/** * Method to save a new comment * * @return int 1 on success, 2 on success but approval necessary, boolean false otherwise * @since 1.5.5 */ public function save() { // Check for hacking attempt $authorised_viewlevels = implode(',', $this->_user->getAuthorisedViewLevels()); $query = $this->_db->getQuery(true)->select('c.cid')->from(_JOOM_TABLE_IMAGES . ' AS a')->leftJoin(_JOOM_TABLE_CATEGORIES . ' AS c ON c.cid = a.catid')->where('a.published = 1')->where('a.approved = 1')->where('a.id = ' . $this->_id)->where('a.access IN (' . $authorised_viewlevels . ')')->where('c.access IN (' . $authorised_viewlevels . ')'); $this->_db->setQuery($query); $result = $this->_db->loadResult(); if (!$result || !$this->_config->get('jg_showcomment') || !$this->_config->get('jg_anoncomment') && !$this->_user->get('id')) { die('Hacking attempt, aborted!'); } $categories = $this->_ambit->getCategoryStructure(); if (!isset($categories[$result])) { die('Hacking attempt, aborted!'); } // Comment text $filter = JFilterInput::getInstance(); $text = trim($filter->clean(JRequest::getVar('cmttext', '', 'post'))); if (!$text) { $this->_mainframe->redirect(JRoute::_('index.php?view=detail&id=' . $this->_id . '#joomcommentform', false), JText::_('COM_JOOMGALLERY_NO_COMMENT_ENTERED'), 'notice'); } // Name of the one who comments if ($this->_user->get('id')) { $name = $this->_config->get('jg_realname') ? $this->_user->get('name') : $this->_user->get('username'); } else { if ($this->_config->get('jg_namedanoncomment')) { $name = trim($filter->clean(JRequest::getVar('cmtname', '', 'post'))); if (!$name) { $name = JText::_('COM_JOOMGALLERY_COMMON_GUEST'); } } else { $name = JText::_('COM_JOOMGALLERY_COMMON_GUEST'); } } // Store the data in session $this->_mainframe->setUserState('joom.comments.name', $name); $this->_mainframe->setUserState('joom.comments.text', $text); // Captcha $valid = true; $plugins = $this->_mainframe->triggerEvent('onJoomCheckCaptcha'); foreach ($plugins as $key => $result) { if (is_array($result) && isset($result['valid']) && !$result['valid']) { $valid = false; if (isset($result['error']) && $result['error']) { $msg = $result['error']; } else { $msg = JText::_('COM_JOOMGALLERY_DETAIL_MSG_COMMENT_SECURITY_CODE_WRONG'); } break; } } if (!$valid) { $this->_mainframe->redirect(JRoute::_('index.php?view=detail&id=' . $this->_id . '#joomcommentform', false), $msg, 'notice'); } // Check whether the comment has to be approved by administrators if (!$this->_config->get('jg_approvecom') && $this->_user->get('id') || !$this->_config->get('jg_anonapprovecom') && !$this->_user->get('id')) { $approved = 1; // Load image data $image = $this->getTable('joomgalleryimages'); $image->load($this->_id); // Message about new comment to image owner // If comments have to be approved by administrators // this message will be sent as soon as the comment was approved if ($this->_config->get('jg_msg_comment_toowner') && $image->owner && $image->owner != $this->_user->get('id')) { // Load image data $row = $this->getTable('joomgalleryimages'); $row->load($this->_id); require_once JPATH_COMPONENT . '/helpers/messenger.php'; $messenger = new JoomMessenger(); $message = array('from' => $this->_user->get('id'), 'recipient' => $image->owner, 'subject' => JText::_('COM_JOOMGALLERY_MESSAGE_NEW_COMMENT_TO_OWNER_SUBJECT'), 'body' => JText::sprintf('COM_JOOMGALLERY_MESSAGE_NEW_COMMENT_TO_OWNER_BODY', $name, $image->imgtitle, $this->_id), 'type' => $messenger->getType('comment')); } } else { $approved = 0; // Message about new comment require_once JPATH_COMPONENT . '/helpers/messenger.php'; $messenger = new JoomMessenger(); $message = array('from' => $this->_user->get('id'), 'subject' => JText::_('COM_JOOMGALLERY_MESSAGE_NEW_COMMENT_SUBJECT'), 'body' => JText::sprintf('COM_JOOMGALLERY_MESSAGE_NEW_COMMENT_BODY', $name), 'mode' => 'comment'); } // Change \r\n or \n to <br /> $text = nl2br(stripcslashes($text)); $date = JFactory::getDate(); $row = $this->getTable('joomgallerycomments'); $row->cmtpic = $this->_id; $row->cmtip = $_SERVER['REMOTE_ADDR']; $row->userid = $this->_user->get('id'); $row->cmtname = $name; $row->cmttext = $text; $row->cmtdate = $date->toSQL(); $row->published = 1; $row->approved = $approved; // Trigger event 'onJoomBeforeComment' $plugins = $this->_mainframe->triggerEvent('onJoomBeforeComment', array(&$row)); if (in_array(false, $plugins, true)) { return false; } if (!$row->check()) { $this->setError($row->getError()); return false; } if (!$row->store()) { $this->setError(JText::_('COM_JOOMGALLERY_ERROR_SAVING_COMMENT')); return false; } if (isset($messenger)) { $messenger->send($message); } $this->_mainframe->triggerEvent('onJoomAfterComment', array($row)); // After successfully storing the comment remove the comment text from the session, but keep the name $this->_mainframe->setUserState('joom.comments.text', null); if ($approved) { return 1; } else { return 2; } }
