function JCommentsACL()
{
$user = JFactory::getUser();
$config = JCommentsFactory::getConfig();
$this->canDelete = $this->check('can_delete');
$this->canDeleteOwn = $this->check('can_delete_own');
$this->canDeleteForMyObject = $this->check('can_delete_for_my_object');
$this->canEdit = $this->check('can_edit');
$this->canEditOwn = $this->check('can_edit_own');
$this->canEditForMyObject = $this->check('can_edit_for_my_object');
$this->canPublish = $this->check('can_publish');
$this->canPublishForMyObject = $this->check('can_publish_for_my_object');
$this->canViewIP = $this->check('can_view_ip');
$this->canViewEmail = $this->check('can_view_email');
$this->canViewHomepage = $this->check('can_view_homepage');
$this->canComment = $this->check('can_comment');
$this->canVote = $this->check('can_vote');
$this->canReport = intval($this->check('can_report') && $config->getInt('enable_reports'));
$this->canBan = 0;
$this->canQuote = intval($this->canComment && $this->check('enable_bbcode_quote'));
$this->canReply = intval($this->canComment && $this->check('can_reply') && $config->get('template_view') == 'tree');
$this->userID = (int) $user->id;
$this->userIP = $_SERVER['REMOTE_ADDR'];
$this->userBlocked = 0;
$this->deleteMode = $config->getInt('delete_mode');
$this->commentsLocked = false;
if ($config->getInt('enable_blacklist', 0) == 1) {
$options = array();
$options['ip'] = $this->getUserIP();
$options['userid'] = $this->getUserID();
if (!JCommentsSecurity::checkBlacklist($options)) {
$this->userBlocked = 1;
$this->canComment = 0;
$this->canQuote = 0;
$this->canReply = 0;
$this->canVote = 0;
$this->canBan = 0;
} else {
$this->canBan = $this->check('can_ban');
}
}
}
public static function executeCmd()
{
$app = JFactory::getApplication('site');
$cmd = strtolower($app->input->get('cmd', ''));
$hash = $app->input->get('hash', '');
$id = $app->input->getInt('id', 0);
$message = '';
$link = str_replace('/administrator', '', JURI::root()) . 'index.php';
$checkHash = JCommentsFactory::getCmdHash($cmd, $id);
if ($hash == $checkHash) {
$config = JCommentsFactory::getConfig();
if ($config->getInt('enable_quick_moderation') == 1) {
JTable::addIncludePath(JCOMMENTS_TABLES);
$comment = JTable::getInstance('Comment', 'JCommentsTable');
if ($comment->load($id)) {
$link = JCommentsObjectHelper::getLink($comment->object_id, $comment->object_group, $comment->lang);
$link = str_replace('&', '&', $link);
switch ($cmd) {
case 'publish':
$comment->published = 1;
$comment->store();
// send notification to comment subscribers
JComments::sendToSubscribers($comment, true);
$link .= '#comment-' . $comment->id;
break;
case 'unpublish':
$comment->published = 0;
$comment->store();
$acl = JCommentsFactory::getACL();
if ($acl->canPublish()) {
$link .= '#comment-' . $comment->id;
} else {
$link .= '#comments';
}
break;
case 'delete':
if ($config->getInt('delete_mode') == 0) {
$comment->delete();
$link .= '#comments';
} else {
$comment->markAsDeleted();
$link .= '#comment-' . $comment->id;
}
break;
case 'ban':
if ($config->getInt('enable_blacklist') == 1) {
$acl = JCommentsFactory::getACL();
// we will not ban own IP ;)
if ($comment->ip != $acl->getUserIP()) {
$options = array();
$options['ip'] = $comment->ip;
// check if this IP already banned
if (JCommentsSecurity::checkBlacklist($options)) {
$blacklist = JTable::getInstance('Blacklist', 'JCommentsTable');
$blacklist->ip = $comment->ip;
$blacklist->store();
$message = JText::_('SUCCESSFULLY_BANNED');
} else {
$message = JText::_('ERROR_IP_ALREADY_BANNED');
}
} else {
$message = JText::_('ERROR_YOU_CAN_NOT_BAN_YOUR_IP');
}
}
break;
}
JCommentsNotificationHelper::send();
} else {
$message = JText::_('ERROR_NOT_FOUND');
}
} else {
$message = JText::_('ERROR_QUICK_MODERATION_DISABLED');
}
} else {
$message = JText::_('ERROR_QUICK_MODERATION_INCORRECT_HASH');
}
$app->redirect($link, $message);
}
public static function BanIP($id)
{
if (JCommentsSecurity::badRequest() == 1) {
JCommentsSecurity::notAuth();
}
$acl = JCommentsFactory::getACL();
$response = JCommentsFactory::getAjaxResponse();
if ($acl->canBan()) {
$config = JCommentsFactory::getConfig();
if ($config->getInt('enable_blacklist') == 1) {
$id = (int) $id;
$db = JCommentsFactory::getDBO();
$comment = new JCommentsTableComment($db);
if ($comment->load($id)) {
// we will not ban own IP ;)
if ($comment->ip != $acl->getUserIP()) {
$options = array();
$options['ip'] = $comment->ip;
// check if this IP already banned
if (JCommentsSecurity::checkBlacklist($options)) {
$result = JCommentsEvent::trigger('onJCommentsUserBeforeBan', array(&$comment, &$options));
if (!in_array(false, $result, true)) {
require_once JCOMMENTS_TABLES . '/blacklist.php';
$blacklist = new JCommentsTableBlacklist($db);
$blacklist->ip = $comment->ip;
$blacklist->created = JCommentsFactory::getDate();
$blacklist->created_by = $acl->getUserId();
if ($blacklist->store()) {
JCommentsEvent::trigger('onJCommentsUserAfterBan', array(&$comment, $options));
self::showInfoMessage(JText::_('SUCCESSFULLY_BANNED'), 'comment-item-' . $id);
}
}
} else {
self::showErrorMessage(JText::_('ERROR_IP_ALREADY_BANNED'), '', 'comment-item-' . $id);
}
} else {
self::showErrorMessage(JText::_('ERROR_YOU_CAN_NOT_BAN_YOUR_IP'), '', 'comment-item-' . $id);
}
}
}
}
return $response;
}
