function store(&$postNew) { $app = JFactory::getApplication(); $user = JFactory::getUser(); $db = JFactory::getDBO(); $uri = JFactory::getURI(); $tmpl = array(); $token = JUtility::getToken(); $paramsC = JComponentHelper::getParams('com_phocaguestbook'); //Add requirement if (!JRequest::getInt($token, 0, 'post')) { $app->redirect(JRoute::_('index.php', false), JText::_('JINVALID_TOKEN')); exit; } // Security $redSpam = 'index.php?option=com_phocaguestbook&view=empty'; //temp, does not work if sef enabled $sec = 0; $tmpl['specific_itemid'] = $paramsC->get('specific_itemid', ''); $tmpl['enable_detecting_page'] = $paramsC->get('enable_detecting_page', 0); $itemids = explode(',', $tmpl['specific_itemid']); if (!empty($itemids) && isset($itemids[0]) && (int) $itemids[0] > 0) { $itemid = JRequest::getCmd('Itemid'); if (!in_array($itemid, $itemids)) { $sec = 1; } } if (!JRequest::getInt($token, 0, 'post')) { $sec = 1; } if (JRequest::getCmd('view') != 'guestbook') { $sec = 1; } if (JRequest::getCmd('option') != 'com_phocaguestbook') { $sec = 1; } if (JRequest::getCmd('task') != 'submit') { $sec = 1; } if ((int) $sec == 1) { $app->redirect(JRoute::_('index.php', false), JText::_("COM_PHOCAGUESTBOOK_FORM_DATA_NOT_VALID")); exit; } $tmpl['session_suffix'] = $paramsC->get('session_suffix'); //Get Session Data (we have saved new session, because we want to check captcha $session =& JFactory::getSession(); $phoca_guestbook_session = $session->get('pgbsess' . $tmpl['session_suffix']); // - - - - - - - - - - //Some POST data can be required or not, If yes, set message if there is POST data == '' //Get the params, e.g. if we define in params, that e.g. title can be "", we will not check it //if params doesn't exist it will be required, if exists and is required (1) it is required $tmpl['display_title_form'] = $paramsC->get('display_title_form', 2); $tmpl['display_name_form'] = $paramsC->get('display_name_form', 2); $tmpl['display_email_form'] = $paramsC->get('display_email_form', 1); $tmpl['display_website_form'] = $paramsC->get('display_website_form', 0); $tmpl['display_content_form'] = $paramsC->get('display_content_form', 2); $tmpl['max_char'] = $paramsC->get('max_char', 2000); $tmpl['send_mail'] = $paramsC->get('send_mail', 0); $tmpl['registered_users_only'] = $paramsC->get('registered_users_only', 0); $tmpl['enable_captcha'] = $paramsC->get('enable_captcha', 1); $tmpl['enable_captcha_users'] = $paramsC->get('enable_captcha_users', 0); $tmpl['enable_akismet'] = $paramsC->get('enable_akismet', 0); $tmpl['akismet_api_key'] = $paramsC->get('akismet_api_key', ""); $tmpl['akismet_block_spam'] = $paramsC->get('akismet_block_spam', 0); $tmpl['akismet_url'] = $paramsC->get('akismet_url', 0); $tmpl['username_or_name'] = $paramsC->get('username_or_name', 0); $tmpl['predefined_name'] = $paramsC->get('predefined_name', ''); $tmpl['disable_user_check'] = $paramsC->get('disable_user_check', 0); $tmpl['enable_html_purifier'] = $paramsC->get('enable_html_purifier', 1); $tmpl['enable_hidden_field'] = $paramsC->get('enable_hidden_field', 0); $tmpl['forbidden_word_behaviour'] = $paramsC->get('forbidden_word_behaviour', 0); //Get POST Data - - - - - - - - - $post = JRequest::get('post'); // Hidden Field if ($tmpl['enable_hidden_field'] == 1) { $session =& JFactory::getSession(); $session_suffix = $paramsC->get('session_suffix'); $hiddenSession = 'pgbsesshf' . $session_suffix; $hiddenField = JRequest::getVar($session->get($hiddenSession . 