Esempio n. 1
0
// regular expression for links
DEFINE('_JC_REGEXP_LINK', '#(^|\\s|\\>|\\()((http://|https://|news://|ftp://|www.)\\w+[^\\s\\<\\>\\"\'\\)]+)#iu');
DEFINE('_JC_REGEXP_EMAIL', '#([\\w\\.\\-]+)@(\\w+[\\w\\.\\-]*\\.\\w{2,4})#iu');
DEFINE('_JC_REGEXP_EMAIL2', '#^([_a-z0-9-]+)(\\.[_a-z0-9-]+)*@([a-z0-9-]+)(\\.[a-z0-9-]+)*(\\.[a-z]{2,4})$#iu');
require_once JCOMMENTS_SITE . '/jcomments.class.php';
require_once JCOMMENTS_MODELS . '/jcomments.php';
ob_end_clean();
$app = JFactory::getApplication();
$jc_task = $app->input->get('task', '');
switch (trim($jc_task)) {
    case 'captcha':
        $config = JCommentsFactory::getConfig();
        $captchaEngine = $config->get('captcha_engine', 'kcaptcha');
        if ($captchaEngine == 'kcaptcha' || $config->getInt('enable_plugins') == 0) {
            require_once JCOMMENTS_SITE . '/jcomments.captcha.php';
            JCommentsCaptcha::image();
        } else {
            if ($config->getInt('enable_plugins') == 1) {
                JCommentsEventHelper::trigger('onJCommentsCaptchaImage');
            }
        }
        break;
    case 'rss':
        require_once JCOMMENTS_SITE . '/jcomments.rss.php';
        JCommentsRSS::showObjectComments();
        break;
    case 'rss_full':
        require_once JCOMMENTS_SITE . '/jcomments.rss.php';
        JCommentsRSS::showAllComments();
        break;
    case 'rss_user':
Esempio n. 2
0
 function addComment($values = array())
 {
     global $my, $mainframe;
     if (JCommentsSecurity::badRequest() == 1) {
         JCommentsSecurity::notAuth();
     }
     $acl =& JCommentsFactory::getACL();
     $config =& JCommentsFactory::getConfig();
     $response =& JCommentsFactory::getAjaxResponse();
     if ($acl->canComment()) {
         $values = JCommentsAJAX::prepareValues($_POST);
         $userIP = $acl->getUserIP();
         if (!$my->id) {
             $noErrors = false;
             if (empty($values['name'])) {
                 JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_NAME'), 'name');
             } else {
                 if (JCommentsSecurity::checkIsRegisteredUsername($values['name']) == 1) {
                     JCommentsAJAX::showErrorMessage(JText::_('ERROR_NAME_EXISTS'), 'name');
                 } else {
                     if (JCommentsSecurity::checkIsForbiddenUsername($values['name']) == 1) {
                         JCommentsAJAX::showErrorMessage(JText::_('ERROR_FORBIDDEN_NAME'), 'name');
                     } else {
                         if (preg_match('/[\\"\'\\[\\]\\=\\<\\>\\(\\)\\;]+/', $values['name'])) {
                             JCommentsAJAX::showErrorMessage(JText::_('ERROR_INVALID_NAME'), 'name');
                         } else {
                             if ($config->get('username_maxlength') != 0 && JCommentsText::strlen($values['name']) > $config->get('username_maxlength')) {
                                 JCommentsAJAX::showErrorMessage(JText::_('ERROR_TOO_LONG_USERNAME'), 'name');
                             } else {
                                 if ($config->get('author_email') == 2 && empty($values['email'])) {
                                     JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_EMAIL'), 'email');
                                 } else {
                                     if (!empty($values['email']) && !preg_match(_JC_REGEXP_EMAIL2, $values['email'])) {
                                         JCommentsAJAX::showErrorMessage(JText::_('ERROR_INCORRECT_EMAIL'), 'email');
                                     } else {
                                         if ($config->get('author_email') != 0 && JCommentsSecurity::checkIsRegisteredEmail($values['email']) == 1) {
                                             // TODO: change this error message with more appropriate
                                             JCommentsAJAX::showErrorMessage(JText::_('ERROR_NAME_EXISTS'), 'email');
                                         } else {
                                             if (empty($values['homepage']) && $config->get('author_homepage') == 2) {
                                                 JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_HOMEPAGE'), 'homepage');
                                             } else {
                                                 $noErrors = true;
                                             }
                                         }
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
             if (!$noErrors) {
                 return $response;
             }
         }
         if ($acl->check('floodprotection') == 1 && JCommentsSecurity::checkFlood($userIP)) {
             JCommentsAJAX::showErrorMessage(JText::_('ERROR_TOO_QUICK'));
         } else {
             if (empty($values['homepage']) && $config->get('author_homepage') == 3) {
                 JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_HOMEPAGE'), 'homepage');
             } else {
                 if (empty($values['title']) && $config->get('comment_title') == 3) {
                     JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_TITLE'), 'title');
                 } else {
                     if (empty($values['comment'])) {
                         JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_COMMENT'), 'comment');
                     } else {
                         if ($config->getInt('comment_maxlength') != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($values['comment']) > $config->get('comment_maxlength')) {
                             JCommentsAJAX::showErrorMessage(JText::_('Your comment is too long'), 'comment');
                         } else {
                             if ($config->getInt('comment_minlength', 0) != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($values['comment']) < $config->get('comment_minlength')) {
                                 JCommentsAJAX::showErrorMessage(JText::_('Your comment is too short'), 'comment');
                             } else {
                                 if ($acl->check('enable_captcha') == 1) {
