When you post a blog entry with this option checked:

Restrict entry viewing to Contacts and Blog Moderators

Then the summary version of that entry is viewable on the author's blog page:

blog.php?u=X

You can't access the full blog entry when you click on the specific entry, but I don't think you should be able to view the summary either.

For testing purposes I was viewing the summary page and entry page as a guest.

In case it might help here's a sample:

blogid: 623
firstblogtextid: 1925
userid: 748
dateline: 1225934983
comments_visible: 0
comments_moderation: 0
comments_deleted: 0
attach: 0
pending: 0
state: visible
views: 0
username: (removed)
title: (removed)
trackback_visible: 0
trackback_moderation: 0
options: 12
lastcomment: 1225934983
lastblogtextid: 1925
lastcommenter: (removed)
ratingnum: 0
ratingtotal: 0
rating: 0
categories: NULL
taglist: NULL
postedby_userid: 748
postedby_username: (removed)

The options bitfield is 12. The 'private' bitfield defined in XML is 8. (12 & 8) is 8, which should evaluate to TRUE in your logic.

There is some code in the blog list that refers to this:

$sql1[] = "(~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private'] . "
OR
(options_buddy & " . $vbulletin->bf_misc_vbblogsocnetoptions['canviewmyblog'] . " AND buddy.relationid IS NOT NULL))
";

HOWEVER, that gets squished somewhere and the query turns into this:

SELECT SQL_CALC_FOUND_ROWS attach, blog.blogid, blog.dateline, blog.rating FROM blog AS blog LEFT JOIN blog_user AS blog_user ON (blog_user.bloguserid = blog.userid) WHERE blog.userid = 748 AND state IN('visible') AND blog.pending = 0 AND blog.dateline <= 1240362324 ORDER BY blog.dateline DESC LIMIT 0, 20
As you can see there is no reference to the query logic that would filter on whether the entry is private. (Unless I am missing something!)

OK, so around line 1345 in blog.php you have this code:

$blogheader = parse_blog_description($userinfo);
$sidebar =& build_user_sidebar($userinfo, $month, $year);


JUST ABOVE that, put this:

// Begin IOCTL's fix to make sure private entries are not summarized for people who can't moderate.
if (!can_moderate_blog())
{
$sql1[] = "~blog.options & " . $vbulletin->bf_misc_vbblogoptions['private'];
}
// End fix
That is just a copy and paste of a little logic from later on in the file. From what I can see it shuts off the preview for anything the person shouldn't be able to see. It may hide the entries from "buddies," however. I'm not sure how to fix that yet. (But since it's your code in the first place, maybe you know enough for a quick fix?)

It looks like if you change the first line to this:

if (!can_moderate_blog() && !$userinfo['buddyid'])
it will keep the private entries hidden from people unless they are a contact. BUT, it doesn't matter whether they are a 'friend' or not. I'm not sure this is the correct behavior. I would appreciate if someone could look into this as we're looking to go live with a blog on our site next week.

Freddie should look about it, but I don't see him since some days...

Give the attached diff a try

It appears to work. Thank you!

How do i do this...

What to do with the attached file..

Do i upload it or do i have to edit a file...please tell..

Please help...

You have to edit the blog.php and add the green lines.

Thx Hatsu and it works perfect