public static function show($object_id, $object_group = 'com_content', $object_title = '')
{
// only one copy of JComments per page is allowed
if (defined('JCOMMENTS_SHOW')) {
return '';
}
$app = JFactory::getApplication('site');
$object_group = JCommentsSecurity::clearObjectGroup($object_group);
if ($object_group == '' || !isset($object_id) || $object_id == '') {
return '';
}
$object_id = (int) $object_id;
$object_title = trim($object_title);
$acl = JCommentsFactory::getACL();
$config = JCommentsFactory::getConfig();
$document = JFactory::getDocument();
$tmpl = JCommentsFactory::getTemplate($object_id, $object_group);
$tmpl->load('tpl_index');
if (!defined('JCOMMENTS_CSS')) {
include_once JCOMMENTS_HELPERS . '/system.php';
if ($app->isAdmin()) {
$tmpl->addVar('tpl_index', 'comments-css', 1);
} else {
$document->addStyleSheet(JCommentsSystemPluginHelper::getCSS());
$language = JFactory::getLanguage();
if ($language->isRTL()) {
$rtlCSS = JCommentsSystemPluginHelper::getCSS(true);
if ($rtlCSS != '') {
$document->addStyleSheet($rtlCSS);
}
}
}
}
if (!defined('JCOMMENTS_JS')) {
include_once JCOMMENTS_HELPERS . '/system.php';
$document->addScript(JCommentsSystemPluginHelper::getCoreJS());
define('JCOMMENTS_JS', 1);
if (!defined('JOOMLATUNE_AJAX_JS')) {
$document->addScript(JCommentsSystemPluginHelper::getAjaxJS());
define('JOOMLATUNE_AJAX_JS', 1);
}
}
$commentsCount = JComments::getCommentsCount($object_id, $object_group);
$commentsPerObject = $config->getInt('max_comments_per_object');
$showForm = $config->getInt('form_show') == 1 || $config->getInt('form_show') == 2 && $commentsCount == 0;
if ($commentsPerObject != 0 && $commentsCount >= $commentsPerObject) {
$config->set('comments_locked', 1);
}
if ($config->getInt('comments_locked', 0) == 1) {
$config->set('enable_rss', 0);
$tmpl->addVar('tpl_index', 'comments-form-locked', 1);
$acl->setCommentsLocked(true);
}
$tmpl->addVar('tpl_index', 'comments-form-captcha', $acl->check('enable_captcha'));
$tmpl->addVar('tpl_index', 'comments-form-link', $showForm ? 0 : 1);
if ($config->getInt('enable_rss') == 1) {
if ($document->getType() == 'html') {
$link = JCommentsFactory::getLink('rss', $object_id, $object_group);
$title = htmlspecialchars($object_title, ENT_COMPAT, 'UTF-8');
$attribs = array('type' => 'application/rss+xml', 'title' => $title);
$document->addHeadLink($link, 'alternate', 'rel', $attribs);
}
}
$cacheEnabled = intval($app->getCfg('caching')) != 0;
if ($cacheEnabled == 0) {
$jrecache = JPATH_ROOT . '/components/com_jrecache/jrecache.config.php';
if (is_file($jrecache)) {
$cfg = new _JRECache_Config();
$cacheEnabled = $cacheEnabled && $cfg->enable_cache;
}
}
$load_cached_comments = intval($config->getInt('load_cached_comments', 0) && $commentsCount > 0);
if ($cacheEnabled) {
$tmpl->addVar('tpl_index', 'comments-anticache', 1);
}
if (!$cacheEnabled || $load_cached_comments === 1) {
if ($config->get('template_view') == 'tree') {
$tmpl->addVar('tpl_index', 'comments-list', $commentsCount > 0 ? JComments::getCommentsTree($object_id, $object_group) : '');
} else {
$tmpl->addVar('tpl_index', 'comments-list', $commentsCount > 0 ? JComments::getCommentsList($object_id, $object_group) : '');
}
}
$needScrollToComment = ($cacheEnabled || $config->getInt('comments_per_page') > 0) && $commentsCount > 0;
$tmpl->addVar('tpl_index', 'comments-gotocomment', (int) $needScrollToComment);
$tmpl->addVar('tpl_index', 'comments-form', JComments::getCommentsForm($object_id, $object_group, $showForm));
