function nvweb_webuser($vars = array())
{
global $website;
global $theme;
global $current;
global $webgets;
global $webuser;
global $DB;
$webget = "webuser";
if (!isset($webgets[$webget])) {
$webgets[$webget] = array();
global $lang;
if (empty($lang)) {
$lang = new language();
$lang->load($current['lang']);
}
// default translations
$webgets[$webget]['translations'] = array('login_incorrect' => t(4, 'Login incorrect.'), 'subscribed_ok' => t(541, 'Your email has been successfully subscribed to the newsletter.'), 'subscribe_error' => t(542, 'There was a problem subscribing your email to the newsletter.'), 'email_confirmation' => t(454, "An e-mail with a confirmation link has been sent to your e-mail account."), 'click_to_confirm_account' => t(607, "Click on the link below to confirm your account"), 'email_confirmation_notice' => t(608, "This is an automated e-mail sent as a result of a newsletter subscription request. If you received this e-mail by error just ignore it."), 'forgot_password_success' => t(648, "An e-mail with a temporary password has been sent to your e-mail account."), 'forgot_password_error' => t(446, "We're sorry. Your contact request could not be sent. Please try again or find another way to contact us."));
// theme translations
// if the web theme has custom translations for this string subtypes, use it (for the user selected language)
/* just add the following translations to your json theme dictionary:
"login_incorrect": "Login incorrect.",
"subscribed_ok": "Your email has been successfully subscribed to the newsletter.",
"subscribe_error": "There was a problem subscribing your email to the newsletter.",
"email_confirmation": "An e-mail with a confirmation link has been sent to your e-mail account.",
"click_to_confirm_account": "Click on the link below to confirm your account",
"email_confirmation_notice": "This is an automated e-mail sent as a result of a newsletter subscription request. If you received this e-mail by error just ignore it."
"forgot_password_success": "An e-mail with a temporary password has been sent to your e-mail account.",
"forgot_password_error": "We're sorry. Your contact request could not be sent. Please try again or find another way to contact us."
*/
if (!empty($website->theme) && method_exists($theme, 't')) {
foreach ($webgets[$webget]['translations'] as $code => $text) {
$theme_translation = $theme->t($code);
if (!empty($theme_translation) && $code != $theme_translation) {
$webgets[$webget]['translations'][$code] = $theme_translation;
}
}
}
}
$out = '';
switch ($vars['mode']) {
case 'id':
if (!empty($webuser->id)) {
$out = $webuser->id;
}
break;
case 'username':
if (!empty($webuser->username)) {
$out = $webuser->username;
}
break;
case 'fullname':
if (!empty($webuser->fullname)) {
$out = $webuser->fullname;
}
break;
case 'gender':
if (!empty($webuser->gender)) {
$out = $webuser->gender;
}
break;
case 'newsletter':
$out = $webuser->newsletter;
break;
case 'email':
if (!empty($webuser->email)) {
$out = $webuser->email;
}
break;
case 'authenticate':
$webuser_website = $vars['website'];
if (empty($webuser_website)) {
$webuser_website = $website->id;
}
$signin_username = $_REQUEST[empty($vars['username_field']) ? 'signin_username' : $vars['username_field']];
$signin_password = $_REQUEST[empty($vars['password_field']) ? 'signin_password' : $vars['password_field']];
// a page may have several forms, which one do we have to check?
if (!empty($vars['form'])) {
list($field_name, $field_value) = explode('=', $vars['form']);
if ($_POST[$field_name] != $field_value) {
return;
}
}
// ignore empty (or partial empty) forms
if (!empty($signin_username) && !empty($signin_password)) {
$signed_in = $webuser->authenticate($webuser_website, $signin_username, $signin_password);
if (!$signed_in) {
$message = $webgets[$webget]['translations']['login_incorrect'];
if (empty($vars['notify'])) {
$vars['notify'] = 'inline';
}
switch ($vars['notify']) {
case 'alert':
nvweb_after_body('js', 'alert("' . $message . '");');
break;
case 'inline':
$out = '<div class="nvweb-signin-form-error">' . $message . '</div>';
break;
// javascript callback
// javascript callback
default:
nvweb_after_body('js', $vars['error_callback'] . '("' . $message . '");');
break;
}
} else {
$webuser->set_cookie();
if (!empty($vars['notify'])) {
if ($vars['notify'] == 'callback') {
nvweb_after_body('js', $vars['callback'] . '(true);');
}
}
}
}
break;
case 'signout_link':
$out = NVWEB_ABSOLUTE . $website->homepage() . '?webuser_signout';
break;
case 'forgot_password':
// pre checks: correct form, not spambot, email not empty and valid
// load the associated user account
// create temporary password and send email
// TODO: don't change the password, just generate a link and let the user enter their preferred new password
// a page may have several forms, which one do we have to check?