                                     $captchaEngine = $config->get('captcha_engine', 'kcaptcha');
                                     if ($captchaEngine == 'kcaptcha') {
                                         require_once JCOMMENTS_BASE . DS . 'jcomments.captcha.php';
                                         if (!JCommentsCaptcha::check($values['captcha-refid'])) {
                                             JCommentsAJAX::showErrorMessage(JText::_('ERROR_CAPTCHA'), 'captcha');
                                             JCommentsCaptcha::destroy();
                                             $response->addScript("jcomments.clear('captcha');");
                                             return $response;
                                         }
                                     } else {
                                         if ($config->getInt('enable_mambots') == 1) {
                                             require_once JCOMMENTS_HELPERS . DS . 'plugin.php';
                                             JCommentsPluginHelper::importPlugin('jcomments');
                                             $result = JCommentsPluginHelper::trigger('onJCommentsCaptchaVerify', array($values['captcha-refid'], &$response));
                                             // if all plugins returns false
                                             if (!in_array(true, $result, true)) {
                                                 JCommentsAJAX::showErrorMessage(JText::_('ERROR_CAPTCHA'));
                                                 return $response;
                                             }
                                         }
                                     }
                                 }
                                 $db =& JCommentsFactory::getDBO();
                                 // small fix (by default $my has empty 'name' and 'email' field)
                                 if ($my->id) {
                                     $currentUser = JCommentsFactory::getUser($my->id);
                                     $my->name = $currentUser->name;
                                     $my->username = $currentUser->username;
                                     $my->email = $currentUser->email;
                                     unset($currentUser);
                                 }
                                 $comment = new JCommentsDB($db);
                                 $comment->id = 0;
                                 $comment->name = $my->id ? $my->name : preg_replace("/[\\'\"\\>\\<\\(\\)\\[\\]]?+/i", '', $values['name']);
                                 $comment->username = $my->id ? $my->username : $comment->name;
                                 $comment->email = $my->id ? $my->email : (isset($values['email']) ? $values['email'] : '');
                                 if ($config->getInt('author_homepage') != 0 && !empty($values['homepage'])) {
                                     $comment->homepage = JCommentsText::url($values['homepage']);
                                 }
                                 $comment->comment = $values['comment'];
                                 //$comment->comment = JCommentsText::nl2br(stripslashes($values['comment']));
                                 // filter forbidden bbcodes
                                 $bbcode = JCommentsFactory::getBBCode();
                                 $comment->comment = $bbcode->filter($comment->comment);
                                 if ($comment->comment != '') {
                                     if ($config->getInt('enable_custom_bbcode')) {
                                         // filter forbidden custom bbcodes
                                         $commentLength = strlen($comment->comment);
                                         $customBBCode =& JCommentsFactory::getCustomBBCode();
                                         $comment->comment = $customBBCode->filter($comment->comment);
                                         if (strlen($comment->comment) == 0 && $commentLength > 0) {
                                             JCommentsAJAX::showErrorMessage(JText::_('You have no rights to use this tag'), 'comment');
                                             return $response;
                                         }
                                     }
                                 }
                                 if ($comment->comment == '') {
                                     JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_COMMENT'), 'comment');
                                     return $response;
                                 }
                                 $commentWithoutQuotes = $bbcode->removeQuotes($comment->comment);
                                 if ($commentWithoutQuotes == '') {
                                     JCommentsAJAX::showErrorMessage(JText::_('ERROR_NOTHING_EXCEPT_QUOTES'), 'comment');
                                     return $response;
                                 } else {
                                     if ($config->getInt('comment_minlength', 0) != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($commentWithoutQuotes) < $config->get('comment_minlength')) {
                                         JCommentsAJAX::showErrorMessage(JText::_('Your comment is too short'), 'comment');
                                         return $response;
                                     }
                                 }
                                 unset($commentWithoutQuotes);
                                 $values['subscribe'] = isset($values['subscribe']) ? (int) $values['subscribe'] : 0;
                                 if ($values['subscribe'] == 1 && $comment->email == '') {
                                     JCommentsAJAX::showErrorMessage(JText::_('ERROR_SUBSCRIPTION_EMAIL'), 'email');
                                     return $response;
                                 }
                                 $object_group = trim(strip_tags($values['object_group']));
