public static function setObjectInfo($objectId, $info)
{
$db = JCommentsFactory::getDBO();
if (!empty($objectId)) {
$query = "UPDATE #__jcomments_objects" . " SET " . " `access` = " . (int) $info->access . ", `userid` = " . (int) $info->userid . ", `expired` = 0" . ", `modified` = " . $db->Quote(JCommentsFactory::getDate()) . (empty($info->title) ? "" : ", `title` = " . $db->Quote($info->title)) . (empty($info->link) ? "" : ", `link` = " . $db->Quote($info->link)) . " WHERE `id` = " . (int) $objectId . ";";
} else {
$query = "INSERT INTO #__jcomments_objects" . " SET " . " `object_id` = " . (int) $info->object_id . ", `object_group` = " . $db->Quote($info->object_group) . ", `lang` = " . $db->Quote($info->lang) . ", `title` = " . $db->Quote($info->title) . ", `link` = " . $db->Quote($info->link) . ", `access` = " . (int) $info->access . ", `userid` = " . (int) $info->userid . ", `expired` = 0" . ", `modified` = " . $db->Quote(JCommentsFactory::getDate());
}
$db->setQuery($query);
$db->query();
}
public static function checkFlood($ip)
{
$app = JCommentsFactory::getApplication();
$config = JCommentsFactory::getConfig();
$floodInterval = $config->getInt('flood_time');
if ($floodInterval > 0) {
$db = JCommentsFactory::getDBO();
$now = JCommentsFactory::getDate();
$query = "SELECT COUNT(*) " . "\nFROM #__jcomments " . "\nWHERE ip = '{$ip}' " . "\nAND '" . $now . "' < DATE_ADD(date, INTERVAL " . $floodInterval . " SECOND)" . ($app->getCfg('multilingual_support') == 1 ? "\nAND lang = '" . $app->getCfg('lang') . "'" : "");
$db->setQuery($query);
return $db->loadResult() == 0 ? 0 : 1;
}
return 0;
}
public static function save()
{
JCommentsSecurity::checkToken();
$task = JCommentsInput::getVar('task');
$id = (int) JCommentsInput::getVar('id', 0);
$db = JCommentsFactory::getDBO();
$row = new JCommentsTableBlacklist($db);
if ($id) {
$row->load($id);
} else {
$user = JCommentsFactory::getUser();
$row->created_by = $user->id;
$row->created = JCommentsFactory::getDate();
}
$row->ip = preg_replace('#[^0-9\\.\\*]#', '', trim(strip_tags(JCommentsInput::getVar('ip'))));
$row->reason = trim(strip_tags(JCommentsInput::getVar('reason')));
$row->notes = trim(strip_tags(JCommentsInput::getVar('notes')));
if (empty($row->notes) && !empty($row->reason)) {
$row->notes = $row->reason;
}
if ($row->ip == $_SERVER['REMOTE_ADDR']) {
JError::raiseWarning(500, JText::_('A_BLACKLIST_ERROR_YOU_CAN_NOT_BAN_YOUR_IP'));
} else {
$row->store();
}
$row->checkin();
switch ($task) {
case 'blacklist.apply':
JCommentsRedirect(JCOMMENTS_INDEX . '?option=com_jcomments&task=blacklist.edit&hidemainmenu=1&cid[]=' . $row->id);
break;
case 'blacklist.save':
default:
JCommentsRedirect(JCOMMENTS_INDEX . '?option=com_jcomments&task=blacklist');
break;
}
}
public static function executeCmd()
{
$app = JCommentsFactory::getApplication('site');
$cmd = strtolower(JCommentsInput::getVar('cmd', ''));
$hash = JCommentsInput::getVar('hash', '');
$id = (int) JCommentsInput::getVar('id', 0);
$message = '';
$link = $app->getCfg('live_site') . '/index.php';
$checkHash = JCommentsFactory::getCmdHash($cmd, $id);
if ($hash == $checkHash) {
$config = JCommentsFactory::getConfig();
if ($config->getInt('enable_quick_moderation') == 1) {
