public static function setObjectInfo($objectId, $info) { $db = JCommentsFactory::getDBO(); if (!empty($objectId)) { $query = "UPDATE #__jcomments_objects" . " SET " . " `access` = " . (int) $info->access . ", `userid` = " . (int) $info->userid . ", `expired` = 0" . ", `modified` = " . $db->Quote(JCommentsFactory::getDate()) . (empty($info->title) ? "" : ", `title` = " . $db->Quote($info->title)) . (empty($info->link) ? "" : ", `link` = " . $db->Quote($info->link)) . " WHERE `id` = " . (int) $objectId . ";"; } else { $query = "INSERT INTO #__jcomments_objects" . " SET " . " `object_id` = " . (int) $info->object_id . ", `object_group` = " . $db->Quote($info->object_group) . ", `lang` = " . $db->Quote($info->lang) . ", `title` = " . $db->Quote($info->title) . ", `link` = " . $db->Quote($info->link) . ", `access` = " . (int) $info->access . ", `userid` = " . (int) $info->userid . ", `expired` = 0" . ", `modified` = " . $db->Quote(JCommentsFactory::getDate()); } $db->setQuery($query); $db->query(); }
public static function checkFlood($ip) { $app = JCommentsFactory::getApplication(); $config = JCommentsFactory::getConfig(); $floodInterval = $config->getInt('flood_time'); if ($floodInterval > 0) { $db = JCommentsFactory::getDBO(); $now = JCommentsFactory::getDate(); $query = "SELECT COUNT(*) " . "\nFROM #__jcomments " . "\nWHERE ip = '{$ip}' " . "\nAND '" . $now . "' < DATE_ADD(date, INTERVAL " . $floodInterval . " SECOND)" . ($app->getCfg('multilingual_support') == 1 ? "\nAND lang = '" . $app->getCfg('lang') . "'" : ""); $db->setQuery($query); return $db->loadResult() == 0 ? 0 : 1; } return 0; }
public static function save() { JCommentsSecurity::checkToken(); $task = JCommentsInput::getVar('task'); $id = (int) JCommentsInput::getVar('id', 0); $db = JCommentsFactory::getDBO(); $row = new JCommentsTableBlacklist($db); if ($id) { $row->load($id); } else { $user = JCommentsFactory::getUser(); $row->created_by = $user->id; $row->created = JCommentsFactory::getDate(); } $row->ip = preg_replace('#[^0-9\\.\\*]#', '', trim(strip_tags(JCommentsInput::getVar('ip')))); $row->reason = trim(strip_tags(JCommentsInput::getVar('reason'))); $row->notes = trim(strip_tags(JCommentsInput::getVar('notes'))); if (empty($row->notes) && !empty($row->reason)) { $row->notes = $row->reason; } if ($row->ip == $_SERVER['REMOTE_ADDR']) { JError::raiseWarning(500, JText::_('A_BLACKLIST_ERROR_YOU_CAN_NOT_BAN_YOUR_IP')); } else { $row->store(); } $row->checkin(); switch ($task) { case 'blacklist.apply': JCommentsRedirect(JCOMMENTS_INDEX . '?option=com_jcomments&task=blacklist.edit&hidemainmenu=1&cid[]=' . $row->id); break; case 'blacklist.save': default: JCommentsRedirect(JCOMMENTS_INDEX . '?option=com_jcomments&task=blacklist'); break; } }
public static function executeCmd() { $app = JCommentsFactory::getApplication('site'); $cmd = strtolower(JCommentsInput::getVar('cmd', '')); $hash = JCommentsInput::getVar('hash', ''); $id = (int) JCommentsInput::getVar('id', 0); $message = ''; $link = $app->getCfg('live_site') . '/index.php'; $checkHash = JCommentsFactory::getCmdHash($cmd, $id); if ($hash == $checkHash) { $config = JCommentsFactory::getConfig(); if ($config->getInt('enable_quick_moderation') == 1) { $db = JCommentsFactory::getDBO(); $comment = new JCommentsTableComment($db); if ($comment->load($id)) { $link = JCommentsObjectHelper::getLink($comment->object_id, $comment->object_group, $comment->lang); $link = str_replace('&', '&', $link); switch ($cmd) { case 'publish': $comment->published = 1; $comment->store(); // send notification to comment subscribers JComments::sendToSubscribers($comment, true); $link .= '#comment-' . $comment->id; break; case 'unpublish': $comment->published = 0; $comment->store(); $acl = JCommentsFactory::getACL(); if ($acl->canPublish()) { $link .= '#comment-' . $comment->id; } else { $link .= '#comments'; } break; case 'delete': if ($config->getInt('delete_mode') == 0) { $comment->delete(); $link .= '#comments'; } else { $comment->markAsDeleted(); $link .= '#comment-' . $comment->id; } break; case 'ban': if ($config->getInt('enable_blacklist') == 1) { $acl = JCommentsFactory::getACL(); // we will not ban own IP ;) if ($comment->ip != $acl->getUserIP()) { $options = array(); $options['ip'] = $comment->ip; // check if this IP already banned if (JCommentsSecurity::checkBlacklist($options)) { require_once JCOMMENTS_TABLES . '/blacklist.php'; $blacklist = new JCommentsTableBlacklist($db); $blacklist->ip = $comment->ip; $blacklist->created = JCommentsFactory::getDate(); $blacklist->created_by = $acl->getUserId(); $blacklist->store(); $message = JText::_('SUCCESSFULLY_BANNED'); } else { $message = JText::_('ERROR_IP_ALREADY_BANNED'); } } else { $message = JText::_('ERROR_YOU_CAN_NOT_BAN_YOUR_IP'); } } break; } } else { $message = JText::_('ERROR_NOT_FOUND'); } } else { $message = JText::_('ERROR_QUICK_MODERATION_DISABLED'); } } else { $message = JText::_('ERROR_QUICK_MODERATION_INCORRECT_HASH'); } JCommentsRedirect($link, $message); }
public static function BanIP($id) { if (JCommentsSecurity::badRequest() == 1) { JCommentsSecurity::notAuth(); } $acl = JCommentsFactory::getACL(); $response = JCommentsFactory::getAjaxResponse(); if ($acl->canBan()) { $config = JCommentsFactory::getConfig(); if ($config->getInt('enable_blacklist') == 1) { $id = (int) $id; $db = JCommentsFactory::getDBO(); $comment = new JCommentsTableComment($db); if ($comment->load($id)) { // we will not ban own IP ;) if ($comment->ip != $acl->getUserIP()) { $options = array(); $options['ip'] = $comment->ip; // check if this IP already banned if (JCommentsSecurity::checkBlacklist($options)) { $result = JCommentsEvent::trigger('onJCommentsUserBeforeBan', array(&$comment, &$options)); if (!in_array(false, $result, true)) { require_once JCOMMENTS_TABLES . '/blacklist.php'; $blacklist = new JCommentsTableBlacklist($db); $blacklist->ip = $comment->ip; $blacklist->created = JCommentsFactory::getDate(); $blacklist->created_by = $acl->getUserId(); if ($blacklist->store()) { JCommentsEvent::trigger('onJCommentsUserAfterBan', array(&$comment, $options)); self::showInfoMessage(JText::_('SUCCESSFULLY_BANNED'), 'comment-item-' . $id); } } } else { self::showErrorMessage(JText::_('ERROR_IP_ALREADY_BANNED'), '', 'comment-item-' . $id); } } else { self::showErrorMessage(JText::_('ERROR_YOU_CAN_NOT_BAN_YOUR_IP'), '', 'comment-item-' . $id); } } } } return $response; }