                                 $object_group = preg_replace('#[^0-9A-Za-z\\-\\_\\,\\.]#is', '', $object_group);
                                 $comment->object_id = (int) $values['object_id'];
                                 $comment->object_group = $object_group;
                                 $comment->title = isset($values['title']) ? $values['title'] : '';
                                 $comment->parent = isset($values['parent']) ? intval($values['parent']) : 0;
                                 $comment->lang = JCommentsMultilingual::getLanguage();
                                 $comment->ip = $userIP;
                                 $comment->userid = $my->id ? $my->id : 0;
                                 $comment->published = $acl->check('autopublish');
                                 if (JCOMMENTS_JVERSION == '1.5') {
                                     $dateNow =& JFactory::getDate();
                                     $comment->date = $dateNow->toMySQL();
                                 } else {
                                     $comment->date = date('Y-m-d H:i:s', time() + $mainframe->getCfg('offset') * 60 * 60);
                                 }
                                 $query = "SELECT COUNT(*) " . "\nFROM #__jcomments " . "\nWHERE comment = '" . $db->getEscaped($comment->comment) . "'" . "\n  AND ip = '" . $db->getEscaped($comment->ip) . "'" . "\n  AND name = '" . $db->getEscaped($comment->name) . "'" . "\n  AND userid = '" . $comment->userid . "'" . "\n  AND object_id = " . $comment->object_id . "\n  AND parent = " . $comment->parent . "\n  AND object_group = '" . $db->getEscaped($comment->object_group) . "'" . (JCommentsMultilingual::isEnabled() ? "\nAND lang = '" . JCommentsMultilingual::getLanguage() . "'" : "");
                                 $db->setQuery($query);
                                 $found = $db->loadResult();
                                 // if duplicates is not found
                                 if ($found == 0) {
                                     // trigger onBeforeCommentAdded event
                                     $allowed = true;
                                     if ($config->getInt('enable_mambots') == 1) {
                                         require_once JCOMMENTS_HELPERS . DS . 'plugin.php';
                                         JCommentsPluginHelper::importPlugin('jcomments');
                                         JCommentsPluginHelper::trigger('onBeforeCommentAdded', array(&$comment, &$response, &$allowed));
                                     }
                                     if ($allowed === false) {
                                         return $response;
                                     }
                                     // save comments subscription
                                     if ($values['subscribe']) {
                                         require_once JCOMMENTS_BASE . DS . 'jcomments.subscription.php';
                                         $manager =& JCommentsSubscriptionManager::getInstance();
                                         $manager->subscribe($comment->object_id, $comment->object_group, $comment->userid, $comment->email, $comment->name, $comment->lang);
                                     }
                                     $merged = false;
                                     $merge_time = $config->getInt('merge_time', 0);
                                     // merge comments from same author
                                     if ($my->id && $merge_time > 0) {
                                         // load previous comment for same object and group
                                         $prevComment = JComments::getLastComment($comment->object_id, $comment->object_group, $comment->parent);
                                         if ($prevComment != null) {
                                             // if previous comment from same author and it currently not edited
                                             // by any user - we'll update comment, else - insert new record to database
                                             if ($prevComment->userid == $comment->userid && $prevComment->parent == $comment->parent && !$acl->isLocked($prevComment)) {
                                                 $newText = $prevComment->comment . '<br /><br />' . $comment->comment;
                                                 $timeDiff = strtotime($comment->date) - strtotime($prevComment->datetime);
                                                 if ($timeDiff < $merge_time) {
                                                     $maxlength = $config->getInt('comment_maxlength');
                                                     $needcheck = $acl->check('enable_comment_length_check');
                                                     // validate new comment text length and if it longer than specified -
                                                     // disable union current comment with previous
                                                     if ($needcheck == 0 || $needcheck == 1 && $maxlength != 0 && JCommentsText::strlen($newText) <= $maxlength) {
                                                         $comment->id = $prevComment->id;
                                                         $comment->comment = $newText;
                                                         $merged = true;
                                                     }
                                                 }
                                             }
                                             unset($prevComment);
                                         }
                                     }
                                     if ($comment->parent > 0) {
                                         $parent = new JCommentsDB($db);
                                         if ($parent->load($comment->parent)) {
                                             if ($config->getInt('comment_title') == 1 && $comment->title == '') {
