Ejemplo n.º 1
0
 /**
  * onBeforeSave method. Hook for chidlren model to prepare the data.
  *
  * @param   array  $data     The data to be saved.
  * @param   JTable  $table   The table object.
  *
  * @return boolean
  */
 protected function onBeforeSave(&$data, $table)
 {
     // Get application
     $application = JFactory::getApplication();
     // Params
     $params = JComponentHelper::getParams('com_k2');
     // Get user
     $user = JFactory::getUser();
     // New comments
     if (!$table->id) {
         // New comments only allowed in frontend
         if ($application->isAdmin()) {
             $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'));
             return false;
         }
         // Don't allow new comments if comments are disabled
         if (!$params->get('comments')) {
             $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'));
             return false;
         }
         // Get the item to check permissions
         $model = K2Model::getInstance('Items');
         $model->setState('id', $data['itemId']);
         $item = $model->getRow();
         // First check that user can actualy view the specific item
         if (!$item->checkSiteAccess()) {
             $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'));
             return false;
         }
         // Check that the current user can comment on this category
         if (!$user->authorise('k2.comment.create', 'com_k2.category.' . $item->catid)) {
             $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'));
             return false;
         }
         // Text is required for both guests and authenticated users
         if (trim($data['text']) == '') {
             $this->setError(JText::_('K2_YOU_NEED_TO_FILL_IN_ALL_REQUIRED_FIELDS'));
             return false;
         }
         // Validate user data for guests
         if ($user->guest) {
             // Check that the required fields have been set
             if (trim($data['name']) == '' || trim($data['email']) == '') {
                 $this->setError(JText::_('K2_YOU_NEED_TO_FILL_IN_ALL_REQUIRED_FIELDS'));
                 return false;
             }
             // Check that the email is valid
             if (!JMailHelper::isEmailAddress($data['email'])) {
                 $this->setError(JText::_('K2_INVALID_EMAIL_ADDRESS'));
                 return false;
             }
             // Check for spoofing
             $model = K2Model::getInstance('Users');
             $spoofing = $model->checkSpoofing(trim($data['name']), $data['email']);
             if ($spoofing > 0) {
                 $this->setError(JText::_('K2_THE_NAME_OR_EMAIL_ADDRESS_YOU_TYPED_IS_ALREADY_IN_USE'));
                 return false;
             }
             // Enforce some data for guests
             $data['userId'] = 0;
         } else {
             // Enforce some data for authenticated users
             $data['userId'] = $user->id;
             $data['name'] = $user->name;
             $data['email'] = $user->email;
         }
         // Check captcha depending on settings
         require_once JPATH_SITE . '/components/com_k2/helpers/captcha.php';
         if (!($result = K2HelperCaptcha::check($data, $this))) {
             return false;
         }
         // Everything seems fine, lets enforce the common variables
         $data['ip'] = $_SERVER['REMOTE_ADDR'];
         $data['hostname'] = gethostbyaddr($_SERVER['REMOTE_ADDR']);
         $data['date'] = JFactory::getDate()->toSql();
         $data['state'] = $params->get('commentsPublishing') ? 1 : 0;
         // Set a variable to indicate that this was a new comment
         $this->setState('isNew', true);
     } else {
         // Check permissions
         $canEditAnyComment = $user->authorise('k2.comment.edit', 'com_k2');
         if (!$canEditAnyComment) {
             $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'));
             return false;
         }
         // Edit is only allowed for comment text and state. The rest fields should not be edited.
         $data['id'] = $table->id;
         $data['itemId'] = $table->itemId;
         $data['userId'] = $table->userId;
         $data['name'] = $table->name;
         $data['date'] = $table->date;
         $data['email'] = $table->email;
         $data['url'] = $table->url;
         $data['ip'] = $table->ip;
         $data['hostname'] = $table->hostname;
     }
     return true;
 }
Ejemplo n.º 2
0
 public function report()
 {
     // Check for token
     JSession::checkToken() or K2Response::throwError(JText::_('JINVALID_TOKEN'));
     // Get application
     $application = JFactory::getApplication();
     // Get configuration
     $configuration = JFactory::getConfig();
     // Get input
     $id = $application->input->get('id', 0, 'int');
     $reportName = $application->input->get('reportName', '', 'string');
     $reportReason = $application->input->get('reportReason', '', 'string');
     // Get params
     $params = JComponentHelper::getParams('com_k2');
     // Get user
     $user = JFactory::getUser();
     // Check if user can report
     if (!$params->get('comments') || !$params->get('commentsReporting') || $params->get('commentsReporting') == '2' && $user->guest) {
         K2Response::throwError(JText::_('K2_ALERTNOTAUTH'), 403);
     }
     // Get comment
     $comment = K2Comments::getInstance($id);
     // Check comment is published
     if (!$comment->state) {
         K2Response::throwError(JText::_('K2_COMMENT_NOT_FOUND'));
     }
     // Get item
     $item = K2Items::getInstance($comment->itemId);
     // Check access to the item
     $item->checkSiteAccess();
     // Check input
     if (trim($reportName) == '') {
         K2Response::throwError(JText::_('K2_PLEASE_TYPE_YOUR_NAME'));
     }
     if (trim($reportReason) == '') {
         K2Response::throwError(JText::_('K2_PLEASE_TYPE_THE_REPORT_REASON'));
     }
     // Check captcha depending on settings
     require_once JPATH_SITE . '/components/com_k2/helpers/captcha.php';
     $data = $this->getInputData();
     if (!($result = K2HelperCaptcha::check($data, $this))) {
         K2Response::throwError($this->getError());
     }
     $mailer = JFactory::getMailer();
     $senderEmail = $configuration->get('mailfrom');
     $senderName = $configuration->get('fromname');
     $mailer->setSender(array($senderEmail, $senderName));
     $mailer->setSubject(JText::_('K2_COMMENT_REPORT'));
     $mailer->IsHTML(true);
     $body = "\n        <strong>" . JText::_('K2_NAME') . "</strong>: " . $reportName . " <br/>\n        <strong>" . JText::_('K2_REPORT_REASON') . "</strong>: " . $reportReason . " <br/>\n        <strong>" . JText::_('K2_COMMENT') . "</strong>: " . nl2br($comment->text) . " <br/>\n        ";
     $mailer->setBody($body);
     $mailer->ClearAddresses();
     $mailer->AddAddress($params->get('commentsReportRecipient', $configuration->get('mailfrom')));
     $mailer->Send();
     $application->enqueueMessage(JText::_('K2_REPORT_SUBMITTED'));
     echo json_encode(K2Response::render());
     return $this;
 }