if (!empty($vars['form'])) {
list($field_name, $field_value) = explode('=', $vars['form']);
if ($_POST[$field_name] != $field_value) {
return;
}
}
// check if this send request really comes from the website and not from a spambot
if (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $website->subdomain . '.' . $website->domain && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $website->domain) {
return;
}
if (empty($vars['email_field'])) {
$vars['email_field'] = 'newsletter_email';
}
$email = $_REQUEST[$vars['email_field']];
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
if (!empty($vars['email_field']) && !empty($email)) {
$ok = false;
if (filter_var($email, FILTER_VALIDATE_EMAIL) !== FALSE) {
$wu_id = $DB->query_single('id', 'nv_webusers', ' email = ' . protect($email) . '
AND website = ' . $website->id);
$wu = new webuser();
if (!empty($wu_id)) {
$wu->load($wu_id);
if ($wu->access == 0 || $wu->access == 2 && ($wu->access_begin == 0 || time() > $wu->access_begin) && ($wu->access_end == 0 || time() < $wu->access_end)) {
// generate new password
$password = generate_password(8, false, 'luds');
$wu->set_password($password);
$ok = $wu->save();
// send a message to communicate the new webuser's email
$message = navigate_compose_email(array(array('title' => $website->name, 'content' => t(451, "This is an automated e-mail sent as a result of a password request process. If you received this e-mail by error just ignore it.")), array('title' => t(1, "User"), 'content' => $wu->username), array('title' => t(2, "Password"), 'content' => $password), array('footer' => '<a href="' . $website->absolute_path() . $website->homepage() . '">' . $website->name . '</a>')));
@nvweb_send_email($website->name, $message, $wu->email);
}
}
}
if ($ok) {
$message = $webgets[$webget]['translations']['forgot_password_success'];
} else {
$message = $webgets[$webget]['translations']['forgot_password_error'];
}
if (empty($vars['notify'])) {
$vars['notify'] = 'inline';
}
switch ($vars['notify']) {
case 'alert':
nvweb_after_body('js', 'alert("' . $message . '");');
break;
case 'inline':
if ($ok) {
$out = '<div class="nvweb-forgot-password-form-success">' . $message . '</div>';
} else {
$out = '<div class="nvweb-forgot-password-form-error">' . $message . '</div>';
}
break;
case 'boolean':
$out = $ok;
break;
case 'false':
break;
// javascript callback
// javascript callback
case 'callback':
default:
if ($ok) {
nvweb_after_body('js', $vars['callback'] . '("' . $message . '");');
} else {
if (!empty($vars['error_callback'])) {
nvweb_after_body('js', $vars['error_callback'] . '("' . $message . '");');
} else {
nvweb_after_body('js', $vars['callback'] . '("' . $message . '");');
}
}
break;
}
}
break;
case 'signup':
// TODO
// pre checks: correct form, not spambot, email not empty and valid
// get the profile data from the form
// more checks: password strength & confirmation, etc.
// save the new webuser account
// prepare account confirmation (unless not required by webget attributes)
// leave the account blocked
// generate an activation key
// send confirmation email
// if no account confirmation is required, auto login
break;
case 'avatar':
$size = '48';
$extra = '';
if (!empty($vars['size'])) {
$size = intval($vars['size']);
}
if (!empty($vars['border'])) {
$extra .= '&border=' . $vars['border'];
}
if (!empty($webuser->avatar)) {
$out = '<img class="' . $vars['class'] . '" src="' . NVWEB_OBJECT . '?type=image' . $extra . '&id=' . $webuser->avatar . '" width="' . $size . 'px" height="' . $size . 'px"/>';
} else {
if (!empty($vars['default'])) {
// the comment creator has not an avatar, but the template wants to show a default one
// 3 cases:
// numerical -> ID of the avatar image file in Navigate CMS
// absolute path (http://www...)
