/** * Save a post and redirects to listing * * @return void */ public function saveTask() { // Check for request forgeries Request::checkToken(); if (!User::authorise('core.edit', $this->_option) && !User::authorise('core.create', $this->_option)) { App::abort(403, Lang::txt('JERROR_ALERTNOAUTHOR')); } User::setState('com_forum.edit.thread.data', null); // Incoming $fields = Request::getVar('fields', array(), 'post', 'none', 2); $fields = array_map('trim', $fields); $fields['sticky'] = isset($fields['sticky']) ? $fields['sticky'] : 0; $fields['closed'] = isset($fields['closed']) ? $fields['closed'] : 0; $fields['anonymous'] = isset($fields['anonymous']) ? $fields['anonymous'] : 0; if ($fields['id']) { $fields['modified'] = \Date::toSql(); $fields['modified_by'] = User::get('id'); } // Initiate extended database class $post = Post::oneOrNew(intval($fields['id']))->set($fields); // Bind the rules. $data = Request::getVar('jform', array(), 'post'); if (isset($data['rules']) && is_array($data['rules'])) { $model = new AdminThread(); $form = $model->getForm($data, false); $validData = $model->validate($form, $data); $post->assetRules = $validData['rules']; } // Store new content if (!$post->save()) { Notify::error($post->getError()); return $this->editTask($post); } // Handle attachments if (!$this->uploadTask($post->get('thread', $post->get('id')), $post->get('id'))) { Notify::error($this->getError()); return $this->editTask($post); } // Process tags $post->tag(trim(Request::getVar('tags', ''))); Notify::success(Lang::txt('COM_FORUM_POST_SAVED')); if ($this->getTask() == 'apply') { return $this->editTask($post); } // Redirect $p = ''; if ($thread = Request::getInt('thread', 0)) { $p = '&task=thread&thread=' . $thread; } App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . $p, false)); }
/** * Saves posted data for a new/edited forum thread post * * @return void */ public function savethread() { // Check for request forgeries Request::checkToken(); // Must be logged in if (User::isGuest()) { App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode(Route::url($this->base, false, true)))); return; } // Incoming $section = Request::getVar('section', ''); $no_html = Request::getInt('no_html', 0); $fields = Request::getVar('fields', array(), 'post', 'none', 2); $fields = array_map('trim', $fields); // Check permissions $this->_authorize('thread', intval($fields['id'])); $asset = 'thread'; if ($fields['id'] && !$this->params->get('access-edit-thread') || !$fields['id'] && !$this->params->get('access-create-thread')) { App::redirect(Route::url($this->base), Lang::txt('You are not authorized to perform this action.'), 'warning'); return; } // Bind data $post = Post::oneOrNew($fields['id']); // Double comment? $double = Post::all()->whereEquals('object_id', $post->get('object_id'))->whereEquals('scope', $post->get('scope'))->whereEquals('scope_id', $post->get('scope_id'))->whereEquals('created_by', $post->get('created_by'))->whereEquals('comment', $post->get('comment'))->row(); if ($double->get('id')) { $post->set($double->toArray()); } $post->set($fields); // Load the category $category = Category::oneOrFail($post->get('category_id')); if (!$post->get('object_id') && $category->get('object_id')) { $post->set('object_id', $category->get('object_id')); } // Store new content if (!$post->save()) { Notify::error($post->getError()); return $this->editthread($post); } // Upload file if (!$this->upload($post->get('thread', $post->get('id')), $post->get('id'))) { Notify::error($this->getError()); return $this->editthread($post); } // Save tags $post->tag(Request::getVar('tags', '', 'post'), User::get('id')); $thread = $post->get('thread'); // Being called through AJAX? if ($no_html) { // Set the thread Request::setVar('thread', $thread); // Is this a new post in a thread or new thread entirely? if (!$post->get('parent')) { // New thread // Update the thread list and get the contents of the thread Request::setVar('action', 'both'); } else { // Get a list of new posts in the thread Request::setVar('action', 'posts'); } // If we have a lecture set, push through to the lecture view if (Request::getVar('group', '')) { $unit = $this->course->offering()->unit($category->get('alias')); $lecture = new \Components\Courses\Models\Assetgroup($post->get('object_id')); return $this->onCourseAfterLecture($this->course, $unit, $lecture); } else { // Display main panel return $this->panel(); } } $rtrn = base64_decode(Request::getVar('return', '', 'post')); if (!$rtrn) { $rtrn = Route::url($this->base . '&thread=' . $thread); } // Set the redirect App::redirect($rtrn, Lang::txt('Post successfully saved'), 'passed'); }