                                                 if (!empty($parent->title)) {
                                                     $comment->title = JText::_('Re') . ' ' . $parent->title;
                                                 }
                                             }
                                             $comment->level = $parent->level + 1;
                                             $comment->path = $parent->path . ',' . $parent->id;
                                         }
                                     } else {
                                         if ($config->getInt('comment_title') == 1 && $comment->title == '') {
                                             $object_title = JCommentsObjectHelper::getTitle($comment->object_id, $comment->object_group, $comment->lang);
                                             $comment->title = JText::_('Re') . ' ' . $object_title;
                                         }
                                         $comment->path = '0';
                                     }
                                     // save new comment to database
                                     if (!$comment->store()) {
                                         $response->addScript("jcomments.clear('comment');");
                                         if ($acl->check('enable_captcha') == 1) {
                                             JCommentsCaptcha::destroy();
                                             $response->addScript("jcomments.clear('captcha');");
                                         }
                                         $errorMessage = $db->getErrorMsg();
                                         if ($errorMessage != '') {
                                             if ($my->usertype == 'Super Administrator') {
                                                 JCommentsAJAX::showErrorMessage($db->getErrorMsg());
                                             }
                                         }
                                         return $response;
                                     }
                                     // datetime field is used in prepareComment function
                                     $comment->datetime = $comment->date;
                                     if (is_string($comment->datetime)) {
                                         $comment->datetime = strtotime($comment->datetime);
                                     }
                                     if ($config->getInt('enable_mambots') == 1) {
                                         require_once JCOMMENTS_HELPERS . DS . 'plugin.php';
                                         JCommentsPluginHelper::importPlugin('jcomments');
                                         JCommentsPluginHelper::trigger('onAfterCommentAdded', array(&$comment, &$response, &$allowed));
                                     }
                                     // send notification to administrators
                                     if ($config->getInt('enable_notification') == 1) {
                                         if ($config->check('notification_type', 1) == true) {
                                             JComments::sendNotification($comment, true);
                                         }
                                     }
                                     // if comment published we need update comments list
                                     if ($comment->published) {
                                         // send notification to comment subscribers
                                         JComments::sendToSubscribers($comment, true);
                                         $comment->usertype = $my->id != 0 ? str_replace(' ', '-', strtolower($my->usertype)) : 'guest';
                                         if ($merged) {
                                             $commentText = $comment->comment;
                                             JComments::prepareComment($comment);
                                             $tmpl =& JCommentsFactory::getTemplate();
                                             $tmpl->load('tpl_comment');
                                             $tmpl->addVar('tpl_comment', 'get_comment_body', 1);
                                             $tmpl->addObject('tpl_comment', 'comment', $comment);
                                             $html = $tmpl->renderTemplate('tpl_comment');
                                             $html = JCommentsText::jsEscape($html);
                                             $response->addScript("jcomments.updateComment(" . $comment->id . ", '{$html}');");
                                             $comment->comment = $commentText;
                                         } else {
                                             $count = JCommentsModel::getCommentsCount($comment->object_id, $comment->object_group);
                                             if ($config->get('template_view') == 'tree') {
                                                 if ($count > 1) {
                                                     $html = JComments::getCommentListItem($comment);
                                                     $html = JCommentsText::jsEscape($html);
                                                     $response->addScript("jcomments.updateTree('{$html}','{$comment->parent}');");
                                                 } else {
                                                     $html = JComments::getCommentsTree($comment->object_id, $comment->object_group);
                                                     $html = JCommentsText::jsEscape($html);
                                                     $response->addScript("jcomments.updateTree('{$html}',null);");
                                                 }
                                             } else {
                                                 // if pagination disabled and comments count > 1...