// relative path (/img/avatar.png) -> path to the avatar file included in the THEME used
if (is_numeric($vars['default'])) {
$out = '<img class="' . $vars['class'] . '" src="' . NVWEB_OBJECT . '?type=image' . $extra . '&id=' . $vars['default'] . '" width="' . $size . 'px" height="' . $size . 'px"/>';
} else {
if (strpos($vars['default'], 'http://') === 0) {
$out = '<img class="' . $vars['class'] . '" src="' . $vars['default'] . '" width="' . $size . 'px" height="' . $size . 'px"/>';
} else {
if ($vars['default'] == 'none') {
$out = '';
} else {
$out = '<img class="' . $vars['class'] . '"src="' . NAVIGATE_URL . '/themes/' . $website->theme . '/' . $vars['default'] . '" width="' . $size . 'px" height="' . $size . 'px"/>';
}
}
}
} else {
$gravatar_hash = "";
$gravatar_default = 'blank';
if (!empty($vars['gravatar_default'])) {
$gravatar_default = $vars['gravatar_default'];
}
if (!empty($webuser->email)) {
$gravatar_hash = md5(strtolower(trim($webuser->email)));
}
if (!empty($gravatar_hash) && $gravatar_default != 'none') {
// gravatar real url: https://www.gravatar.com/avatar/
// we use libravatar to get more userbase
$gravatar_url = 'https://seccdn.libravatar.org/avatar/' . $gravatar_hash . '?s=' . $size . '&d=' . $gravatar_default;
$out = '<img class="' . $vars['class'] . '" src="' . $gravatar_url . '" width="' . $size . 'px" height="' . $size . 'px"/>';
} else {
$out = '<img class="' . $vars['class'] . '" src="data:image/gif;base64,R0lGODlhAQABAPAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==" width="' . $size . 'px" height="' . $size . 'px"/>';
}
}
}
break;
case 'newsletter_subscribe':
// a page may have several forms, which one do we have to check?
if (!empty($vars['form'])) {
list($field_name, $field_value) = explode('=', $vars['form']);
if ($_POST[$field_name] != $field_value) {
return;
}
}
// check if this send request really comes from the website and not from a spambot
if (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $website->subdomain . '.' . $website->domain && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $website->domain) {
return;
}
if (empty($vars['email_field'])) {
$vars['email_field'] = 'newsletter_email';
}
$email = $_REQUEST[$vars['email_field']];
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
if (!empty($vars['email_field']) && !empty($email)) {
$ok = false;
if (filter_var($email, FILTER_VALIDATE_EMAIL) !== FALSE) {
$wu_id = $DB->query_single('id', 'nv_webusers', ' email = ' . protect($email) . '
AND website = ' . $website->id);
$wu = new webuser();
if (!empty($wu_id)) {
$wu->load($wu_id);
if ($wu->access == 0 || $wu->access == 2 && ($wu->access_begin == 0 || time() > $wu->access_begin) && ($wu->access_end == 0 || time() < $wu->access_end)) {
$wu->newsletter = 1;
$ok = $wu->save();
}
}
if (empty($wu_id) || $wu->access == 1 && !empty($wu->activation_key)) {
// create a new webuser account with that email
$username = strtolower(substr($email, 0, strpos($email, '@')));
// left part of the email
if (!empty($username) && !in_array($username, array('info', 'admin', 'contact', 'demo', 'test'))) {
// check if the proposed username already exists,
// in that case use the full email as username
// ** if the email already exists, the subscribe process only updates the newsletter setting!
$wu_id = $DB->query_single('id', 'nv_webusers', ' username = '******'
AND website = ' . $website->id);
}
if (!empty($wu_id)) {
// oops, user already exists... try another username -- the full email address
$wu_id = $DB->query_single('id', 'nv_webusers', ' username = '******'
AND website = ' . $website->id);
if (empty($wu_id)) {
// ok, email is a new username
$username = $email;
} else {
// nope, email is already used (this code should never execute **)
$username = uniqid($username . '-');
}
} else {
// new sign up
$wu->id = 0;
$wu->website = $website->id;
$wu->email = $email;
$wu->newsletter = 1;
$wu->language = $current['lang'];
// infer the webuser language by the active website language
$wu->username = $username;
$wu->access = 1;
// user is blocked until the server recieves an email confirmation
}
$wu->activation_key = md5($wu->email . rand(1, 9999999));
$ok = $wu->save();
// send a message to verify the new user's email
$email_confirmation_link = $website->absolute_path() . '/nv.webuser/verify?email=' . $wu->email . '&hash=' . $wu->activation_key;
$message = navigate_compose_email(array(array('title' => $website->name, 'content' => $webgets[$webget]['translations']['click_to_confirm_account'] . '<br />' . '<a href="' . $email_confirmation_link . '">' . $email_confirmation_link . '</a>'), array('footer' => $webgets[$webget]['translations']['email_confirmation_notice'] . '<br />' . '<a href="' . $website->absolute_path() . $website->homepage() . '">' . $website->name . '</a>')));