$tmpl->addVar('tpl_index', 'comments-form-position', $config->getInt('form_position'));
$result = $tmpl->renderTemplate('tpl_index');
$tmpl->freeAllTemplates();
// send notifications
srand((double) microtime() * 10000000);
$randValue = intval(rand(0, 100));
if ($randValue <= 30) {
JCommentsNotificationHelper::send();
}
define('JCOMMENTS_SHOW', 1);
return $result;
}
public static function showObjectComments()
{
$config = JCommentsFactory::getConfig();
if ($config->get('enable_rss') == '1') {
$app = JFactory::getApplication('site');
$object_id = $app->input->getInt('object_id', 0);
$object_group = JCommentsSecurity::clearObjectGroup($app->input->get('object_group', 'com_content'));
$limit = $app->input->getInt('limit', $config->getInt('feed_limit', 100));
// if no group or id specified - return 404
if ($object_id == 0 || $object_group == '') {
self::showNotFound();
return;
}
$lm = $limit != $config->getInt('feed_limit') ? '&limit=' . $limit : '';
if (JCommentsMultilingual::isEnabled()) {
$language = JCommentsMultilingual::getLanguage();
$lp = '&lang=' . $language;
} else {
$language = null;
$lp = '';
}
$liveSite = trim(str_replace(JURI::root(true), '', str_replace('/administrator', '', JURI::root())), '/');
$syndicationURL = $liveSite . JRoute::_('index.php?option=com_jcomments&task=rss&object_id=' . $object_id . '&object_group=' . $object_group . $lm . $lp . '&format=raw');
$object_title = JCommentsObjectHelper::getTitle($object_id, $object_group, $language);
$object_link = JCommentsObjectHelper::getLink($object_id, $object_group, $language);
$object_link = str_replace('amp;', '', JCommentsFactory::getAbsLink($object_link));
$rss = new JoomlaTuneFeed();
$rss->title = $object_title;
$rss->link = $object_link;
$rss->syndicationURL = $syndicationURL;
$rss->description = JText::sprintf('OBJECT_FEED_DESCRIPTION', $rss->title);
$options = array();
$options['object_id'] = $object_id;
$options['object_group'] = $object_group;
$options['lang'] = $language;
$options['published'] = 1;
$options['filter'] = 'c.deleted = 0';
$options['orderBy'] = 'c.date DESC';
$options['limit'] = $limit;
$options['limitStart'] = 0;
$options['objectinfo'] = true;
$rows = JCommentsModel::getCommentsList($options);
$word_maxlength = $config->getInt('word_maxlength');
foreach ($rows as $row) {
$comment = JCommentsText::cleanText($row->comment);
$title = $row->title;
$author = JComments::getCommentAuthorName($row);
if ($comment != '') {
// apply censor filter
$title = JCommentsText::censor($title);
$comment = JCommentsText::censor($comment);
// fix long words problem
if ($word_maxlength > 0) {
$comment = JCommentsText::fixLongWords($comment, $word_maxlength, ' ');
if ($title != '') {
$title = JCommentsText::fixLongWords($title, $word_maxlength, ' ');
}
}
$item = new JoomlaTuneFeedItem();
$item->title = $title != '' ? $title : JText::sprintf('OBJECT_FEED_ITEM_TITLE', $author);
$item->link = $object_link . '#comment-' . $row->id;
$item->description = $comment;
$item->source = $object_link;
$item->pubDate = $row->date;
$item->author = $author;
$rss->addItem($item);
}
}
$rss->display();
unset($rows, $rss);
exit;
}
}
public static function save()
{
JCommentsSecurity::checkToken();
$task = JCommentsInput::getVar('task');
$id = (int) JCommentsInput::getVar('id', 0);
require_once JCOMMENTS_TABLES . '/subscription.php';
$db = JCommentsFactory::getDBO();
$row = new JCommentsTableSubscription($db);
if ($id) {
$row->load($id);
}
$row->object_id = (int) JCommentsInput::getVar('object_id');
$row->object_group = JCommentsSecurity::clearObjectGroup(JCommentsInput::getVar('object_group'));