                                                 if ($config->getInt('comments_per_page') == 0 && $count > 1) {
                                                     // update only added comment
                                                     $html = JComments::getCommentListItem($comment);
                                                     $html = JCommentsText::jsEscape($html);
                                                     if ($config->get('comments_order') == 'DESC') {
                                                         $response->addScript("jcomments.updateList('{$html}','p');");
                                                     } else {
                                                         $response->addScript("jcomments.updateList('{$html}','a');");
                                                     }
                                                 } else {
                                                     // update comments list
                                                     $html = JComments::getCommentsList($comment->object_id, $comment->object_group, JComments::getCommentPage($comment->object_id, $comment->object_group, $comment->id));
                                                     $html = JCommentsText::jsEscape($html);
                                                     $response->addScript("jcomments.updateList('{$html}','r');");
                                                 }
                                                 // scroll to first comment
                                                 if ($config->get('comments_order') == 'DESC') {
                                                     $response->addScript("jcomments.scrollToList();");
                                                 }
                                             }
                                         }
                                         JCommentsAJAX::showInfoMessage(JText::_('Thank you for your submission!'));
                                     } else {
                                         JCommentsAJAX::showInfoMessage(JText::_('Thank you, your comment will be published once reviewed'));
                                     }
                                     // clear comments textarea & update comment length counter if needed
                                     $response->addScript("jcomments.clear('comment');");
                                     unset($comment);
                                     if ($acl->check('enable_captcha') == 1) {
                                         $captchaEngine = $config->get('captcha_engine', 'kcaptcha');
                                         if ($captchaEngine == 'kcaptcha') {
                                             require_once JCOMMENTS_BASE . DS . 'jcomments.captcha.php';
                                             JCommentsCaptcha::destroy();
                                             $response->addScript("jcomments.clear('captcha');");
                                         }
                                     }
                                 } else {
                                     JCommentsAJAX::showErrorMessage(JText::_('ERROR_DUPLICATE_COMMENT'), 'comment');
                                 }
                             }
                         }
                     }
                 }
             }
         }
     } else {
         $response->addAlert(JText::_('ERROR_CANT_COMMENT'));
     }
     return $response;
 }
Esempio n. 3
0
 public static function addComment($values = array())
 {
     if (JCommentsSecurity::badRequest() == 1) {
         JCommentsSecurity::notAuth();
     }
     $user = JCommentsFactory::getUser();
     $acl = JCommentsFactory::getACL();
     $config = JCommentsFactory::getConfig();
     $response = JCommentsFactory::getAjaxResponse();
     if ($acl->canComment()) {
         $values = self::prepareValues($_POST);
         $object_group = isset($values['object_group']) ? JCommentsSecurity::clearObjectGroup($values['object_group']) : '';
         $object_id = isset($values['object_id']) ? intval($values['object_id']) : '';
         if ($object_group == '' || $object_id == '') {
             // TODO: add appropriate error message
             return $response;
         }
         $commentsPerObject = $config->getInt('max_comments_per_object');
         if ($commentsPerObject > 0) {
             $commentsCount = JComments::getCommentsCount($object_id, $object_group);
             if ($commentsCount >= $commentsPerObject) {
                 $message = $config->get('message_locked');
                 if (empty($message)) {
                     $message = $config->get('ERROR_CANT_COMMENT');
                 }
                 $message = self::escapeMessage($message);
                 $response->addAlert($message);
                 return $response;
             }
         }
         $userIP = $acl->getUserIP();
         if (!$user->id) {
             $noErrors = false;
             if (isset($values['userid']) && intval($values['userid']) > 0) {
                 // TODO: we need more correct way to detect login timeout
                 self::showErrorMessage(JText::_('ERROR_SESSION_EXPIRED'));
             } else {
                 if ($config->getInt('author_name', 2) == 2 && empty($values['name'])) {
                     self::showErrorMessage(JText::_('ERROR_EMPTY_NAME'), 'name');
                 } else {
                     if (JCommentsSecurity::checkIsRegisteredUsername($values['name']) == 1) {
                         self::showErrorMessage(JText::_('ERROR_NAME_EXISTS'), 'name');
                     } else {
                         if (JCommentsSecurity::checkIsForbiddenUsername($values['name']) == 1) {
                             self::showErrorMessage(JText::_('ERROR_FORBIDDEN_NAME'), 'name');
                         } else {
                             if (preg_match('/[\\"\'\\[\\]\\=\\<\\>\\(\\)\\;]+/', $values['name'])) {
                                 self::showErrorMessage(JText::_('ERROR_INVALID_NAME'), 'name');
                             } else {
                                 if ($config->get('username_maxlength') != 0 && JCommentsText::strlen($values['name']) > $config->get('username_maxlength')) {
                                     self::showErrorMessage(JText::_('ERROR_TOO_LONG_USERNAME'), 'name');
                                 } else {
                                     if ($config->getInt('author_email') == 2 && empty($values['email'])) {
                                         self::showErrorMessage(JText::_('ERROR_EMPTY_EMAIL'), 'email');
                                     } else {
                                         if (!empty($values['email']) && !preg_match(_JC_REGEXP_EMAIL2, $values['email'])) {