@nvweb_send_email($website->name, $message, $wu->email);
$pending_confirmation = true;
}
}
$message = $webgets[$webget]['translations']['subscribe_error'];
if ($pending_confirmation) {
$message = $webgets[$webget]['translations']['email_confirmation'];
} else {
if ($ok) {
$message = $webgets[$webget]['translations']['subscribed_ok'];
}
}
if (empty($vars['notify'])) {
$vars['notify'] = 'inline';
}
switch ($vars['notify']) {
case 'alert':
nvweb_after_body('js', 'alert("' . $message . '");');
break;
case 'inline':
if ($ok) {
$out = '<div class="nvweb-newsletter-form-success">' . $message . '</div>';
} else {
$out = '<div class="nvweb-newsletter-form-error">' . $message . '</div>';
}
break;
case 'boolean':
$out = $ok;
break;
case 'false':
break;
// javascript callback
// javascript callback
case 'callback':
default:
if ($ok) {
nvweb_after_body('js', $vars['callback'] . '("' . $message . '");');
} else {
if (!empty($vars['error_callback'])) {
nvweb_after_body('js', $vars['error_callback'] . '("' . $message . '");');
} else {
nvweb_after_body('js', $vars['callback'] . '("' . $message . '");');
}
}
break;
}
}
break;
}
return $out;
}
function nvweb_contact($vars = array())
{
global $website;
global $DB;
global $current;
global $webgets;
global $dictionary;
global $webuser;
global $theme;
global $events;
$webget = 'contact';
if (!isset($webgets[$webget])) {
$webgets[$webget] = array();
global $lang;
if (empty($lang)) {
$lang = new language();
$lang->load($current['lang']);
}
// default translations
$webgets[$webget]['translations'] = array('name' => t(159, 'Name'), 'email' => t(44, 'E-Mail'), 'message' => t(380, 'Message'), 'fields_blank' => t(444, 'You left some required fields blank.'), 'contact_request_sent' => t(445, 'Your contact request has been sent. We will contact you shortly.'), 'contact_request_failed' => t(446, 'We\'re sorry. Your contact request could not be sent. Please try again or find another way to contact us.'), 'receipt_confirmation' => t(650, 'Receipt confirmation'));
// theme translations
// if the web theme has custom translations for this string subtypes, use it (for the user selected language)
/* just add the following translations to your json theme dictionary:
"name": "Name",
"email": "E-Mail",
"message": "Message",
"fields_blank": "You left some required fields blank.",
"contact_request_sent": "Your contact request has been sent. We will contact you shortly.",
"contact_request_failed": "We're sorry. Your contact request could not be sent. Please try again or find another way to contact us.",
"receipt_confirmation": "Receipt confirmation"
*/
if (!empty($website->theme) && method_exists($theme, 't')) {
foreach ($webgets[$webget]['translations'] as $code => $text) {
$theme_translation = $theme->t($code);
if (!empty($theme_translation) && $code != $theme_translation) {
$webgets[$webget]['translations'][$code] = $theme_translation;
}
}
}
}
if (empty($vars['notify'])) {
$vars['notify'] = 'alert';
}
$out = '';
switch (@$vars['mode']) {
case 'send':
if (!empty($_POST)) {
// a page may have several forms, which one do we have to check?
if (!empty($vars['form'])) {
list($field_name, $field_value) = explode('=', $vars['form']);
$field_name = trim($field_name);
$field_value = trim($field_value);
if ($_POST[$field_name] != $field_value) {
return;
}
}
// try to check if this send request really comes from the website and not from a spambot
if (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $website->subdomain . '.' . $website->domain && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != $website->domain) {
return;
}
// prepare fields and labels
$fields = explode(',', @$vars['fields']);
$labels = explode(',', @$vars['labels']);
if (empty($labels)) {
$labels = $fields;
}
$labels = array_map(function ($key) {
global $webgets;
global $theme;
$key = trim($key);
$tmp = $theme->t($key);
if (!empty($tmp)) {
return $tmp;
} else {
return $webgets['contact']['translations'][$key];
}
}, $labels);
$fields = array_combine($fields, $labels);
// $fields = array( 'field_name' => 'field_label', ... )
// check required fields
$errors = array();
$required = array();
if (!empty($vars['required'])) {
$required = explode(',', $vars['required']);
}
if (!empty($required)) {
foreach ($required as $field) {
$field = trim($field);
$value = trim($_POST[$field]);
if (empty($value)) {
$errors[] = $fields[$field];
}
}
if (!empty($errors)) {
return nvweb_contact_notify($vars, true, $webgets[$webget]['translations']['fields_blank'] . ' (' . implode(", ", $errors) . ')');