/** * Save an entry * * @return void */ public function saveTask() { if (User::isGuest()) { $return = Route::url('index.php?option=' . $this->_option, false, true); App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($return))); } // Check for request forgeries Request::checkToken(); // Incoming $section = Request::getVar('section', ''); $fields = Request::getVar('fields', array(), 'post', 'none', 2); $fields = array_map('trim', $fields); $fields['sticky'] = isset($fields['sticky']) ? $fields['sticky'] : 0; $fields['closed'] = isset($fields['closed']) ? $fields['closed'] : 0; $fields['anonymous'] = isset($fields['anonymous']) ? $fields['anonymous'] : 0; // Instantiate a Post record $post = Post::oneOrNew($fields['id']); // Set authorization if the current user is the creator // of an existing post. $assetType = $fields['parent'] ? 'post' : 'thread'; if ($post->get('id')) { if ($post->get('created_by') == User::get('id')) { $this->config->set('access-edit-' . $assetType, true); } $fields['modified'] = \Date::toSql(); $fields['modified_by'] = User::get('id'); } // Authorization check $this->_authorize($assetType, intval($fields['id'])); if (!$this->config->get('access-edit-' . $assetType) && !$this->config->get('access-create-' . $assetType)) { App::redirect(Route::url('index.php?option=' . $this->_option)); } // Bind data $post->set($fields); // Make sure the thread exists and is accepting new posts if ($post->get('parent') && isset($fields['thread'])) { $thread = Post::oneOrFail($fields['thread']); if (!$thread->get('id') || $thread->get('closed')) { Notify::error(Lang::txt('COM_FORUM_ERROR_THREAD_CLOSED')); return $this->editTask($post); } } // Make sure the category exists and is accepting new posts $category = Category::oneOrFail($post->get('category_id')); if ($category->get('closed')) { Notify::error(Lang::txt('COM_FORUM_ERROR_CATEGORY_CLOSED')); return $this->editTask($post); } // Store new content if (!$post->save()) { Notify::error($post->getError()); return $this->editTask($post); } // Upload files if (!$this->uploadTask($post->get('thread', $post->get('id')), $post->get('id'))) { Notify::error($this->getError()); return $this->editTask($post); } // Save tags $post->tag(Request::getVar('tags', '', 'post'), User::get('id')); // Determine message if (!$fields['id']) { $message = Lang::txt('COM_FORUM_POST_ADDED'); if (!$fields['parent']) { $message = Lang::txt('COM_FORUM_THREAD_STARTED'); } } else { $message = $post->get('modified_by') ? Lang::txt('COM_FORUM_POST_EDITED') : Lang::txt('COM_FORUM_POST_ADDED'); } $url = 'index.php?option=' . $this->_option . '§ion=' . $section . '&category=' . $category->get('alias') . '&thread=' . $post->get('thread') . '#c' . $post->get('id'); // Record the activity $recipients = array(['forum.site', 1], ['forum.section', $category->get('section_id')], ['user', $post->get('created_by')]); $type = 'thread'; $desc = Lang::txt('COM_FORUM_ACTIVITY_' . strtoupper($type) . '_' . ($fields['id'] ? 'UPDATED' : 'CREATED'), '<a href="' . Route::url($url) . '">' . $post->get('title') . '</a>'); // If this is a post in a thread and not the thread starter... if ($post->get('parent')) { $thread = isset($thread) ? $thread : Post::oneOrFail($post->get('thread')); $thread->set('last_activity', $fields['id'] ? $post->get('modified') : $post->get('created')); $thread->save(); $type = 'post'; $desc = Lang::txt('COM_FORUM_ACTIVITY_' . strtoupper($type) . '_' . ($fields['id'] ? 'UPDATED' : 'CREATED'), $post->get('id'), '<a href="' . Route::url($url) . '">' . $thread->get('title') . '</a>'); // If the parent post is not the same as the // thread starter (i.e., this is a reply) if ($post->get('parent') != $post->get('thread')) { $parent = Post::oneOrFail($post->get('parent')); $recipients[] = ['user', $parent->get('created_by')]; } } Event::trigger('system.logActivity', ['activity' => ['action' => $fields['id'] ? 'updated' : 'created', 'scope' => 'forum.' . $type, 'scope_id' => $post->get('id'), 'anonymous' => $post->get('anonymous', 0), 'description' => $desc, 'details' => array('thread' => $post->get('thread'), 'url' => Route::url($url))], 'recipients' => $recipients]); // Set the redirect App::redirect(Route::url($url), $message, 'message'); }