$row->name = preg_replace("/[\\'\"\\>\\<\\(\\)\\[\\]]?+/i", '', strip_tags(JCommentsInput::getVar('name')));
$row->email = trim(strip_tags(JCommentsInput::getVar('email')));
$row->published = (int) JCommentsInput::getVar('published');
if (!$row->id) {
$query = "SELECT id, name FROM #__users WHERE email = " . $db->Quote($row->email);
$db->setQuery($query);
$users = $db->loadObjectList();
if (count($users)) {
$row->userid = $users[0]->id;
$row->name = $users[0]->name;
} else {
$row->userid = 0;
}
$row->lang = '';
// TODO: add language selection if JoomFish installed
}
$row->store();
switch ($task) {
case 'subscription.apply':
JCommentsRedirect(JCOMMENTS_INDEX . '?option=com_jcomments&task=subscription.edit&hidemainmenu=1&cid[]=' . $row->id);
break;
case 'subscription.save':
default:
JCommentsRedirect(JCOMMENTS_INDEX . '?option=com_jcomments&task=subscriptions');
break;
}
}
public static function addComment($values = array())
{
if (JCommentsSecurity::badRequest() == 1) {
JCommentsSecurity::notAuth();
}
$user = JCommentsFactory::getUser();
$acl = JCommentsFactory::getACL();
$config = JCommentsFactory::getConfig();
$response = JCommentsFactory::getAjaxResponse();
if ($acl->canComment()) {
$values = self::prepareValues($_POST);
$object_group = isset($values['object_group']) ? JCommentsSecurity::clearObjectGroup($values['object_group']) : '';
$object_id = isset($values['object_id']) ? intval($values['object_id']) : '';
if ($object_group == '' || $object_id == '') {
// TODO: add appropriate error message
return $response;
}
$commentsPerObject = $config->getInt('max_comments_per_object');
if ($commentsPerObject > 0) {
$commentsCount = JComments::getCommentsCount($object_id, $object_group);
if ($commentsCount >= $commentsPerObject) {
$message = $config->get('message_locked');
if (empty($message)) {
$message = $config->get('ERROR_CANT_COMMENT');
}
$message = self::escapeMessage($message);
$response->addAlert($message);
return $response;
}
}
$userIP = $acl->getUserIP();
if (!$user->id) {
$noErrors = false;
if (isset($values['userid']) && intval($values['userid']) > 0) {
// TODO: we need more correct way to detect login timeout
self::showErrorMessage(JText::_('ERROR_SESSION_EXPIRED'));
} else {
if ($config->getInt('author_name', 2) == 2 && empty($values['name'])) {
self::showErrorMessage(JText::_('ERROR_EMPTY_NAME'), 'name');
} else {
if (JCommentsSecurity::checkIsRegisteredUsername($values['name']) == 1) {
self::showErrorMessage(JText::_('ERROR_NAME_EXISTS'), 'name');
} else {
if (JCommentsSecurity::checkIsForbiddenUsername($values['name']) == 1) {
self::showErrorMessage(JText::_('ERROR_FORBIDDEN_NAME'), 'name');
} else {
if (preg_match('/[\\"\'\\[\\]\\=\\<\\>\\(\\)\\;]+/', $values['name'])) {
self::showErrorMessage(JText::_('ERROR_INVALID_NAME'), 'name');
} else {
if ($config->get('username_maxlength') != 0 && JCommentsText::strlen($values['name']) > $config->get('username_maxlength')) {
self::showErrorMessage(JText::_('ERROR_TOO_LONG_USERNAME'), 'name');
} else {
if ($config->getInt('author_email') == 2 && empty($values['email'])) {
self::showErrorMessage(JText::_('ERROR_EMPTY_EMAIL'), 'email');
} else {
if (!empty($values['email']) && !preg_match(_JC_REGEXP_EMAIL2, $values['email'])) {
self::showErrorMessage(JText::_('ERROR_INCORRECT_EMAIL'), 'email');
} else {
if ($config->getInt('author_email') != 0 && JCommentsSecurity::checkIsRegisteredEmail($values['email']) == 1) {
self::showErrorMessage(JText::_('ERROR_EMAIL_EXISTS'), 'email');
