!can_moderate_blog())
{
$sql1join[] = "LEFT JOIN " . TABLE_PREFIX . "blog_user AS blog_u
ser ON (blog_user.bloguserid = blog.userid)";
if ($vbulletin->userinfo['userid'])
{
$userlist_sql = array();
$userlist_sql[] = "blog.userid = " . $vbulletin->userinf
o['userid'];
$userlist_sql[] = "(options_ignore & " . $vbulletin->bf_
misc_vbblogsocnetoptions['canviewmyblog'] . " AND ignored.relationid IS NOT NULL
)";
$userlist_sql[] = "(options_buddy & " . $vbulletin->bf_m
isc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL)";
$userlist_sql[] = "(options_member & " . $vbulletin->bf_

misc_vbblogsocnetoptions['canviewmyblog'] . " AND (options_buddy & " . $vbulleti

n->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " OR buddy.relationid IS NULL)
AND (options_ignore & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblo
g'] . " OR ignored.relationid IS NULL))";
$sql[] = "(" . implode(" OR ", $userlist_sql) . ")";
$sql1join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS
buddy ON (buddy.userid = blog.userid AND buddy.relationid = " . $vbulletin->use
rinfo['userid'] . " AND buddy.type = 'buddy')";
$sql1join[] = "LEFT JOIN " . TABLE_PREFIX . "userlist AS
ignored ON (ignored.userid = blog.userid AND ignored.relationid = " . $vbulleti
n->userinfo['userid'] . " AND ignored.type = 'ignore')";
$wheresql[] = "
(blog.userid = " . $vbulletin->userinfo['userid'
] . "
OR
~blog.options & " . $vbulletin->bf_misc_vbblogop
tions['private'] . "
OR
(options_buddy & " . $vbulletin->bf_misc_vbblogs
ocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL))";
}
else
{
$sql[] = "options_guest & " . $vbulletin->bf_misc_vbblog
socnetoptions['canviewmyblog'];
$sql[] = "~blog.options & " . $vbulletin->bf_misc_vbblog
options['private'];
}
}
($hook = vBulletinHook::fetch_hook('blog_random_query')) ? eval($hook) :
false;
$blog = $db->query_first_slave("
SELECT *
FROM " . TABLE_PREFIX . "blog AS blog
" . (!empty($sql1join) ? implode("\r\n", $sql1join) : "") . "
WHERE " . implode("\r\nAND ", $sql) . "
ORDER BY RAND() LIMIT 1
");
if ($blog)
{
exec_header_redirect(fetch_seo_url('entry|js', $blog));
}
else
{
standard_error(fetch_error('blog_no_blogs'));
}
}
// #######################################################################
if ($_REQUEST['do'] == 'viewip')
{
if (!$vbulletin->options['logip'] OR (!can_moderate_blog('canviewips') A
ND $vbulletin->options['logip'] != 2))
{
print_no_permission();

}
if ($blogtextid)
{
$blogtextinfo = fetch_blog_textinfo($vbulletin->GPC['blogtextid'
]);
if ($blogtextinfo === false)
{
standard_error(fetch_error('invalidid', $vbphrase['comme
nt'], $vbulletin->options['contactuslink']));
}
$ipaddress = ($blogtextinfo['ipaddress'] ? htmlspecialchars_uni(
long2ip($blogtextinfo['ipaddress'])) : '');
}
else
{
$bloginfo = verify_blog($blogid);
$ipaddress = ($bloginfo['blogipaddress'] ? htmlspecialchars_uni(
long2ip($bloginfo['blogipaddress'])) : '');
}
$hostname = htmlspecialchars_uni(gethostbyaddr($ipaddress));
($hook = vBulletinHook::fetch_hook('blog_viewip_complete')) ? eval($hook
) : false;
standard_error(fetch_error('thread_displayip', $ipaddress, $hostname, ''
, 0));
}
// #######################################################################
if ($_REQUEST['do'] == 'markread')
{
$vbulletin->input->clean_array_gpc('r', array(
'userid' => TYPE_UINT,
'readhash' => TYPE_STR
));
// verify the userid exists, don't want useless entries in our table.
if (!($userinfo = fetch_userinfo($vbulletin->GPC['userid'])))
{
standard_error(fetch_error('invalidid', $vbphrase['user'], $vbul
letin->options['contactuslink']));
}
if (!VB_API AND $vbulletin->userinfo['userid'] != 0 AND !verify_security
_token($vbulletin->GPC['readhash'], $vbulletin->userinfo['securitytoken_raw']))
{
standard_error(fetch_error('blog_markread_error',
fetch_seo_url('blog', $userinfo, array('do' => 'markread
', 'readhash' => $vbulletin->userinfo['logouthash'])) , $userinfo['username']));
}
mark_user_blog_read($userinfo['userid'], $vbulletin->userinfo['userid'],
TIMENOW);
require_once(DIR . '/includes/functions_login.php');
$vbulletin->url = fetch_replaced_session_url($vbulletin->url);
if (strpos($vbulletin->url, 'do=markread') !== false)
{