}
}
// create e-mail message and send it
$message = nvweb_contact_generate($fields);
// prepare any attachment to be sent
$attachments = array();
foreach ($fields as $field => $label) {
if (isset($_FILES[$field]) && $_FILES[$field]['error'] == 0) {
$attachments[] = array('file' => $_FILES[$field]['tmp_name'], 'name' => $_FILES[$field]['name']);
}
}
$subject = $vars['subject'];
if (!empty($subject)) {
$subject = ' | ' . $theme->t($subject);
}
$subject = $website->name . $subject;
$sent = nvweb_send_email($subject, $message, $website->contact_emails, $attachments);
if ($sent) {
if (!empty($vars['receipt_confirmation_email'])) {
$confirmation_email = '';
if ($vars['receipt_confirmation_email'] == 'webuser') {
$confirmation_email = $webuser->email;
} else {
$confirmation_email = $_POST[$vars['receipt_confirmation_email']];
}
if (!empty($confirmation_email)) {
nvweb_send_email($subject . ' (' . $webgets[$webget]['translations']['receipt_confirmation'] . ')', $message, $confirmation_email, $attachments);
}
}
$events->trigger('contact', 'sent', array('subject' => $subject, 'message' => $message, 'form' => @$vars['form'], 'emails' => $website->contact_emails));
$out = nvweb_contact_notify($vars, false, $webgets[$webget]['translations']['contact_request_sent']);
} else {
$out = nvweb_contact_notify($vars, true, $webgets[$webget]['translations']['contact_request_failed']);
}
}
}
return $out;
}
function nvweb_comments($vars = array())
{
global $website;
global $DB;
global $current;
global $webgets;
global $dictionary;
global $webuser;
global $theme;
global $events;
global $session;
$webget = 'comments';
if (!isset($webgets[$webget])) {
$webgets[$webget] = array();
global $lang;
if (empty($lang)) {
$lang = new language();
$lang->load($current['lang']);
}
// default translations
$webgets[$webget]['translations'] = array('post_a_comment' => t(379, 'Post a comment'), 'name' => t(159, 'Name'), 'email' => t(44, 'E-Mail'), 'website' => t(177, 'Website'), 'message' => t(380, 'Message'), 'email_will_not_be_published' => t(381, 'E-Mail will not be published'), 'submit' => t(382, 'Submit'), 'sign_in_or_sign_up_to_post_a_comment' => t(383, 'Sign in or Sign up to post a comment'), 'comments_on_this_entry_are_closed' => t(384, 'Comments on this entry are closed'), 'please_dont_leave_any_field_blank' => t(385, 'Please don\'t leave any field blank'), 'your_comment_has_been_received_and_will_be_published_shortly' => t(386, 'Your comment has been received and will be published shortly'), 'new_comment' => t(387, 'New comment'), 'review_comments' => t(388, 'Review comments'));
// theme translations
// if the web theme has custom translations for this string subtypes, use it (for the user selected language)
/* just add the following translations to your json theme dictionary:
"post_a_comment": "Post a comment",
"name": "Name",
"email": "E-Mail",
"website": "Website",
"message": "Message",
"email_will_not_be_published": "E-Mail will not be published",
"submit": "Submit",
"sign_in_or_sign_up_to_post_a_comment": "Sign in or Sign up to post a comment",
"comments_on_this_entry_are_closed": "Comments on this entry are closed",
"please_dont_leave_any_field_blank": "Please don't leave any field blank",
"your_comment_has_been_received_and_will_be_published_shortly": "Your comment has been received and will be published shortly",
"new_comment": "New comment",
"review_comments": "Review comments"
*/
if (!empty($website->theme) && method_exists($theme, 't')) {
foreach ($webgets[$webget]['translations'] as $code => $text) {
$theme_translation = $theme->t($code);
if (!empty($theme_translation) && $theme_translation != $code) {
$webgets[$webget]['translations'][$code] = $theme_translation;
}
}
}
}
// set default callback
if (empty($vars['callback'])) {
$vars['callback'] = 'alert';
}
// check callback attributes
$callback = $vars['callback'];
if (!empty($vars['alert_callback'])) {
$callback = $vars['alert_callback'];
} else {
if (!empty($vars['callback_alert'])) {
$callback = $vars['callback_alert'];
}
}
$callback_error = $callback;
if (!empty($vars['error_callback'])) {
$callback_error = $vars['error_callback'];
} else {
if (!empty($vars['callback_error'])) {
$callback_error = $vars['callback_error'];
}
}
$out = '';
// if the current page belongs to a structure entry
// we need to get the associated elements to retrieve and post its comments
// (because structure entry pages can't have associated comments)
// so, ONLY the FIRST element associated to a category can have comments in a structure entry page
// (of course if the element has its own page, it can have its own comments)
$element = $current['object'];