} else {
if ($config->getInt('author_homepage') == 2 && empty($values['homepage'])) {
self::showErrorMessage(JText::_('ERROR_EMPTY_HOMEPAGE'), 'homepage');
} else {
$noErrors = true;
}
}
}
}
}
}
}
}
}
}
if (!$noErrors) {
return $response;
}
}
if ($acl->check('floodprotection') == 1 && JCommentsSecurity::checkFlood($userIP)) {
self::showErrorMessage(JText::_('ERROR_TOO_QUICK'));
} else {
if (empty($values['homepage']) && $config->get('author_homepage') == 3) {
self::showErrorMessage(JText::_('ERROR_EMPTY_HOMEPAGE'), 'homepage');
} else {
if (empty($values['title']) && $config->get('comment_title') == 3) {
self::showErrorMessage(JText::_('ERROR_EMPTY_TITLE'), 'title');
} else {
if (empty($values['comment'])) {
self::showErrorMessage(JText::_('ERROR_EMPTY_COMMENT'), 'comment');
} else {
if ($config->getInt('comment_maxlength') != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($values['comment']) > $config->get('comment_maxlength')) {
self::showErrorMessage(JText::_('ERROR_YOUR_COMMENT_IS_TOO_LONG'), 'comment');
} else {
if ($config->getInt('comment_minlength', 0) != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($values['comment']) < $config->get('comment_minlength')) {
self::showErrorMessage(JText::_('ERROR_YOUR_COMMENT_IS_TOO_SHORT'), 'comment');
} else {
if ($acl->check('enable_captcha') == 1) {
$captchaEngine = $config->get('captcha_engine', 'kcaptcha');
if ($captchaEngine == 'kcaptcha') {
require_once JCOMMENTS_BASE . DS . 'jcomments.captcha.php';
if (!JCommentsCaptcha::check($values['captcha_refid'])) {
self::showErrorMessage(JText::_('ERROR_CAPTCHA'), 'captcha');
JCommentsCaptcha::destroy();
$response->addScript("jcomments.clear('captcha');");
return $response;
}
} else {
$result = JCommentsEvent::trigger('onJCommentsCaptchaVerify', array($values['captcha_refid'], &$response));
// if all plugins returns false
if (!in_array(true, $result, true)) {
self::showErrorMessage(JText::_('ERROR_CAPTCHA'));
return $response;
}
}
}
$db = JCommentsFactory::getDBO();
// small fix (by default $my has empty 'name' and 'email' field)
if ($user->id) {
$currentUser = JCommentsFactory::getUser($user->id);
$user->name = $currentUser->name;
$user->username = $currentUser->username;
$user->email = $currentUser->email;
unset($currentUser);
}
if (empty($values['name'])) {
$values['name'] = 'Guest';
// JText::_('Guest');
}
$comment = new JCommentsTableComment($db);
$comment->id = 0;
$comment->name = $user->id ? $user->name : preg_replace("/[\\'\"\\>\\<\\(\\)\\[\\]]?+/i", '', $values['name']);
$comment->username = $user->id ? $user->username : $comment->name;
$comment->email = $user->id ? $user->email : (isset($values['email']) ? $values['email'] : '');
if ($config->getInt('author_homepage') != 0 && !empty($values['homepage'])) {
$comment->homepage = JCommentsText::url($values['homepage']);
}
$comment->comment = $values['comment'];
// filter forbidden bbcodes
$bbcode = JCommentsFactory::getBBCode();
$comment->comment = $bbcode->filter($comment->comment);
if ($comment->comment != '') {
if ($config->getInt('enable_custom_bbcode')) {
// filter forbidden custom bbcodes
$commentLength = strlen($comment->comment);
$customBBCode = JCommentsFactory::getCustomBBCode();
$comment->comment = $customBBCode->filter($comment->comment);
if (strlen($comment->comment) == 0 && $commentLength > 0) {
self::showErrorMessage(JText::_('ERROR_YOU_HAVE_NO_RIGHTS_TO_USE_THIS_TAG'), 'comment');
return $response;
}
}
}
if ($comment->comment == '') {
self::showErrorMessage(JText::_('ERROR_EMPTY_COMMENT'), 'comment');