$vbulletin->url = fetch_seo_url('blog', $userinfo, null, 'userid

', 'blog_title');
}
print_standard_redirect('blog_markread', true, true);
}
// ############################################################################
// ############################### GROUP MEMBERS ##########################
// ############################################################################
if ($_REQUEST['do'] == 'members')
{
$vbulletin->input->clean_array_gpc('r', array(
'userid'
=> TYPE_UINT,
'perpage'
=> TYPE_UINT,
'pagenumber' => TYPE_UINT,
));
$userinfo = verify_id('user', $vbulletin->GPC['userid'], true, true);
cache_permissions($userinfo, false);
if (
($vbulletin->userinfo['userid'] != $userinfo['userid'] AND !($vb
ulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_
ugp_vbblog_general_permissions['blog_canviewothers']))
OR
($vbulletin->userinfo['userid'] == $userinfo['userid'] AND !($vb
ulletin->userinfo['permissions']['vbblog_general_permissions'] & $vbulletin->bf_
ugp_vbblog_general_permissions['blog_canviewown']))
OR
(!($userinfo['permissions']['vbblog_general_permissions'] & $vbu
lletin->bf_ugp_vbblog_general_permissions['blog_canhavegroupblog']))
OR
(!$userinfo['memberids'])
)
{
print_no_permission();
}
require_once(DIR . '/includes/functions_user.php');
do
{
$perpage = (($vbulletin->GPC['perpage'] > 30 OR !$vbulletin->GPC
['perpage']) ? 20 : $vbulletin->GPC['perpage']);
if (!$vbulletin->GPC['pagenumber'])
{
$vbulletin->GPC['pagenumber'] = 1;
}
$start = ($vbulletin->GPC['pagenumber'] - 1) * $perpage;
$members = $db->query_read_slave("
SELECT
SQL_CALC_FOUND_ROWS
gm.userid, user.*
" . ($vbulletin->options['avatarenabled'] ? ', a
vatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavat
ar.dateline AS avatardateline, customavatar.width_thumb AS avwidth_thumb, custom

avatar.height_thumb AS avheight_thumb, customavatar.width as avwidth, customavat

ar.height as avheight, customavatar.filedata_thumb' : '') . "
FROM " . TABLE_PREFIX . "blog_groupmembership AS gm
INNER JOIN " . TABLE_PREFIX . "user AS user ON (user.use
rid = gm.userid)
" . ($vbulletin->options['avatarenabled'] ? "LEF
T JOIN " . TABLE_PREFIX . "avatar AS avatar ON (avatar.avatarid = user.avatarid)
LEFT JOIN " . TABLE_PREFIX . "customavatar AS customavatar ON (customavatar.use
rid = user.userid) " : '') . "
WHERE
gm.bloguserid = " . $vbulletin->GPC['userid'] .
"
AND
gm.state = 'active'
ORDER BY user.username
LIMIT $start, $perpage
");
$membercount = $db->found_rows();
if ($start > $membercount)
{
$vbulletin->GPC['pagenumber'] = ceil($membercount / $per
page);
}
}
while($start >= $membercount AND $membercount);
$pagenav = construct_page_nav(
$vbulletin->GPC['pagenumber'],
$perpage,
$membercount,
'',
'',
'',
'blog',
$userinfo,
array('do' => 'members', 'pp' => $perpage)
);
while ($member = $db->fetch_array($members))
{
fetch_avatar_from_userinfo($member, true);
$templater = vB_Template::create('blog_grouplist_userbit');
$templater->register('member', $member);
$memberlist .= $templater->render();
if ($vbulletin->userinfo['userid'] == $member['userid'])
{
$show['removeself'] = true;
}
}
$show['avatars'] = true;
$sidebar =& build_user_sidebar($userinfo);
$navbits[fetch_seo_url('blog', $userinfo, null, 'userid', 'blog_title')]
= $userinfo['blog_title'];
$navbits[''] = $vbphrase['blog_membership'];
$templater = vB_Template::create('blog_grouplist');
$templater->register('membercount', $membercount);