'name'), '', 'post', 'string'); $session->clear($hiddenSession . 'id'); $session->clear($hiddenSession . 'name'); $session->clear($hiddenSession . 'class'); if ($hiddenField != '') { $app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED")); exit; } } $post2['content'] = JRequest::getVar('pgbcontent', '', 'post', 'string', JREQUEST_ALLOWRAW); $post2['captcha'] = JRequest::getVar('captcha', '', 'post', 'string'); $post2['title'] = JRequest::getVar('title', '', 'post', 'string'); $post2['pgusername'] = JRequest::getVar('pgusername', '', 'post', 'string'); $post2['email'] = JRequest::getVar('email', '', 'post', 'string'); $post2['website'] = JRequest::getVar('website', '', 'post', 'string'); $post2['language'] = JRequest::getVar('language', '', 'post', 'string'); $post2['task'] = JRequest::getVar('task', '', 'post', 'string'); $post2['save'] = JRequest::getVar('save', '', 'post', 'string'); if (!isset($post2['captcha']) || isset($post2['captcha']) && $post2['captcha'] == '') { $post2['captcha'] = ''; } // HTML Purifier - - - - - - - - - - if ($tmpl['enable_html_purifier'] == 0) { $filterTags = ''; //preg_split( '#[,\s]+#', trim( ) ); // black list method is used $filterAttrs = ''; //preg_split( '#[,\s]+#', trim( ) ); // black list method is used $filter = new JFilterInput($filterTags, $filterAttrs, 1, 1, 1); $post2['content'] = $filter->clean($post2['content']); } else { require_once JPATH_COMPONENT . DS . 'assets' . DS . 'library' . DS . 'HTMLPurifier.standalone.php'; $configP = HTMLPurifier_Config::createDefault(); $configP->set('Core.Encoding', 'UTF-8'); $configP->set('HTML.Doctype', 'XHTML 1.0 Transitional'); $configP->set('HTML.TidyLevel', 'medium'); $configP->set('HTML.Allowed', 'strong,em,p[style],span[style],img[src|width|height|alt|title],li,ul,ol,a[href],u,strike,br'); $purifier = new HTMLPurifier($configP); $post2['content'] = $purifier->purify($post2['content']); } $cid = JRequest::getVar('cid', array(0), 'post', 'array'); $post2['catid'] = (int) $cid[0]; $post2['published'] = (int) 1; if ($paramsC->get('review_item') != '') { $post2['published'] = (int) $paramsC->get('review_item'); } $post2['ip'] = $_SERVER["REMOTE_ADDR"]; if (!isset($post2['pgusername'])) { $post2['username'] = ''; } else { $post2['username'] = $post2['pgusername']; } if (!isset($post2['email'])) { $post2['email'] = ''; } if (!isset($post2['website'])) { $post2['website'] = ''; } if ($tmpl['forbidden_word_behaviour'] == 0) { $fwfa = explode(',', trim($paramsC->get('forbidden_word_filter', ''))); $fwwfa = explode(',', trim($paramsC->get('forbidden_whole_word_filter', ''))); $fW = 0; foreach ($fwfa as $key2 => $values2) { if (trim($values2) != '') { if (stripos($post2['username'], trim($values2)) !== false) { $fW = 1; break; } if (stripos($post2['title'], trim($values2)) !== false) { $fW = 1; break; } if (stripos($post2['content'], trim($values2)) !== false) { $fW = 1; break; } if (stripos($post2['email'], trim($values2)) !== false) { $fW = 1; break; } if (stripos($post2['website'], trim($values2)) !== false) { $fW = 1; break; } } } //Forbidden Whole Word Filter $fWW = 0; $matches = ''; foreach ($fwwfa as $key3 => $values3) { if ($values3 != '') { //$values3 = "/([\. ])".$values3."