if ($current['type'] == 'structure') {
if (empty($current['structure_elements'])) {
$current['structure_elements'] = $element->elements();
}
$element = $current['structure_elements'][0];
}
switch (@$vars['mode']) {
case 'process':
if (isset($_GET['nv_approve_comment'])) {
// process 1-click comment approval
$comment = new comment();
$comment->load($_GET['id']);
if (!empty($comment->id) && $comment->status == -1) {
$hash = $_GET['hash'];
if ($hash == sha1($comment->id . $comment->email . APP_UNIQUE . serialize($website->contact_emails))) {
// hash check passed
$comment->status = 0;
$comment->save();
$response = t(555, "Item has been successfully published.");
if ($vars['notify'] == 'inline' || $callback == 'inline') {
$out = '<div class="comment-success">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback . '("' . $response . '");');
}
}
} else {
$response = t(344, "Security error");
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-error">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback_error . '("' . $response . '");');
}
}
}
} else {
$response = t(56, "Unexpected error");
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-error">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback_error . '("' . $response . '");');
}
}
}
}
if (isset($_GET['nv_remove_comment'])) {
// process 1-click comment removal
$comment = new comment();
$comment->load($_GET['id']);
if (!empty($comment->id) && $comment->status == -1) {
$hash = $_GET['hash'];
if ($hash == sha1($comment->id . $comment->email . APP_UNIQUE . serialize($website->contact_emails))) {
// hash check passed
$comment->delete();
$response = t(55, "Item successfully deleted");
if ($vars['notify'] == 'inline' || $callback == 'inline') {
$out = '<div class="comment-success">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback . '("' . $response . '");');
}
}
} else {
$response = t(344, "Security error");
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-error">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback_error . '("' . $response . '");');
}
}
}
} else {
$response = t(56, "Unexpected error");
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-error">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback_error . '("' . $response . '");');
}
}
}
}
if ($_REQUEST['form-type'] == 'comment-reply' || isset($_POST[$vars['field-message']])) {
// add comment
if (empty($vars['field-name'])) {
$vars['field-name'] = 'reply-name';
}
if (empty($vars['field-email'])) {
$vars['field-email'] = 'reply-email';
}
if (empty($vars['field-url'])) {
$vars['field-url'] = 'reply-url';
}
if (empty($vars['field-message'])) {
$vars['field-message'] = 'reply-message';
}
if (!empty($vars['element'])) {
$element = $vars['element'];
}
$comment_name = @$_REQUEST[$vars['field-name']];
$comment_email = @$_REQUEST[$vars['field-email']];
$comment_url = @$_REQUEST[$vars['field-url']];
$comment_message = @$_REQUEST[$vars['field-message']];
if ((empty($comment_name) || empty($comment_email)) && empty($webuser->id) || empty($comment_message)) {
$response = $webgets[$webget]['translations']['please_dont_leave_any_field_blank'];
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-error">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback_error . '("' . $response . '");');
}
}
return $out;
}
$status = -1;
// new comment, not approved
if (empty($element->comments_moderator)) {
$status = 0;
}
// all comments auto-approved
// remove any <nv /> or {{nv}} tag
$comment_name = core_remove_nvtags($comment_name);
$comment_name = strip_tags($comment_name);
$comment_message = core_remove_nvtags($comment_message);
$comment = new comment();
$comment->id = 0;
$comment->website = $website->id;
$comment->item = $element->id;
$comment->user = empty($webuser->id) ? 0 : $webuser->id;
$comment->name = $comment_name;
$comment->email = filter_var($comment_email, FILTER_SANITIZE_EMAIL);
$comment->url = filter_var($comment_url, FILTER_SANITIZE_URL);
$comment->ip = core_ip();
$comment->date_created = core_time();
$comment->date_modified = 0;
$comment->status = $status;
$comment->message = $comment_message;
$properties = array();
// check if there are comment properties values
if (isset($vars['field-properties-prefix'])) {
// check every possible property
$e_properties = property::elements($element->template, 'comment');
for ($ep = 0; $ep < count($e_properties); $ep++) {
if (isset($_POST[$vars['field-properties-prefix'] . $e_properties[$ep]->id])) {
$properties[$e_properties[$ep]->id] = $_POST[$vars['field-properties-prefix'] . $e_properties[$ep]->id];
}
}
}
// trigger the "new_comment" event through the extensions system before inserting it!