/** * Saves posted data for a new/edited forum thread post * * @return void */ public function savethread() { // Login check is handled in the onGroup() method /*if (User::isGuest()) { App::redirect( Route::url('index.php?option=com_users&view=login&return=' . base64_encode(Route::url($this->base, false, true))) ); return; }*/ // Check for request forgeries Request::checkToken(); // Incoming $section = Request::getVar('section', ''); $fields = Request::getVar('fields', array(), 'post', 'none', 2); $fields = array_map('trim', $fields); $fields['sticky'] = isset($fields['sticky']) ? $fields['sticky'] : 0; $fields['closed'] = isset($fields['closed']) ? $fields['closed'] : 0; $fields['anonymous'] = isset($fields['anonymous']) ? $fields['anonymous'] : 0; // Instantiate a Post record $post = Post::oneOrNew($fields['id']); $this->_authorize('thread', intval($fields['id'])); $asset = 'thread'; if ($fields['parent']) { //$asset = 'post'; } $moving = false; // Already present if ($fields['id']) { if ($post->get('created_by') == User::get('id')) { $this->params->set('access-edit-' . $asset, true); } // Determine if we are moving the category for email suppression if ($post->get('category_id') != $fields['category_id']) { $moving = true; } $fields['modified'] = \Date::toSql(); $fields['modified_by'] = User::get('id'); } if (!$this->params->get('access-edit-thread') && !$this->params->get('access-create-thread')) { App::redirect(Route::url('index.php?option=' . $this->option . '&cn=' . $this->group->get('cn') . '&active=forum'), Lang::txt('PLG_GROUPS_FORUM_NOT_AUTHORIZED'), 'warning'); } // Bind data $post->set($fields); // Make sure the thread exists and is accepting new posts if ($post->get('parent') && isset($fields['thread'])) { $thread = Post::oneOrFail($fields['thread']); if (!$thread->get('id') || $thread->get('closed')) { Notify::error(Lang::txt('PLG_GROUPS_FORUM_ERROR_THREAD_CLOSED')); return $this->editthread($post); } } if (!$post->get('category_id')) { Notify::error(Lang::txt('PLG_GROUPS_FORUM_ERROR_MISSING_CATEGORY')); return $this->editthread($post); } // Make sure the category exists and is accepting new posts $category = Category::oneOrFail($post->get('category_id')); if ($category->get('closed')) { Notify::error(Lang::txt('PLG_GROUPS_ERROR_CATEGORY_CLOSED')); return $this->editthread($post); } // Store new content if (!$post->save()) { Notify::error($post->getError()); return $this->editthread($post); } // Upload if (!$this->upload($post->get('thread', $post->get('id')), $post->get('id'))) { Notify::error($this->getError()); return $this->editthread($post); } // Save tags $post->tag(Request::getVar('tags', '', 'post'), User::get('id')); // Set message if (!$fields['id']) { $message = Lang::txt('PLG_GROUPS_FORUM_POST_ADDED'); if (!$fields['parent']) { $message = Lang::txt('PLG_GROUPS_FORUM_THREAD_STARTED'); } } else { $message = $post->get('modified_by') ? Lang::txt('PLG_GROUPS_FORUM_POST_EDITED') : Lang::txt('PLG_GROUPS_FORUM_POST_ADDED'); } $section = $category->section(); $thread = Post::oneOrNew($post->get('thread')); // Disable notifications if ($fields['id'] && !Request::getInt('notify', 0)) { $moving = true; } // Email the group and insert email tokens to allow them to respond to group posts via email $params = Component::params('com_groups'); if ($params->get('email_comment_processing') && (isset($moving) && $moving == false)) { $thread->set('section', $section->get('alias')); $thread->set('category', $category->get('alias')); $post->set('section', $section->get('alias')); $post->set('category', $category->get('alias')); // Figure out who should be notified about this comment (all group members for now) $userIDsToEmail = array(); $memberoptions = false; if (file_exists(PATH_CORE . DS . 'plugins' . DS . 'groups' . DS . 'memberoptions' . DS . 'models' . DS . 'memberoption.php')) { include_once PATH_CORE . DS . 'plugins' . DS . 'groups' . DS . 'memberoptions' . DS . 'models' . DS . 