([\. ])/"; $values3 = "/(^|[^a-zA-Z0-9_]){1}(" . preg_quote($values3, "/") . ")(\$|[^a-zA-Z0-9_]){1}/i"; $a[] = $values3; if (preg_match($values3, $post2['username']) == 1) { $fWW = 1; break; } if (preg_match($values3, $post2['title']) == 1) { $fWW = 1; break; } if (preg_match($values3, $post2['content']) == 1) { $fWW = 1; break; } if (preg_match($values3, $post2['email']) == 1) { $fWW = 1; break; } if (preg_match($values3, $post2['website']) == 1) { $fWW = 1; break; } } } if ($fW == 1 || $fWW == 1) { $app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED")); exit; } } // Maximum of character, they will be saved in database $post2['content'] = substr($post2['content'], 0, $tmpl['max_char']); // Title Check if ($tmpl['display_title_form'] == 2) { if ($post2['title'] && trim($post2['title']) != '') { $title = 1; // there is a value in title ... OK } else { $title = 0; JRequest::setVar('title-msg-1', 1, 'get', true); // there is no value in title ... FALSE } } else { if ($tmpl['display_title_form'] == 0) { if ($post2['title'] && trim($post2['title']) != '') { $app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED")); exit; } $title = 1; } else { $title = 1; //there is a value or there is no value but it is not required, so it is OK } } if ($title != 0 && preg_match("~[<|>]~", $post2['title'])) { $title = 0; JRequest::setVar('title-msg-2', 1, 'get', true); } // Username or name check //$post2 is the same for both (name or username) //$tmpl['username'] is the same for both (name or username) if ($tmpl['username_or_name'] == 1) { if ($tmpl['display_name_form'] == 2) { if ($post2['username'] && trim($post2['username']) != '') { $username = 1; } else { $username = 0; JRequest::setVar('username-msg-1', 1, 'get', true); } } else { if ($tmpl['display_name_form'] == 0) { if ($post2['username'] && trim($post2['username']) != '') { $app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED")); exit; } $username = 1; } else { $username = 1; } } if ($username != 0 && preg_match("~[\\<|\\>|\"|\\'|\\%|\\;|\\(|\\)|\\&|\\+]~", $post2['username'])) { $username = 0; JRequest::setVar('username-msg-2', 1, 'get', true); } if ($tmpl['disable_user_check'] == 0) { // Check for existing username $query = 'SELECT id' . ' FROM #__users ' . ' WHERE username = '******'username']) . ' OR name = ' . $db->Quote($post2['username']) . ' AND id != ' . (int) $user->id; $db->setQuery($query); $xid = intval($db->loadResult()); if ($xid && $xid != intval($user->id)) { $username = 0; JRequest::setVar('username-msg-3', 1, 'get', true); } } } else { if ($tmpl['display_name_form'] == 2) { if ($post2['username'] && trim($post2['username']) != '') { $username = 1; } else { $username = 0; JRequest::setVar('username-msg-1', 1, 'get', true); } } else { if ($tmpl['display_name_form'] == 0) { if ($post2['username'] && trim($post2['username']) != '') { $app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED")); exit; } $username = 1; } else { $username = 1; } } if ($username != 0 && preg_match("~[\\<|\\>|\"|\\'|\\%|\\;|\\(|\\)|\\&|\\+]~", $post2['username'])) { $username = 0; JRequest::setVar('username-msg-2', 1, 'get', true); } if ($tmpl['disable_user_check'] == 0) { // Check for existing username $query = 'SELECT id' . ' FROM #__users ' . ' WHERE username = '******'username']) . ' OR name = ' . $db->Quote($post2['username']) . ' AND id != ' . (int) $user->id; $db->setQuery($query); $xid = intval($db->loadResult()); if ($xid && $xid != intval($user->id)) { $username = 0; JRequest::setVar('username-msg-3', 1, 'get', true); } } } // Email Check if ($tmpl['display_email_form'] == 2) { if ($post2['email'] && trim($post2['email']) != '') { $email = 1; } else { $email = 0; JRequest::setVar('email-msg-1', 1, 'get', true); } if ($email != 0 && !JMailHelper::isEmailAddress($post2['email'])) { $email = 0; JRequest::setVar('email-msg-2', 1, 'get', true); } } else { if ($tmpl['display_email_form'] == 0) { if ($post2['email'] && trim($post2['email']) != '') { $app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED")); exit; } $email = 1; } else { $email = 1; if ($email != 0 && $post2['email'] != '' && !JMailHelper::isEmailAddress($post2['email'])) { $email = 0; JRequest::setVar('email-msg-2', 1, 'get', true); } } } if ($tmpl['disable_user_check'] == 0) { // check for existing email $query = 'SELECT id' . ' FROM #__users ' . ' WHERE email = ' . $db->Quote($post2['email']) . ' AND id != ' . (int) $user->id; $db->setQuery($query); $xid = intval($db->loadResult()); if ($xid && $xid != intval($user->id)) { $email = 0; JRequest::setVar('email-msg-3', 1, 'get', true); } } // Website Check if ($tmpl['display_website_form'] == 2) { if ($post2['website'] && trim($post2['website']) != '') { $website = 1; } else { $website = 0; JRequest::setVar('website-msg-1', 1, 'get', true); } if ($website != 0 && !PhocaguestbookHelperFront::isURLAddress($post2['website'])) { $website = 0; JRequest::setVar('website-msg-2', 1, 'get', true); } } else { if ($tmpl['display_website_form'] == 0) { if ($post2['website'] && trim($post2['website']) != '') { $app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED")); exit; } $website = 1; } else { $website = 1; if ($website != 0 && $post2['website'] != '' && !PhocaguestbookHelperFront::isURLAddress($post2['website'])) { $website = 0; JRequest::setVar('website-msg-2', 1, 'get', true); } } } // Content Check if ($tmpl['display_content_form'] == 2) { if ($post2['content'] && trim($post2['content']) != '') { $content = 1; } else { $content = 0; JRequest::setVar('content-msg-1', 1, 'get', true); } } else { if ($tmpl['display_content_form'] == 0) { if ($post2['content'] && trim($post2['content']) != '') { $app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED")); exit; } $content = 1; } else { $content = 1; } } // IP BAN Check $ip_ban = trim($paramsC->get('ip_ban')); $ip_ban_array = explode(',', $ip_ban); $tmpl['ipa'] = 1; //display if (is_array($ip_ban_array)) { foreach ($ip_ban_array as $valueIp) { //if ($post2['ip'] == trim($value)) { if ($valueIp != '') { if (strstr($post2['ip'], trim($valueIp)) && strpos($post2['ip'], trim($valueIp)) == 0) { $tmpl['ipa'] = 0; JRequest::setVar('ip-msg-1', 1, 'get', true); break; } } } } // Not allowed URLs $tmpl['deny_url_words'] = $paramsC->get('deny_url_words', ''); if (!empty($tmpl['deny_url_words'])) { $tmpl['deny_url_words'] = explode(',', $paramsC->get('deny_url_words', '')); } if (!empty($tmpl['deny_url_words']) && $content == 1) { $deny_url = 1; foreach ($tmpl['deny_url_words'] as $word) { if ($word != '') { if (strpos($post2['content'], $word) !== false || strpos($post2['title'], $word) !== false || strpos($post2['username'], $word) !