return $response;
}
$commentWithoutQuotes = $bbcode->removeQuotes($comment->comment);
if ($commentWithoutQuotes == '') {
self::showErrorMessage(JText::_('ERROR_NOTHING_EXCEPT_QUOTES'), 'comment');
return $response;
} else {
if ($config->getInt('comment_minlength', 0) != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($commentWithoutQuotes) < $config->get('comment_minlength')) {
self::showErrorMessage(JText::_('ERROR_YOUR_COMMENT_IS_TOO_SHORT'), 'comment');
return $response;
}
}
$values['subscribe'] = isset($values['subscribe']) ? (int) $values['subscribe'] : 0;
if ($values['subscribe'] == 1 && $comment->email == '') {
self::showErrorMessage(JText::_('ERROR_SUBSCRIPTION_EMAIL'), 'email');
return $response;
}
$comment->object_id = (int) $object_id;
$comment->object_group = $object_group;
$comment->title = isset($values['title']) ? $values['title'] : '';
$comment->parent = isset($values['parent']) ? intval($values['parent']) : 0;
$comment->lang = JCommentsMultilingual::getLanguage();
$comment->ip = $userIP;
$comment->userid = $user->id ? $user->id : 0;
$comment->published = $acl->check('autopublish');
$comment->date = JCommentsFactory::getDate();
$query = "SELECT COUNT(*) " . "\nFROM #__jcomments " . "\nWHERE comment = '" . $db->getEscaped($comment->comment) . "'" . "\n AND ip = '" . $db->getEscaped($comment->ip) . "'" . "\n AND name = '" . $db->getEscaped($comment->name) . "'" . "\n AND userid = '" . $comment->userid . "'" . "\n AND object_id = " . $comment->object_id . "\n AND parent = " . $comment->parent . "\n AND object_group = '" . $db->getEscaped($comment->object_group) . "'" . (JCommentsMultilingual::isEnabled() ? "\nAND lang = '" . JCommentsMultilingual::getLanguage() . "'" : "");
$db->setQuery($query);
$found = $db->loadResult();
// if duplicates is not found
if ($found == 0) {
$result = JCommentsEvent::trigger('onJCommentsCommentBeforeAdd', array(&$comment));
if (in_array(false, $result, true)) {
return $response;
}
// save comments subscription
if ($values['subscribe']) {
require_once JCOMMENTS_BASE . DS . 'jcomments.subscription.php';
$manager = JCommentsSubscriptionManager::getInstance();
$manager->subscribe($comment->object_id, $comment->object_group, $comment->userid, $comment->email, $comment->name, $comment->lang);
}
$merged = false;
$merge_time = $config->getInt('merge_time', 0);
// merge comments from same author
if ($user->id && $merge_time > 0) {
// load previous comment for same object and group
$prevComment = JCommentsModel::getLastComment($comment->object_id, $comment->object_group, $comment->parent);
if ($prevComment != null) {
// if previous comment from same author and it currently not edited
// by any user - we'll update comment, else - insert new record to database
if ($prevComment->userid == $comment->userid && $prevComment->parent == $comment->parent && !$acl->isLocked($prevComment)) {
$newText = $prevComment->comment . '<br /><br />' . $comment->comment;
$timeDiff = strtotime($comment->date) - strtotime($prevComment->date);
if ($timeDiff < $merge_time) {
$maxlength = $config->getInt('comment_maxlength');
$needcheck = $acl->check('enable_comment_length_check');
// validate new comment text length and if it longer than specified -
// disable union current comment with previous
if ($needcheck == 0 || $needcheck == 1 && $maxlength != 0 && JCommentsText::strlen($newText) <= $maxlength) {
$comment->id = $prevComment->id;
$comment->comment = $newText;
$merged = true;
}
}
}
unset($prevComment);
}
}
// save new comment to database