$extensions_messages = $events->trigger('comment', 'before_insert', array('comment' => $comment, 'properties' => $properties));
foreach ($extensions_messages as $ext_name => $ext_result) {
if (isset($ext_result['error'])) {
$response = $ext_result['error'];
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-error">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback_error . '("' . $response . '");');
}
}
return $out;
}
}
$comment->insert();
if (!empty($properties)) {
property::save_properties_from_array('comment', $comment->id, $element->template, $properties);
}
// reload the element to retrieve the new comments
$element = new item();
$element->load($comment->item);
if ($current['type'] == 'item' && !isset($vars['element'])) {
$current['object'] = $element;
}
// trigger the "new_comment" event through the extensions system
$events->trigger('comment', 'after_insert', array('comment' => &$comment, 'properties' => $properties));
if (!empty($comment->id)) {
if ($status == -1) {
$response = $webgets[$webget]['translations']['your_comment_has_been_received_and_will_be_published_shortly'];
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-success">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback . '("' . $response . '");');
}
}
} else {
$response = $webgets[$webget]['translations']['your_comment_has_been_received_and_will_be_published_shortly'];
if ($vars['notify'] == 'inline' || $callback_error == 'inline') {
$out = '<div class="comment-success">' . $response . '</div>';
} else {
if (!isset($vars['notify']) || $vars['notify'] == 'callback') {
nvweb_after_body("js", $callback . '("' . $response . '");');
}
}
}
}
$notify_addresses = $website->contact_emails;
if (!empty($element->comments_moderator)) {
$notify_addresses[] = user::email_of($element->comments_moderator);
}
$hash = sha1($comment->id . $comment->email . APP_UNIQUE . serialize($website->contact_emails));
$base_url = nvweb_source_url('element', $element->id);
// default colors
$background_color = '#E5F1FF';
$text_color = '#595959';
$title_color = '#595959';
$background_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.comments.background_color") . ' AND website = ' . protect($website->id), 'id DESC');
$text_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.comments.text_color") . ' AND website = ' . protect($website->id), 'id DESC');
$title_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.comments.titles_color") . ' AND website = ' . protect($website->id), 'id DESC');
if (!empty($background_color_db)) {
$background_color = str_replace('"', '', $background_color_db);
}
if (!empty($text_color_db)) {
$text_color = str_replace('"', '', $text_color_db);
}
if (!empty($title_color_db)) {
$title_color = str_replace('"', '', $title_color_db);
}
$message = navigate_compose_email(array(array('title' => t(9, 'Content'), 'content' => $element->dictionary[$current['lang']]['title']), array('title' => $webgets[$webget]['translations']['name'], 'content' => $comment_name . @$webuser->username), array('title' => $webgets[$webget]['translations']['email'], 'content' => $comment_email . @$webuser->email), array('title' => $webgets[$webget]['translations']['website'], 'content' => $comment_url . @$webuser->social_website), array('title' => $webgets[$webget]['translations']['message'], 'content' => nl2br($comment_message)), array('footer' => '<a href="' . NAVIGATE_URL . '/' . NAVIGATE_MAIN . '?wid=' . $website->id . '&fid=10&act=2&tab=5&id=' . $element->id . '"><strong>' . $webgets[$webget]['translations']['review_comments'] . '</strong></a>' . ' | ' . '<a style=" color: #008830" href="' . $base_url . '?nv_approve_comment&id=' . $comment->id . '&hash=' . $hash . '">' . t(258, "Publish") . '</a>' . ' | ' . '<a style=" color: #FF0090" href="' . $base_url . '?nv_remove_comment&id=' . $comment->id . '&hash=' . $hash . '">' . t(525, "Remove comment (without confirmation)") . '</a>')), array('background' => $background_color, 'title-color' => $title_color, 'content-color' => $text_color));
// trying to implement One-Click actions (used in Google GMail)
// You need to be registered with Google first: https://developers.google.com/gmail/markup/registering-with-google
$one_click_actions = '
<script type="application/ld+json">
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction":
{
"@type": "ViewAction",
"name": "' . $webgets[$webget]['translations']['review_comments'] . '",
"url": "' . NAVIGATE_URL . '/' . NAVIGATE_MAIN . '?wid=' . $website->id . '&fid=10&act=2&tab=5&id=' . $element->id . '"
}
}
</script>
';
$message = '<html><head>' . $one_click_actions . '</head><body>' . $message . '</body></html>';
foreach ($website->contact_emails as $contact_address) {
@nvweb_send_email($website->name . ' | ' . $webgets[$webget]['translations']['new_comment'], $message, $contact_address, null, true);
}
}
break;
case 'reply':
if ($element->comments_enabled_to == 2 && empty($webuser->id)) {
// Post a comment form (unsigned users)
$out = '
<div class="comments-reply">
<div><div class="comments-reply-info">' . $webgets[$webget]['translations']['post_a_comment'] . '</div></div>