== false) { $deny_url = 0; JRequest::setVar('denyurl-msg-1', 1, 'get', true); } } } } else { $deny_url = 1; } // Registered user Check if ($tmpl['registered_users_only'] == 1) { if ($user->id > 0) { $reguser = 1; } else { $reguser = 0; JRequest::setVar('reguser-msg-1', 1, 'get', true); } } else { $reguser = 1; } // Captcha not for registered if ((int) $tmpl['enable_captcha_users'] == 1) { if ((int) $user->id > 0) { $tmpl['enable_captcha'] = 0; } } // Enable or disable Captcha if ($tmpl['enable_captcha'] < 1) { $phoca_guestbook_session = 1; $post2['captcha'] = 1; } /* if ($content != 0 && eregi( "[\<|\>]", $post2['content'])) { $content = 0; JRequest::setVar( 'content-msg-2', 1, 'get',true ); }*/ // SAVING DATA - - - - - - - - - - //the captcha picture code is the same as captcha input code, we can save the data //and other post data are OK //Recaptcha if ($phoca_guestbook_session == '') { // Maybe it is used a reCAPTCHA - we don't know but, because of security reason // no information about which method is used is sent through the form // So try to get reCAPTCHA require_once JPATH_COMPONENT . DS . 'helpers' . DS . 'recaptchalib.php'; $resp = PhocaGuestbookHelperReCaptcha::recaptcha_check_answer($paramsC->get('recaptcha_privatekey', ''), $_SERVER["REMOTE_ADDR"], JRequest::getVar('recaptcha_challenge_field', '', 'post', 'string'), JRequest::getVar('recaptcha_response_field', '', 'post', 'string')); if (!$resp->is_valid) { $phoca_guestbook_session = ''; $post2['captcha'] = ''; } else { $phoca_guestbook_session = 1; $post2['captcha'] = 1; } } if ($phoca_guestbook_session && $phoca_guestbook_session != '' && isset($post2['captcha']) && $post2['captcha'] != '' && $phoca_guestbook_session == $post2['captcha'] && $title == 1 && $username == 1 && $email == 1 && $content == 1 && $website == 1 && $tmpl['ipa'] == 1 && $deny_url == 1 && $reguser == 1 && isset($post2['task']) && $post2['task'] == 'submit' && isset($post2['save']) && isset($post2['published'])) { $post2['homesite'] = $post2['website']; /* Akismet * after checking, that everything is valid and the captcha is good, * we ask the akismet Service if this post is a spam, * given that akismet check is enabled in the config */ //optimistic Default values, might be overriden /** If this is true, the content will be posted, either as a published or unpublished post*/ $akismetIsGood = true; /** If this is true, the content will be unpublished (or not posted, see above)*/ $akismetSuspectSpam = false; if ($tmpl['enable_akismet'] == 1) { $msgA = ''; $akismetSuspectSpam = PhocaguestbookAkismetHelper::checkSpam($tmpl['akismet_api_key'], $tmpl['akismet_url'], $post2['username'], $post2['email'], $post2['website'], $post2['content'], $msgA); // Error while setting Akismet if ($msgA != '') { $postNew['displayformerror'] = 0; $postNew['akismeterror'] = JText::_('COM_PHOCAGUESTBOOK_PHOCA_GUESTBOOK_AKISMET_NOT_CORRECTLY_SET'); return false; } if ($akismetSuspectSpam && $tmpl['akismet_block_spam'] == 1) { $akismetIsGood = false; } } //If akismet decides this is a spam post, and settings state, that spam gets blocked completly, return with false if (!$akismetIsGood) { $postNew['displayformerror'] = 0; $postNew['akismeterror'] = JText::_('COM_PHOCAGUESTBOOK_PHOCA_GUESTBOOK_SPAM_BLOCKED'); return false; } //Akismet decides this is a spam post, the settings state, that spam posts get submitted but unpublished. if ($akismetSuspectSpam) { //unpublish $post2['published'] = 0; } // Incoming page if ($tmpl['enable_detecting_page'] == 1) { $post2['incoming_page'] = htmlspecialchars(JFactory::getURI()->toString()); } $data = $post2; // TRUE MODEL $row =& $this->getTable('phocaguestbook'); // Bind the form fields to the table if (!