$db = JCommentsFactory::getDBO();
$comment = new JCommentsTableComment($db);
if ($comment->load($id)) {
$link = JCommentsObjectHelper::getLink($comment->object_id, $comment->object_group, $comment->lang);
$link = str_replace('&', '&', $link);
switch ($cmd) {
case 'publish':
$comment->published = 1;
$comment->store();
// send notification to comment subscribers
JComments::sendToSubscribers($comment, true);
$link .= '#comment-' . $comment->id;
break;
case 'unpublish':
$comment->published = 0;
$comment->store();
$acl = JCommentsFactory::getACL();
if ($acl->canPublish()) {
$link .= '#comment-' . $comment->id;
} else {
$link .= '#comments';
}
break;
case 'delete':
if ($config->getInt('delete_mode') == 0) {
$comment->delete();
$link .= '#comments';
} else {
$comment->markAsDeleted();
$link .= '#comment-' . $comment->id;
}
break;
case 'ban':
if ($config->getInt('enable_blacklist') == 1) {
$acl = JCommentsFactory::getACL();
// we will not ban own IP ;)
if ($comment->ip != $acl->getUserIP()) {
$options = array();
$options['ip'] = $comment->ip;
// check if this IP already banned
if (JCommentsSecurity::checkBlacklist($options)) {
require_once JCOMMENTS_TABLES . '/blacklist.php';
$blacklist = new JCommentsTableBlacklist($db);
$blacklist->ip = $comment->ip;
$blacklist->created = JCommentsFactory::getDate();
$blacklist->created_by = $acl->getUserId();
$blacklist->store();
$message = JText::_('SUCCESSFULLY_BANNED');
} else {
$message = JText::_('ERROR_IP_ALREADY_BANNED');
}
} else {
$message = JText::_('ERROR_YOU_CAN_NOT_BAN_YOUR_IP');
}
}
break;
}
} else {
$message = JText::_('ERROR_NOT_FOUND');
}
} else {
$message = JText::_('ERROR_QUICK_MODERATION_DISABLED');
}
} else {
$message = JText::_('ERROR_QUICK_MODERATION_INCORRECT_HASH');
}
JCommentsRedirect($link, $message);
}
public static function BanIP($id)
{
if (JCommentsSecurity::badRequest() == 1) {
JCommentsSecurity::notAuth();
}
$acl = JCommentsFactory::getACL();
$response = JCommentsFactory::getAjaxResponse();
if ($acl->canBan()) {
$config = JCommentsFactory::getConfig();
if ($config->getInt('enable_blacklist') == 1) {
$id = (int) $id;
$db = JCommentsFactory::getDBO();
$comment = new JCommentsTableComment($db);
if ($comment->load($id)) {
// we will not ban own IP ;)
if ($comment->ip != $acl->getUserIP()) {
$options = array();
$options['ip'] = $comment->ip;
// check if this IP already banned
if (JCommentsSecurity::checkBlacklist($options)) {
$result = JCommentsEvent::trigger('onJCommentsUserBeforeBan', array(&$comment, &$options));
if (!in_array(false, $result, true)) {
require_once JCOMMENTS_TABLES . '/blacklist.php';
$blacklist = new JCommentsTableBlacklist($db);
$blacklist->ip = $comment->ip;
$blacklist->created = JCommentsFactory::getDate();
$blacklist->created_by = $acl->getUserId();
if ($blacklist->store()) {
JCommentsEvent::trigger('onJCommentsUserAfterBan', array(&$comment, $options));
self::showInfoMessage(JText::_('SUCCESSFULLY_BANNED'), 'comment-item-' . $id);
}
}
} else {
self::showErrorMessage(JText::_('ERROR_IP_ALREADY_BANNED'), '', 'comment-item-' . $id);
}
} else {
self::showErrorMessage(JText::_('ERROR_YOU_CAN_NOT_BAN_YOUR_IP'), '', 'comment-item-' . $id);
}
}
}
}
return $response;
}