'memberoption.php'; $memberoptions = true; } foreach ($this->members as $mbr) { //Look up user info $user = User::getInstance($mbr); if ($user->get('id') && $memberoptions) { // Find the user's group settings, do they want to get email (0 or 1)? $groupMemberOption = Plugins\Groups\Memberoptions\Models\Memberoption::oneByUserAndOption($this->group->get('gidNumber'), $user->get('id'), 'receive-forum-email'); $sendEmail = $groupMemberOption->get('optionvalue', 0); if ($sendEmail == 1) { $userIDsToEmail[] = $user->get('id'); } } } $allowEmailResponses = true; try { $encryptor = new \Hubzero\Mail\Token(); } catch (Exception $e) { $allowEmailResponses = false; } $from = array('name' => (!$post->get('anonymous') ? $post->creator->get('name', Lang::txt('PLG_GROUPS_FORUM_UNKNOWN')) : Lang::txt('PLG_GROUPS_FORUM_ANONYMOUS')) . ' @ ' . Config::get('sitename'), 'email' => Config::get('mailfrom'), 'replytoname' => Config::get('sitename'), 'replytoemail' => Config::get('mailfrom')); // Email each group member separately, each needs a user specific token foreach ($userIDsToEmail as $userID) { $unsubscribeLink = ''; $delimiter = ''; if ($allowEmailResponses) { $delimiter = '~!~!~!~!~!~!~!~!~!~!'; // Construct User specific Email ThreadToken // Version, type, userid, xforumid $token = $encryptor->buildEmailToken(1, 2, $userID, $post->get('thread', $post->get('id'))); // add unsubscribe link $unsubscribeToken = $encryptor->buildEmailToken(1, 3, $userID, $this->group->get('gidNumber')); $unsubscribeLink = rtrim(Request::base(), '/') . '/' . ltrim(Route::url('index.php?option=com_groups&cn=' . $this->group->get('cn') . '&active=forum&action=unsubscribe&t=' . $unsubscribeToken), DS); $from['replytoname'] = Lang::txt('PLG_GROUPS_FORUM_REPLYTO') . ' @ ' . Config::get('sitename'); $from['replytoemail'] = 'hgm-' . $token . '@' . $_SERVER['HTTP_HOST']; } $msg = array(); // create view object $eview = new \Hubzero\Mail\View(array('base_path' => __DIR__, 'name' => 'email', 'layout' => 'comment_plain')); // plain text $eview->set('delimiter', $delimiter)->set('unsubscribe', $unsubscribeLink)->set('group', $this->group)->set('section', $section)->set('category', $category)->set('thread', $thread)->set('post', $post); $plain = $eview->loadTemplate(false); $msg['plaintext'] = str_replace("\n", "\r\n", $plain); // HTML $eview->setLayout('comment_html'); $html = $eview->loadTemplate(); $msg['multipart'] = str_replace("\n", "\r\n", $html); $subject = Lang::txt('PLG_GROUPS_FORUM') . ': ' . $this->group->get('cn') . ' - ' . $thread->get('title'); if (!Event::trigger('xmessage.onSendMessage', array('group_message', $subject, $msg, $from, array($userID), $this->option, null, '', $this->group->get('gidNumber')))) { $this->setError(Lang::txt('GROUPS_ERROR_EMAIL_MEMBERS_FAILED')); } } } $url = $this->base . '&scope=' . $section->get('alias') . '/' . $category->get('alias') . '/' . $thread->get('id'); // Record the activity $recipients = array(['group', $this->group->get('gidNumber')], ['forum.' . $this->forum->get('scope'), $this->forum->get('scope_id')], ['user', $post->get('created_by')]); foreach ($this->group->get('managers') as $recipient) { $recipients[] = ['user', $recipient]; } $type = 'thread'; $desc = Lang::txt('PLG_GROUPS_FORUM_ACTIVITY_' . strtoupper($type) . '_' . ($fields['id'] ? 'UPDATED' : 'CREATED'), '<a href="' . Route::url($url) . '">' . $post->get('title') . '</a>'); // If this is a post in a thread and not the thread starter... if ($post->get('parent')) { $thread = isset($thread) ? $thread : Post::oneOrFail($post->get('thread')); $thread->set('last_activity', $fields['id'] ? $post->get('modified') : $post->get('created')); $thread->save(); $type = 'post'; $desc = Lang::txt('PLG_GROUPS_FORUM_ACTIVITY_' . strtoupper($type) . '_' . ($fields['id'] ? 'UPDATED' : 'CREATED'), $post->get('id'), '<a href="' . Route::url($url) . '">' . $thread->get('title') . '</a>'); // If the parent post is not the same as the // thread starter (i.e., this is a reply) if ($post->get('parent') != $post->get('thread')) { $parent = Post::oneOrFail($post->get('parent')); $recipients[] = ['user', $parent->get('created_by')]; } } Event::trigger('system.logActivity', ['activity' => ['action' => $fields['id'] ? 'updated' : 'created', 'scope' => 'forum.' . $type, 'scope_id' => $post->get('id'), 'anonymous' => $post->get('anonymous', 0), 'description' => $desc, 'details' => array('thread' => $post->get('thread'), 'url' => Route::url($url))], 'recipients' => $recipients]); // Set the redirect App::redirect(Route::url($url), $message, 'passed'); }