                                             self::showErrorMessage(JText::_('ERROR_INCORRECT_EMAIL'), 'email');
                                         } else {
                                             if ($config->getInt('author_email') != 0 && JCommentsSecurity::checkIsRegisteredEmail($values['email']) == 1) {
                                                 self::showErrorMessage(JText::_('ERROR_EMAIL_EXISTS'), 'email');
                                             } else {
                                                 if ($config->getInt('author_homepage') == 2 && empty($values['homepage'])) {
                                                     self::showErrorMessage(JText::_('ERROR_EMPTY_HOMEPAGE'), 'homepage');
                                                 } else {
                                                     $noErrors = true;
                                                 }
                                             }
                                         }
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
             if (!$noErrors) {
                 return $response;
             }
         }
         if ($acl->check('floodprotection') == 1 && JCommentsSecurity::checkFlood($userIP)) {
             self::showErrorMessage(JText::_('ERROR_TOO_QUICK'));
         } else {
             if (empty($values['homepage']) && $config->get('author_homepage') == 3) {
                 self::showErrorMessage(JText::_('ERROR_EMPTY_HOMEPAGE'), 'homepage');
             } else {
                 if (empty($values['title']) && $config->get('comment_title') == 3) {
                     self::showErrorMessage(JText::_('ERROR_EMPTY_TITLE'), 'title');
                 } else {
                     if (empty($values['comment'])) {
                         self::showErrorMessage(JText::_('ERROR_EMPTY_COMMENT'), 'comment');
                     } else {
                         if ($config->getInt('comment_maxlength') != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($values['comment']) > $config->get('comment_maxlength')) {
                             self::showErrorMessage(JText::_('ERROR_YOUR_COMMENT_IS_TOO_LONG'), 'comment');
                         } else {
                             if ($config->getInt('comment_minlength', 0) != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($values['comment']) < $config->get('comment_minlength')) {
                                 self::showErrorMessage(JText::_('ERROR_YOUR_COMMENT_IS_TOO_SHORT'), 'comment');
                             } else {
                                 if ($acl->check('enable_captcha') == 1) {
                                     $captchaEngine = $config->get('captcha_engine', 'kcaptcha');
                                     if ($captchaEngine == 'kcaptcha') {
                                         require_once JCOMMENTS_BASE . DS . 'jcomments.captcha.php';
                                         if (!JCommentsCaptcha::check($values['captcha_refid'])) {
                                             self::showErrorMessage(JText::_('ERROR_CAPTCHA'), 'captcha');
                                             JCommentsCaptcha::destroy();
                                             $response->addScript("jcomments.clear('captcha');");
                                             return $response;
                                         }
                                     } else {
                                         $result = JCommentsEvent::trigger('onJCommentsCaptchaVerify', array($values['captcha_refid'], &$response));
                                         // if all plugins returns false
                                         if (!in_array(true, $result, true)) {
                                             self::showErrorMessage(JText::_('ERROR_CAPTCHA'));
                                             return $response;
                                         }
                                     }
                                 }
                                 $db = JCommentsFactory::getDBO();
                                 // small fix (by default $my has empty 'name' and 'email' field)
                                 if ($user->id) {
                                     $currentUser = JCommentsFactory::getUser($user->id);
                                     $user->name = $currentUser->name;
                                     $user->username = $currentUser->username;
                                     $user->email = $currentUser->email;
                                     unset($currentUser);
                                 }
                                 if (empty($values['name'])) {
                                     $values['name'] = 'Guest';
                                     // JText::_('Guest');
                                 }
                                 $comment = new JCommentsTableComment($db);
                                 $comment->id = 0;
                                 $comment->name = $user->id ? $user->name : preg_replace("/[\\'\"\\>\\<\\(\\)\\[\\]]?+/i", '', $values['name']);
                                 $comment->username = $user->id ? $user->username : $comment->name;
                                 $comment->email = $user->id ? $user->email : (isset($values['email']) ? $values['email'] : '');
                                 if ($config->getInt('author_homepage') != 0 && !empty($values['homepage'])) {
                                     $comment->homepage = JCommentsText::url($values['homepage']);
                                 }
                                 $comment->comment = $values['comment'];
                                 // filter forbidden bbcodes
                                 $bbcode = JCommentsFactory::getBBCode();
                                 $comment->comment = $bbcode->filter($comment->comment);
                                 if ($comment->comment != '') {
                                     if ($config->getInt('enable_custom_bbcode')) {
                                         // filter forbidden custom bbcodes
                                         $commentLength = strlen($comment->comment);
                                         $customBBCode = JCommentsFactory::getCustomBBCode();
                                         $comment->comment = $customBBCode->filter($comment->comment);
                                         if (strlen($comment->comment) == 0 && $commentLength > 0) {
                                             self::showErrorMessage(JText::_('ERROR_YOU_HAVE_NO_RIGHTS_TO_USE_THIS_TAG'), 'comment');
                                             return $response;
                                         }
                                     }
