/**
* Process the /board API endpoint.
*
* @route board
*/
public function board()
{
if ($this->isLoggedIn()) {
// You're already logged in!
\Airship\redirect($this->airship_cabin_prefix);
}
if (!$this->config('board.enabled')) {
\Airship\redirect($this->airship_cabin_prefix);
}
$this->storeLensVar('showmenu', false);
$post = $this->post(new BoardFilter());
if (!empty($post)) {
// Optional: CAPTCHA enforcement
if ($this->config('board.captcha')) {
if (isset($post['g-recaptcha-response'])) {
$rc = \Airship\getReCaptcha($this->config('recaptcha.secret-key'), $this->config('recaptcha.curl-opts') ?? []);
$resp = $rc->verify($post['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
if ($resp->isSuccess()) {
$this->processBoard($post);
return;
}
$this->storeLensVar('post_response', ['status' => 'ERROR', 'message' => 'Invalid CAPTCHA response']);
}
} else {
$this->processBoard($post);
return;
}
}
$this->lens('board', ['config' => $this->config(), 'title' => 'All Aboard!']);
}
/**
* Add a comment to a blog post
*
* @param array $post
* @param int $blogPostId
* @return bool
*/
protected function addComment(array $post = [], int $blogPostId = 0) : bool
{
if (!$this->config('blog.comments.enabled')) {
$this->storeLensVar('blog_error', \__('Comments are not enabled on this blog.'));
return false;
}
if (!$this->isLoggedIn() && !$this->config('blog.comments.guests')) {
$this->storeLensVar('blog_error', \__('Guest comments are not enabled on this blog.'));
return false;
}
if (!$this->isLoggedIn() && (empty($post['name']) || empty($post['email']))) {
$this->storeLensVar('blog_error', \__('Name and email address are required fields.'));
return false;
}
if ($this->isLoggedIn() && !$this->isSuperUser()) {
if (!empty($post['author'])) {
$allowedAuthors = $this->blog->getAuthorsForUser($this->getActiveUserId());
if (!\in_array($post['author'], $allowedAuthors)) {
$this->storeLensVar('blog_error', \__('You do not have permission to post as this author.'));
return false;
}
}
}
$msg = \trim($post['message']);
if (Binary::safeStrlen($msg) < 2) {
$this->storeLensVar('blog_error', \__('The comment you attempted to leave is much too short.'));
return false;
}
$published = false;
$can_comment = false;
if ($this->can('publish')) {
// No CAPTCHA necessary
$published = true;
$can_comment = true;
} elseif ($this->config('blog.comments.recaptcha')) {
if (isset($post['g-recaptcha-response'])) {
$rc = \Airship\getReCaptcha($this->config('recaptcha.secret-key'), $this->config('recaptcha.curl-opts') ?? []);
$resp = $rc->verify($post['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
$can_comment = $resp->isSuccess();
}
} else {
$can_comment = true;
}
if (!$can_comment) {
$this->storeLensVar('blog_error', \__('Invalid CAPTCHA Response. Please try again.'));
return false;
}
return $this->blog->addCommentToPost($post, $blogPostId, $published);
}
/**
* @route pages/{string}/deletePage
* @param string $cabin
*/
public function deletePage(string $cabin = '')
{
$page = [];
$path = $this->determinePath($cabin);
if (!\is1DArray($_GET)) {
\Airship\redirect($this->airship_cabin_prefix . '/pages/' . \trim($cabin, '/'));
}
$cabins = $this->getCabinNamespaces();
if (!\in_array($cabin, $cabins)) {
\Airship\redirect($this->airship_cabin_prefix);
}
$this->setTemplateExtraData($cabin);
if (!$this->can('delete')) {
\Airship\redirect($this->airship_cabin_prefix);
}
try {
$page = $this->pg->getPageInfo($cabin, $path, (string) ($_GET['page'] ?? ''));
} catch (CustomPageNotFoundException $ex) {
\Airship\redirect($this->airship_cabin_prefix . '/pages/' . \trim($cabin, '/'));
}
$secretKey = $this->config('recaptcha.secret-key');
if (empty($secretKey)) {
$this->lens('pages/bad_config');
}
$post = $this->post(new DeletePageFilter());
if (!empty($post)) {
if (isset($post['g-recaptcha-response'])) {
$rc = \Airship\getReCaptcha($secretKey, $this->config('recaptcha.curl-opts') ?? []);
$resp = $rc->verify($post['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
if ($resp->isSuccess()) {
// CAPTCHA verification and CSRF token both passed
$this->processDeletePage((int) $page['pageid'], $post, $cabin, $path);
}
}
}
$this->lens('pages/page_delete', ['cabins' => $cabins, 'pageinfo' => $page, 'config' => $this->config(), 'dir' => $path, 'cabin' => $cabin, 'pathinfo' => \Airship\chunk($path)]);
}