<br />
<form action="' . NVWEB_ABSOLUTE . '/' . $current['route'] . '" method="post">
<input type="hidden" name="form-type" value="comment-reply" />
<div class="comments-reply-field"><label>' . $webgets[$webget]['translations']['name'] . '</label> <input type="text" name="reply-name" value="" /></div>
<div class="comments-reply-field"><label>' . $webgets[$webget]['translations']['email'] . ' *</label> <input type="text" name="reply-email" value="" /></div>
<div class="comments-reply-field"><label>' . $webgets[$webget]['translations']['message'] . '</label> <textarea name="reply-message"></textarea></div>
<!-- {{navigate-comments-reply-extra-fields-placeholder}} -->
<div class="comments-reply-field comments-reply-field-info-email"><label> </label> * ' . $webgets[$webget]['translations']['email_will_not_be_published'] . '</div>
<div class="comments-reply-field comments-reply-field-submit"><input class="comments-reply-submit" type="submit" value="' . $webgets[$webget]['translations']['submit'] . '" /></div>
</form>
</div>
';
$extensions_messages = $events->trigger('comment', 'reply_extra_fields', array('html' => &$out));
// add any extra field generated
if (!empty($extensions_messages)) {
$extra_fields = array_map(function ($v) {
return $v;
}, array_values($extensions_messages));
$out = str_replace('<!-- {{navigate-comments-reply-extra-fields-placeholder}} -->', implode("\n", $extra_fields), $out);
}
} else {
if ($element->comments_enabled_to > 0 && !empty($webuser->id)) {
// Post a comment form (signed in users)
if (empty($vars['avatar_size'])) {
$vars['avatar_size'] = 32;
}
$avatar_url = NVWEB_OBJECT . '?type=blank';
if (!empty($webuser->avatar)) {
$avatar_url = NVWEB_OBJECT . '?wid=' . $website->id . '&id=' . $webuser->avatar . '&disposition=inline&width=' . $vars['avatar_size'] . '&height=' . $vars['avatar_size'];
}
$out = '
<div class="comments-reply">
<div><div class="comments-reply-info">' . $webgets[$webget]['translations']['post_a_comment'] . '</div></div>
<br />
<form action="' . NVWEB_ABSOLUTE . '/' . $current['route'] . '" method="post">
<input type="hidden" name="form-type" value="comment-reply" />
<div class="comments-reply-field"><label style="display: none;"> </label> <img src="' . $avatar_url . '" width="' . $vars['avatar_size'] . '" height="' . $vars['avatar_size'] . '" align="absmiddle" /> <span class="comments-reply-username">' . $webuser->username . '</span><a class="comments-reply-signout" href="?webuser_signout">(x)</a></div>
<br />
<div class="comments-reply-field"><label>' . $webgets[$webget]['translations']['message'] . '</label> <textarea name="reply-message"></textarea></div>
<!-- {{navigate-comments-reply-extra-fields-placeholder}} -->
<div class="comments-reply-field-submit"><input class="comments-reply-submit" type="submit" value="' . $webgets[$webget]['translations']['submit'] . '" /></div>
</form>
</div>
';
$extensions_messages = $events->trigger('comment', 'reply_extra_fields', array('html' => $out));
// add any extra field generated
if (!empty($extensions_messages)) {
$extra_fields = array_map(function ($v) {
return $v;
}, array_values($extensions_messages));
$out = str_replace('<!-- {{navigate-comments-reply-extra-fields-placeholder}} -->', implode("\n", $extra_fields), $out);
}
} else {
if ($element->comments_enabled_to == 1) {
$out = '<div class="comments-reply">
<div class="comments-reply-info">' . $webgets[$webget]['translations']['sign_in_or_sign_up_to_post_a_comment'] . '</div>
</div>';
} else {
$out = '<div class="comments-reply">
<div class="comments-reply-info">' . $webgets[$webget]['translations']['comments_on_this_entry_are_closed'] . '</div>
</div>';
}
}
}
break;
case 'comments':
setlocale(LC_ALL, $website->languages[$session['lang']]['system_locale']);
list($comments, $comments_total) = nvweb_comments_list(0, NULL, NULL, $vars['order']);
// get all comments of the current entry
if (empty($vars['avatar_size'])) {
$vars['avatar_size'] = '48';
}
if (empty($vars['date_format'])) {
$vars['date_format'] = '%d %B %Y %H:%M';
}
for ($c = 0; $c < $comments_total; $c++) {
$avatar = $comments[$c]->avatar;
if (!empty($avatar)) {
$avatar = '<img src="' . NVWEB_OBJECT . '?type=image&id=' . $avatar . '" width="' . $vars['avatar_size'] . 'px" height="' . $vars['avatar_size'] . 'px"/>';
} else {
$avatar = '<img src="data:image/gif;base64,R0lGODlhAQABAPAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==" width="' . $vars['avatar_size'] . 'px" height="' . $vars['avatar_size'] . 'px"/>';
}
$comment = new comment();
$comment->load_from_resultset(array($comments[$c]));
$depth = 'data-depth="' . $comment->depth() . '"';
$out .= '
<div class="comment"' . $depth . '>
<div class="comment-avatar">' . $avatar . '</div>
<div class="comment-username">' . (!empty($comments[$c]->username) ? $comments[$c]->username : $comments[$c]->name) . '</div>
<div class="comment-date">' . Encoding::toUTF8(strftime($vars['date_format'], $comments[$c]->date_created)) . '</div>
<div class="comment-message">' . nl2br($comments[$c]->message) . '</div>
<div style="clear:both"></div>
</div>
';
}
break;
}
return $out;
}