                                 }
                                 if ($comment->comment == '') {
                                     self::showErrorMessage(JText::_('ERROR_EMPTY_COMMENT'), 'comment');
                                     return $response;
                                 }
                                 $commentWithoutQuotes = $bbcode->removeQuotes($comment->comment);
                                 if ($commentWithoutQuotes == '') {
                                     self::showErrorMessage(JText::_('ERROR_NOTHING_EXCEPT_QUOTES'), 'comment');
                                     return $response;
                                 } else {
                                     if ($config->getInt('comment_minlength', 0) != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($commentWithoutQuotes) < $config->get('comment_minlength')) {
                                         self::showErrorMessage(JText::_('ERROR_YOUR_COMMENT_IS_TOO_SHORT'), 'comment');
                                         return $response;
                                     }
                                 }
                                 $values['subscribe'] = isset($values['subscribe']) ? (int) $values['subscribe'] : 0;
                                 if ($values['subscribe'] == 1 && $comment->email == '') {
                                     self::showErrorMessage(JText::_('ERROR_SUBSCRIPTION_EMAIL'), 'email');
                                     return $response;
                                 }
                                 $comment->object_id = (int) $object_id;
                                 $comment->object_group = $object_group;
                                 $comment->title = isset($values['title']) ? $values['title'] : '';
                                 $comment->parent = isset($values['parent']) ? intval($values['parent']) : 0;
                                 $comment->lang = JCommentsMultilingual::getLanguage();
                                 $comment->ip = $userIP;
                                 $comment->userid = $user->id ? $user->id : 0;
                                 $comment->published = $acl->check('autopublish');
                                 $comment->date = JCommentsFactory::getDate();
                                 $query = "SELECT COUNT(*) " . "\nFROM #__jcomments " . "\nWHERE comment = '" . $db->getEscaped($comment->comment) . "'" . "\n  AND ip = '" . $db->getEscaped($comment->ip) . "'" . "\n  AND name = '" . $db->getEscaped($comment->name) . "'" . "\n  AND userid = '" . $comment->userid . "'" . "\n  AND object_id = " . $comment->object_id . "\n  AND parent = " . $comment->parent . "\n  AND object_group = '" . $db->getEscaped($comment->object_group) . "'" . (JCommentsMultilingual::isEnabled() ? "\nAND lang = '" . JCommentsMultilingual::getLanguage() . "'" : "");
                                 $db->setQuery($query);
                                 $found = $db->loadResult();
                                 // if duplicates is not found
                                 if ($found == 0) {
                                     $result = JCommentsEvent::trigger('onJCommentsCommentBeforeAdd', array(&$comment));
                                     if (in_array(false, $result, true)) {
                                         return $response;
                                     }
                                     // save comments subscription
                                     if ($values['subscribe']) {
                                         require_once JCOMMENTS_BASE . DS . 'jcomments.subscription.php';
                                         $manager = JCommentsSubscriptionManager::getInstance();
                                         $manager->subscribe($comment->object_id, $comment->object_group, $comment->userid, $comment->email, $comment->name, $comment->lang);
                                     }
                                     $merged = false;
                                     $merge_time = $config->getInt('merge_time', 0);
                                     // merge comments from same author
                                     if ($user->id && $merge_time > 0) {
                                         // load previous comment for same object and group
                                         $prevComment = JCommentsModel::getLastComment($comment->object_id, $comment->object_group, $comment->parent);
                                         if ($prevComment != null) {
                                             // if previous comment from same author and it currently not edited
                                             // by any user - we'll update comment, else - insert new record to database
                                             if ($prevComment->userid == $comment->userid && $prevComment->parent == $comment->parent && !$acl->isLocked($prevComment)) {
                                                 $newText = $prevComment->comment . '<br /><br />' . $comment->comment;
                                                 $timeDiff = strtotime($comment->date) - strtotime($prevComment->date);
                                                 if ($timeDiff < $merge_time) {
                                                     $maxlength = $config->getInt('comment_maxlength');
                                                     $needcheck = $acl->check('enable_comment_length_check');
                                                     // validate new comment text length and if it longer than specified -
                                                     // disable union current comment with previous
                                                     if ($needcheck == 0 || $needcheck == 1 && $maxlength != 0 && JCommentsText::strlen($newText) <= $maxlength) {
                                                         $comment->id = $prevComment->id;
                                                         $comment->comment = $newText;
                                                         $merged = true;
                                                     }
                                                 }
                                             }
                                             unset($prevComment);
                                         }
                                     }
                                     // save new comment to database
                                     if (!$comment->store()) {
                                         $response->addScript("jcomments.clear('comment');");
                                         if ($acl->check('enable_captcha') == 1 && $config->get('captcha_engine', 'kcaptcha') == 'kcaptcha') {