$row->bind($data)) { $this->setError($this->_db->getErrorMsg()); return false; } // First check: no category if ((int) $row->catid < 1) { $this->setError($this->_db->getErrorMsg()); return false; } // Second check: not existing category $categoryExists = $this->_checkGuestbook((int) $row->catid); if (!$categoryExists) { $this->setError($this->_db->getErrorMsg()); return false; } //Check if we are authorized to post to the guestbook $access = false; if ($this->_loadGuestbook()) { $app = JFactory::getApplication(); $uri = JFactory::getURI(); $user = JFactory::getUser(); $accessMsg = JText::_('COM_PHOCAGUESTBOOK_NOT_AUTHORIZED_DO_ACTION'); if (isset($this->_guestbook->access)) { $neededAccessLevels = PhocaguestbookHelperFront::toArray($this->_guestbook->access); //PhocaguestbookHelperFront::getNeededAccessLevels(); $access = PhocaguestbookHelperFront::isAccess($user->authorisedLevels(), $neededAccessLevels); } if (isset($this->_guestbook->id) && isset($data['catid']) && (int) $this->_guestbook->id == (int) $data['catid']) { } else { $access = FALSE; $accessMsg = JText::_('COM_PHOCAGUESTBOOK_NOT_AUTHORIZED_DO_ACTION') . '. ' . JText::_('COM_PHOCAGUESTBOOK_WRONG_GUESTBOOK') . '.'; } if (isset($this->_guestbook->language) && isset($data['language']) && ((int) $this->_guestbook->language == (int) $data['language'] || (int) ($this->_guestbook->language = '*' || (int) ($this->_guestbook->language = '')))) { } else { $access = FALSE; $accessMsg = JText::_('COM_PHOCAGUESTBOOK_NOT_AUTHORIZED_DO_ACTION') . '. ' . JText::_('COM_PHOCAGUESTBOOK_WRONG_LANGUAGE') . '.'; } } if (!$access) { //JError::raiseError(403, JText::_("ALERTNOTAUTH")); $app->redirect('index.php?option=com_users&view=login&return=' . base64_encode($uri), $accessMsg); return; } // Create the timestamp for the date $row->date = gmdate('Y-m-d H:i:s'); // if new item, order last in appropriate group if (!$row->id) { $where = 'catid = ' . (int) $row->catid; $row->ordering = $row->getNextOrder($where); } // Make sure the table is valid if (!$row->check()) { $this->setError($this->_db->getErrorMsg()); return false; } // Store the Phoca gallery table to the database if (!$row->store()) { $this->setError($this->_db->getErrorMsg()); return false; } // Everything OK if ((int) $tmpl['send_mail'] > 0) { PhocaGuestbookModelGuestbook::sendPhocaGuestbookMail((int) $tmpl['send_mail'], $data, $uri->toString(), $tmpl); } $postNew = $post2; return true; } else { // captcha image code is not the same as captcha input field (don't redirect because we need post data) if ($post2['captcha'] == '') { JRequest::setVar('captcha-msg', 1, 'get', true); } if (!$post2['captcha']) { JRequest::setVar('captcha-msg', 1, 'get', true); } if ($phoca_guestbook_session != $post2['captcha']) { JRequest::setVar('captcha-msg', 1, 'get', true); } $post2['displayformerror'] = 1; $postNew = $post2; return false; } }