$templater->register('memberlist', $memberlist);
$templater->register('pagenav', $pagenav);
$templater->register('userinfo', $userinfo);
$content = $templater->render();
$headinclude .= vB_Template::create('blog_cp_css')->render();
}
// ############################### toggle user css #############################
##
//this action does not appear to be called anywhere within the 4.0.x code.
if ($_REQUEST['do'] == 'switchcss')
{
$vbulletin->input->clean_array_gpc('r', array(
'hash'
=> TYPE_STR,
'userid' => TYPE_UINT
));
if (!verify_security_token($vbulletin->GPC['hash'], $vbulletin->userinfo
['securitytoken_raw']))
{
print_no_permission();
}
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_STANDARD);
$userdata->set_existing($vbulletin->userinfo);
$userdata->set('showblogcss', !$vbulletin->userinfo['showblogcss']);
$userdata->save();
if ($vbulletin->GPC['userid'] AND $vbulletin->url == fetch_seo_url('foru
mhome|nosession', array()))
{
$vbulletin->url = fetch_seo_url('blog', array('userid' => $vbull
etin->GPC['userid']));
}
print_standard_redirect('redirect_usercss_toggled');
}
// ############################### custom page ###############################
if ($_REQUEST['do'] == 'custompage')
{
$vbulletin->input->clean_array_gpc('r', array(
'cp' => TYPE_UINT,
));
require_once(DIR . '/includes/blog_functions_usercp.php');
$blockinfo = verify_blog_customblock($vbulletin->GPC['cp'], 'page');
if (
(
$blockinfo['type'] == 'block'
AND
!$blockinfo['userinfo']['permissions']['vbblog_customblo
cks']
)
OR
(
$blockinfo['type'] == 'page'
AND
!$blockinfo['userinfo']['permissions']['vbblog_custompag
es']

)
)
{
if (!can_moderate_blog('caneditcustomblocks'))
{
print_no_permission();
}
$show['reportlink'] = false;
}
else
{
$show['reportlink'] = true;
}
track_blog_visit($blockinfo['userinfo']['userid']);
$show['reportlink'] = (
$show['reportlink']
AND
$vbulletin->userinfo['userid']
AND
(
$vbulletin->options['rpforumid']
OR
(
$vbulletin->options['enableemail']
AND
$vbulletin->options['rpemail']
)
)
);
$show['edit'] = (can_moderate_blog('caneditcustomblocks') OR $vbulletin>userinfo['userid'] == $blockinfo['userid']);
// Parse Content here
require_once(DIR . '/includes/class_bbcode_blog.php');
$bbcode = new vB_BbCodeParser_Blog($vbulletin, fetch_tag_list());
$bbcode->set_parse_userinfo($blockinfo['userinfo'], $blockinfo['userinfo
']['permissions']);
$blockinfo['page'] = $bbcode->parse($blockinfo['pagetext'], 'blog_user',
$blockinfo['allowsmilie'] ? 1 : 0);
$blogheader = parse_blog_description($blockinfo['userinfo'], $blockinfo)
;
$sidebar =& build_user_sidebar($blockinfo['userinfo']);
$navbits[] = $blockinfo['title'];
$templater = vB_Template::create('blog_custompage');
$templater->register('blogheader', $blogheader);
$templater->register('blockinfo', $blockinfo);
$content = $templater->render();
}
// build navbar
if (empty($navbits))
{
$navbits = array();
}
$navbits = array_merge(array(fetch_seo_url('bloghome', array()) => $vbphrase['bl

ogs']), $navbits);
$navbits = construct_navbits($navbits);
$navbar = render_navbar_template($navbits);
($hook = vBulletinHook::fetch_hook('blog_complete')) ? eval($hook) : false;
if (!empty($content))
{
$headinclude .= vB_Template::create('blog_css')->render();
$templater = vB_Template::create('BLOG');
$templater->register_page_templates();
$templater->register('abouturl', $abouturl);
$templater->register('blogheader', $blogheader);
$templater->register('bloginfo', $bloginfo);
$templater->register('blogrssinfo', $blogrssinfo);
$templater->register('bloguserid', $bloguserid);
$templater->register('content', $content);
$templater->register('navbar', $navbar);
$templater->register('onload', $onload);
$templater->register('pagetitle', $pagetitle);
$templater->register('pingbackurl', $pingbackurl);
$templater->register('sidebar', $sidebar);
$templater->register('trackbackurl', $trackbackurl);
$templater->register('usercss_profile_preview', $usercss_profile
_preview);
print_output($templater->render());
}
/*======================================================================*\
|| ####################################################################
|| #
|| # SVN: $Revision: 62622 $
|| ####################################################################
\*======================================================================*/
?>