                                             JCommentsCaptcha::destroy();
                                             $response->addScript("jcomments.clear('captcha');");
                                         }
                                         return $response;
                                     }
                                     // store/update information about commented object
                                     JCommentsObjectHelper::storeObjectInfo($comment->object_id, $comment->object_group, $comment->lang);
                                     JCommentsEvent::trigger('onJCommentsCommentAfterAdd', array(&$comment));
                                     // send notification to administrators
                                     if ($config->getInt('enable_notification') == 1) {
                                         if ($config->check('notification_type', 1) == true) {
                                             JComments::sendNotification($comment, true);
                                         }
                                     }
                                     // if comment published we need update comments list
                                     if ($comment->published) {
                                         // send notification to comment subscribers
                                         JComments::sendToSubscribers($comment, true);
                                         if ($merged) {
                                             $commentText = $comment->comment;
                                             $html = JCommentsText::jsEscape(JComments::getCommentItem($comment));
                                             $response->addScript("jcomments.updateComment(" . $comment->id . ", '{$html}');");
                                             $comment->comment = $commentText;
                                         } else {
                                             $count = JComments::getCommentsCount($comment->object_id, $comment->object_group);
                                             if ($config->get('template_view') == 'tree') {
                                                 if ($count > 1) {
                                                     $html = JComments::getCommentListItem($comment);
                                                     $html = JCommentsText::jsEscape($html);
                                                     $mode = $config->getInt('tree_order') == 1 || $config->getInt('tree_order') == 2 && $comment->parent > 0 ? 'b' : 'a';
                                                     $response->addScript("jcomments.updateTree('{$html}','{$comment->parent}','{$mode}');");
                                                 } else {
                                                     $html = JComments::getCommentsTree($comment->object_id, $comment->object_group);
                                                     $html = JCommentsText::jsEscape($html);
                                                     $response->addScript("jcomments.updateTree('{$html}',null);");
                                                 }
                                             } else {
                                                 // if pagination disabled and comments count > 1...
                                                 if ($config->getInt('comments_per_page') == 0 && $count > 1) {
                                                     // update only added comment
                                                     $html = JComments::getCommentListItem($comment);
                                                     $html = JCommentsText::jsEscape($html);
                                                     if ($config->get('comments_order') == 'DESC') {
                                                         $response->addScript("jcomments.updateList('{$html}','p');");
                                                     } else {
                                                         $response->addScript("jcomments.updateList('{$html}','a');");
                                                     }
                                                 } else {
                                                     // update comments list
                                                     $html = JComments::getCommentsList($comment->object_id, $comment->object_group, JComments::getCommentPage($comment->object_id, $comment->object_group, $comment->id));
                                                     $html = JCommentsText::jsEscape($html);
                                                     $response->addScript("jcomments.updateList('{$html}','r');");
                                                 }
                                                 // scroll to first comment
                                                 if ($config->get('comments_order') == 'DESC') {
                                                     $response->addScript("jcomments.scrollToList();");
                                                 }
                                             }
                                         }
                                         self::showInfoMessage(JText::_('THANK_YOU_FOR_YOUR_SUBMISSION'));
                                     } else {
                                         self::showInfoMessage(JText::_('THANK_YOU_YOUR_COMMENT_WILL_BE_PUBLISHED_ONCE_REVIEWED'));
                                     }
                                     // clear comments textarea & update comment length counter if needed
                                     $response->addScript("jcomments.clear('comment');");
                                     if ($acl->check('enable_captcha') == 1 && $config->get('captcha_engine', 'kcaptcha') == 'kcaptcha') {
                                         require_once JCOMMENTS_BASE . DS . 'jcomments.captcha.php';
                                         JCommentsCaptcha::destroy();
                                         $response->addScript("jcomments.clear('captcha');");
                                     }
                                 } else {
                                     self::showErrorMessage(JText::_('ERROR_DUPLICATE_COMMENT'), 'comment');
                                 }
                             }
                         }
                     }
                 }
             }
         }
     } else {
         $message = $config->get('ERROR_CANT_COMMENT');
         if ($acl->getUserBlocked()) {
             $bannedMessage = $config->get('message_banned');
             if (!empty($bannedMessage)) {
                 $message = self::escapeMessage($bannedMessage);
             }
         }
         $response->addAlert($message);
     }
     return $response;
 }