/** * Gets html to display an email address given a public an private key. * to get a key, go to: * * http://www.google.com/recaptcha/mailhide/apikey */ function recaptcha_mailhide_html($pubkey, $privkey, $email) { $emailparts = PhocaGuestbookHelperReCaptcha::_recaptcha_mailhide_email_parts($email); $url = PhocaGuestbookHelperReCaptcha::recaptcha_mailhide_url($pubkey, $privkey, $email); return htmlentities($emailparts[0]) . "<a href='" . htmlentities($url) . "' onclick=\"window.open('" . htmlentities($url) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities($emailparts[1]); }
if ((int) $this->tmpl['display_website_form'] > 0) { echo '<tr>' . '<td><strong>' . JText::_('COM_PHOCAGUESTBOOK_WEBSITE') . PhocaguestbookHelperFront::getRequiredSign((int) $this->tmpl['display_website_form']) . ' </strong></td>' . '<td colspan="3">' . '<input type="text" name="website" id="pgbwebsite" value="' . htmlspecialchars($this->formdata->website) . '" size="32" maxlength="100" class="pgbinput" />' . $this->tmpl['hidden_field_output'][4] . '</td>' . '</tr>'; } if ((int) $this->tmpl['display_content_form'] > 0) { echo '<tr>' . '<td><strong>' . JText::_('COM_PHOCAGUESTBOOK_CONTENT') . PhocaguestbookHelperFront::getRequiredSign((int) $this->tmpl['display_content_form']) . ' </strong></td>' . '<td colspan="3">' . $this->tmpl['editor'] . $this->tmpl['hidden_field_output'][5] . '</td>' . '</tr>'; } if ((int) $this->tmpl['enable_captcha'] > 0 && $this->tmpl['captcha_id'] > 0) { // Server side checking CAPTCHA echo $this->tmpl['errmsg_captcha']; //-- Server side checking CAPTCHA // Set fix height because of pane slider $imageHeight = 'style="height:105px"'; echo '<tr>' . '<td width="5"><strong>' . JText::_('COM_PHOCAGUESTBOOK_IMG_VERIFICATION') . PhocaguestbookHelperFront::getRequiredSign(2) . ' </strong></td>'; if ((int) $this->tmpl['captcha_id'] == 4) { echo '<td colspan="2" align="center" valign="middle" ' . $imageHeight . '>'; echo PhocaGuestbookHelperReCaptcha::recaptcha_get_html($this->tmpl['recaptcha_publickey']); echo '</td>'; } else { echo '<td width="5" align="left" valign="middle" ' . $imageHeight . '>'; echo PhocaguestbookHelperFront::getCaptchaUrl($this->id); echo '</td>'; echo '<td width="5" align="left" valign="middle">' . '<input type="text" id="pgbcaptcha" name="captcha" size="6" maxlength="6" class="pgbinput" /></td>'; echo '<td align="center" width="50" valign="middle">'; //Remove because of IE6 - href="javascript:void(0)" onclick="javascript:reloadCaptcha();" echo '<a href="javascript:reloadCaptcha();" title="' . JText::_('COM_PHOCAGUESTBOOK_RELOAD_IMAGE') . '" >' . JHTML::_('image', 'components/com_phocaguestbook/assets/images/icon-reload.gif', JText::_('COM_PHOCAGUESTBOOK_RELOAD_IMAGE')) . '</a></td>'; } echo '</tr>'; } echo '<tr>' . '<td> </td>' . '<td colspan="3">' . '<input type="submit" name="save" value="' . JText::_('COM_PHOCAGUESTBOOK_SUBMIT') . '" />' . ' ' . '<input type="reset" name="reset" value="' . JText::_('COM_PHOCAGUESTBOOK_RESET') . '" /></td>' . '</tr>' . '</table>'; echo '<input type="hidden" name="cid" value="' . $this->id . '" />' . "\n" . '<input type="hidden" name="language" value="' . $this->guestbooks->language . '" />' . "\n" . '<input type="hidden" name="option" value="com_phocaguestbook" />' . "\n" . '<input type="hidden" name="view" value="guestbook" />' . "\n" . '<input type="hidden" name="controller" value="phocaguestbook" />' . "\n" . '<input type="hidden" name="task" value="submit" />' . "\n" . '<input type="hidden" name="' . JUtility::getToken() . '" value="1" />' . "\n" . '</form>' . "\n" . '</div><div style="clear:both;"> </div>'; // Display Pane or not