/** * Method to save a name tag * * @return boolean True on success, false otherwise * @since 1.5.5 */ public function save() { $yvalue = JRequest::getInt('yvalue', 0, 'post'); $xvalue = JRequest::getInt('xvalue', 0, 'post'); $height = $this->_config->get('jg_nameshields_height'); // Access check if (!($by = $this->_user->get('id'))) { JError::raiseError(500, JText::_('COM_JOOMGALLERY_COMMON_PERMISSION_DENIED')); } // Check for hacking attempt $authorised_viewlevels = implode(',', $this->_user->getAuthorisedViewLevels()); $query = $this->_db->getQuery(true)->select('c.cid')->from(_JOOM_TABLE_IMAGES . ' AS a')->leftJoin(_JOOM_TABLE_CATEGORIES . ' AS c ON c.cid = a.catid')->where('a.published = 1')->where('a.approved = 1')->where('a.id = ' . $this->_id)->where('a.access IN (' . $authorised_viewlevels . ')')->where('c.access IN (' . $authorised_viewlevels . ')'); $this->_db->setQuery($query); if (!($result = $this->_db->loadResult())) { die('Hacking attempt, aborted!'); } $categories = $this->_ambit->getCategoryStructure(); if (!isset($categories[$result])) { die('Hacking attempt, aborted!'); } if ($this->_config->get('jg_nameshields_others')) { $userid = JRequest::getInt('userid'); } else { $userid = $by; } // Check whether an existing user was selected $user = JFactory::getUser($userid); if (!is_object($user)) { $this->setError(JText::_('COM_JOOMGALLERY_DETAIL_NAMETAGS_MSG_ERROR_SAVING')); return false; } $query = $this->_db->getQuery(true)->select('nid')->from(_JOOM_TABLE_NAMESHIELDS)->where('npicid = ' . $this->_id)->where('nuserid = ' . $userid); $this->_db->setQuery($query); if ($this->_db->loadResult()) { if ($userid == $by) { $this->setError(JText::_('COM_JOOMGALLERY_DETAIL_NAMETAGS_MSG_YOU_ARE_ALREADY_TAGGED')); } else { $this->setError(JText::_('COM_JOOMGALLERY_DETAIL_NAMETAGS_MSG_USER_ALREADY_TAGGED')); } return false; } $length = strlen($user->get('username')) * $this->_config->get('jg_nameshields_width'); if ($xvalue < $height && $yvalue < $length) { $this->setError(JText::_('COM_JOOMGALLERY_DETAIL_NAMETAGS_MSG_NOT_SAVED')); return false; } $query->clear()->select('MIN(nzindex)')->from(_JOOM_TABLE_NAMESHIELDS)->where('npicid = ' . $this->_id); $this->_db->setQuery($query); $zindex = $this->_db->loadResult(); if (!$zindex) { $zindex = 500; } else { $zindex--; } $row = $this->getTable('joomgallerynameshields'); $date = JFactory::getDate(); $row->npicid = $this->_id; $row->nuserid = $userid; $row->nxvalue = $xvalue; $row->nyvalue = $yvalue; $row->by = $by; $row->nuserip = $_SERVER['REMOTE_ADDR']; $row->ndate = $date->toSQL(); $row->nzindex = $zindex; if (!$row->store()) { $this->setError(JText::_('COM_JOOMGALLERY_DETAIL_NAMETAGS_MSG_ERROR_SAVING')); return false; } $this->_mainframe->triggerEvent('onJoomAfterTag', array($row)); // Send messages if ($this->_config->get('jg_msg_nametag_type')) { $image = $this->getTable('joomgalleryimages'); $image->load($this->_id); $user = JFactory::getUser($userid); $name = $this->_config->get('jg_realname') ? $user->get('name') : $user->get('username'); $by_name = $this->_config->get('jg_realname') ? $this->_user->get('name') : $this->_user->get('username'); require_once JPATH_COMPONENT . '/helpers/messenger.php'; $messenger = new JoomMessenger(); // General Message if ($by != $userid) { $subject = JText::sprintf('COM_JOOMGALLERY_MESSAGE_NEW_NAMETAG_OTHERS_BODY', $name, $by_name, $image->imgtitle, $this->_id); } else { $subject = JText::sprintf('COM_JOOMGALLERY_MESSAGE_NEW_NAMETAG_BODY', $name, $image->imgtitle, $this->_id); } $message = array('from' => $by, 'subject' => JText::_('COM_JOOMGALLERY_MESSAGE_NEW_NAMETAG_SUBJECT'), 'body' => $subject, 'mode' => 'nametag'); // Message to image owner if ($this->_config->get('jg_msg_nametag_toowner') && $by != $image->owner) { // Simply add the owner to the list of recipients $message['recipient'] = $image->owner; } // Send general message $messenger->send($message); // Message to tagged user if ($this->_config->get('jg_msg_nametag_totaggeduser') && $by != $userid) { $url = JRoute::_('index.php?view=detail&id=' . $this->_id, false) . ($this->_config->get('jg_anchors') ? '#joomimg' : ''); // Ensure that the correct host and path is prepended $current_uri = JURI::getInstance(JURI::base()); $current_host = $current_uri->toString(array('scheme', 'host', 'port')); $uri = JFactory::getUri($url); $uri->setHost($current_host); $url = $uri->toString(); $message = array('from' => $by, 'recipient' => $userid, 'subject' => JText::sprintf('COM_JOOMGALLERY_MESSAGE_YOU_WERE_TAGGED_SUBJECT', $this->_mainframe->getCfg('sitename')), 'body' => JText::sprintf('COM_JOOMGALLERY_MESSAGE_YOU_WERE_TAGGED_BODY', $name, $image->imgtitle, $url), 'type' => $messenger->getType('nametag')); $messenger->send($message); } } return true; }