if (!$comment->store()) {
$response->addScript("jcomments.clear('comment');");
if ($acl->check('enable_captcha') == 1 && $config->get('captcha_engine', 'kcaptcha') == 'kcaptcha') {
JCommentsCaptcha::destroy();
$response->addScript("jcomments.clear('captcha');");
}
return $response;
}
// store/update information about commented object
JCommentsObjectHelper::storeObjectInfo($comment->object_id, $comment->object_group, $comment->lang);
JCommentsEvent::trigger('onJCommentsCommentAfterAdd', array(&$comment));
// send notification to administrators
if ($config->getInt('enable_notification') == 1) {
if ($config->check('notification_type', 1) == true) {
JComments::sendNotification($comment, true);
}
}
// if comment published we need update comments list
if ($comment->published) {
// send notification to comment subscribers
JComments::sendToSubscribers($comment, true);
if ($merged) {
$commentText = $comment->comment;
$html = JCommentsText::jsEscape(JComments::getCommentItem($comment));
$response->addScript("jcomments.updateComment(" . $comment->id . ", '{$html}');");
$comment->comment = $commentText;
} else {
$count = JComments::getCommentsCount($comment->object_id, $comment->object_group);
if ($config->get('template_view') == 'tree') {
if ($count > 1) {
$html = JComments::getCommentListItem($comment);
$html = JCommentsText::jsEscape($html);
$mode = $config->getInt('tree_order') == 1 || $config->getInt('tree_order') == 2 && $comment->parent > 0 ? 'b' : 'a';
$response->addScript("jcomments.updateTree('{$html}','{$comment->parent}','{$mode}');");
} else {
$html = JComments::getCommentsTree($comment->object_id, $comment->object_group);
$html = JCommentsText::jsEscape($html);
$response->addScript("jcomments.updateTree('{$html}',null);");
}
} else {
// if pagination disabled and comments count > 1...
if ($config->getInt('comments_per_page') == 0 && $count > 1) {
// update only added comment
$html = JComments::getCommentListItem($comment);
$html = JCommentsText::jsEscape($html);
if ($config->get('comments_order') == 'DESC') {
$response->addScript("jcomments.updateList('{$html}','p');");
} else {
$response->addScript("jcomments.updateList('{$html}','a');");
}
} else {
// update comments list
$html = JComments::getCommentsList($comment->object_id, $comment->object_group, JComments::getCommentPage($comment->object_id, $comment->object_group, $comment->id));
$html = JCommentsText::jsEscape($html);
$response->addScript("jcomments.updateList('{$html}','r');");
}
// scroll to first comment
if ($config->get('comments_order') == 'DESC') {
$response->addScript("jcomments.scrollToList();");
}
}
}
self::showInfoMessage(JText::_('THANK_YOU_FOR_YOUR_SUBMISSION'));
} else {
self::showInfoMessage(JText::_('THANK_YOU_YOUR_COMMENT_WILL_BE_PUBLISHED_ONCE_REVIEWED'));
}
// clear comments textarea & update comment length counter if needed
$response->addScript("jcomments.clear('comment');");
if ($acl->check('enable_captcha') == 1 && $config->get('captcha_engine', 'kcaptcha') == 'kcaptcha') {
require_once JCOMMENTS_BASE . DS . 'jcomments.captcha.php';
JCommentsCaptcha::destroy();
$response->addScript("jcomments.clear('captcha');");
}
} else {
self::showErrorMessage(JText::_('ERROR_DUPLICATE_COMMENT'), 'comment');
}
}
}
}
}
}
}
} else {
$message = $config->get('ERROR_CANT_COMMENT');
if ($acl->getUserBlocked()) {
$bannedMessage = $config->get('message_banned');
if (!empty($bannedMessage)) {
$message = self::escapeMessage($bannedMessage);
}
}
$response->addAlert($message);
}
return $response;
}
