// regular expression for links DEFINE('_JC_REGEXP_LINK', '#(^|\\s|\\>|\\()((http://|https://|news://|ftp://|www.)\\w+[^\\s\\<\\>\\"\'\\)]+)#iu'); DEFINE('_JC_REGEXP_EMAIL', '#([\\w\\.\\-]+)@(\\w+[\\w\\.\\-]*\\.\\w{2,4})#iu'); DEFINE('_JC_REGEXP_EMAIL2', '#^([_a-z0-9-]+)(\\.[_a-z0-9-]+)*@([a-z0-9-]+)(\\.[a-z0-9-]+)*(\\.[a-z]{2,4})$#iu'); require_once JCOMMENTS_SITE . '/jcomments.class.php'; require_once JCOMMENTS_MODELS . '/jcomments.php'; ob_end_clean(); $app = JFactory::getApplication(); $jc_task = $app->input->get('task', ''); switch (trim($jc_task)) { case 'captcha': $config = JCommentsFactory::getConfig(); $captchaEngine = $config->get('captcha_engine', 'kcaptcha'); if ($captchaEngine == 'kcaptcha' || $config->getInt('enable_plugins') == 0) { require_once JCOMMENTS_SITE . '/jcomments.captcha.php'; JCommentsCaptcha::image(); } else { if ($config->getInt('enable_plugins') == 1) { JCommentsEventHelper::trigger('onJCommentsCaptchaImage'); } } break; case 'rss': require_once JCOMMENTS_SITE . '/jcomments.rss.php'; JCommentsRSS::showObjectComments(); break; case 'rss_full': require_once JCOMMENTS_SITE . '/jcomments.rss.php'; JCommentsRSS::showAllComments(); break; case 'rss_user':
function addComment($values = array()) { global $my, $mainframe; if (JCommentsSecurity::badRequest() == 1) { JCommentsSecurity::notAuth(); } $acl =& JCommentsFactory::getACL(); $config =& JCommentsFactory::getConfig(); $response =& JCommentsFactory::getAjaxResponse(); if ($acl->canComment()) { $values = JCommentsAJAX::prepareValues($_POST); $userIP = $acl->getUserIP(); if (!$my->id) { $noErrors = false; if (empty($values['name'])) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_NAME'), 'name'); } else { if (JCommentsSecurity::checkIsRegisteredUsername($values['name']) == 1) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_NAME_EXISTS'), 'name'); } else { if (JCommentsSecurity::checkIsForbiddenUsername($values['name']) == 1) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_FORBIDDEN_NAME'), 'name'); } else { if (preg_match('/[\\"\'\\[\\]\\=\\<\\>\\(\\)\\;]+/', $values['name'])) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_INVALID_NAME'), 'name'); } else { if ($config->get('username_maxlength') != 0 && JCommentsText::strlen($values['name']) > $config->get('username_maxlength')) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_TOO_LONG_USERNAME'), 'name'); } else { if ($config->get('author_email') == 2 && empty($values['email'])) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_EMAIL'), 'email'); } else { if (!empty($values['email']) && !preg_match(_JC_REGEXP_EMAIL2, $values['email'])) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_INCORRECT_EMAIL'), 'email'); } else { if ($config->get('author_email') != 0 && JCommentsSecurity::checkIsRegisteredEmail($values['email']) == 1) { // TODO: change this error message with more appropriate JCommentsAJAX::showErrorMessage(JText::_('ERROR_NAME_EXISTS'), 'email'); } else { if (empty($values['homepage']) && $config->get('author_homepage') == 2) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_HOMEPAGE'), 'homepage'); } else { $noErrors = true; } } } } } } } } } if (!$noErrors) { return $response; } } if ($acl->check('floodprotection') == 1 && JCommentsSecurity::checkFlood($userIP)) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_TOO_QUICK')); } else { if (empty($values['homepage']) && $config->get('author_homepage') == 3) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_HOMEPAGE'), 'homepage'); } else { if (empty($values['title']) && $config->get('comment_title') == 3) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_TITLE'), 'title'); } else { if (empty($values['comment'])) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_COMMENT'), 'comment'); } else { if ($config->getInt('comment_maxlength') != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($values['comment']) > $config->get('comment_maxlength')) { JCommentsAJAX::showErrorMessage(JText::_('Your comment is too long'), 'comment'); } else { if ($config->getInt('comment_minlength', 0) != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($values['comment']) < $config->get('comment_minlength')) { JCommentsAJAX::showErrorMessage(JText::_('Your comment is too short'), 'comment'); } else { if ($acl->check('enable_captcha') == 1) { $captchaEngine = $config->get('captcha_engine', 'kcaptcha'); if ($captchaEngine == 'kcaptcha') { require_once JCOMMENTS_BASE . DS . 'jcomments.captcha.php'; if (!JCommentsCaptcha::check($values['captcha-refid'])) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_CAPTCHA'), 'captcha'); JCommentsCaptcha::destroy(); $response->addScript("jcomments.clear('captcha');"); return $response; } } else { if ($config->getInt('enable_mambots') == 1) { require_once JCOMMENTS_HELPERS . DS . 'plugin.php'; JCommentsPluginHelper::importPlugin('jcomments'); $result = JCommentsPluginHelper::trigger('onJCommentsCaptchaVerify', array($values['captcha-refid'], &$response)); // if all plugins returns false if (!in_array(true, $result, true)) { JCommentsAJAX::showErrorMessage(JText::_('ERROR_CAPTCHA')); return $response; } } } } $db =& JCommentsFactory::getDBO(); // small fix (by default $my has empty 'name' and 'email' field) if ($my->id) { $currentUser = JCommentsFactory::getUser($my->id); $my->name = $currentUser->name; $my->username = $currentUser->username; $my->email = $currentUser->email; unset($currentUser); } $comment = new JCommentsDB($db); $comment->id = 0; $comment->name = $my->id ? $my->name : preg_replace("/[\\'\"\\>\\<\\(\\)\\[\\]]?+/i", '', $values['name']); $comment->username = $my->id ? $my->username : $comment->name; $comment->email = $my->id ? $my->email : (isset($values['email']) ? $values['email'] : ''); if ($config->getInt('author_homepage') != 0 && !empty($values['homepage'])) { $comment->homepage = JCommentsText::url($values['homepage']); } $comment->comment = $values['comment']; //$comment->comment = JCommentsText::nl2br(stripslashes($values['comment'])); // filter forbidden bbcodes $bbcode = JCommentsFactory::getBBCode(); $comment->comment = $bbcode->filter($comment->comment); if ($comment->comment != '') { if ($config->getInt('enable_custom_bbcode')) { // filter forbidden custom bbcodes $commentLength = strlen($comment->comment); $customBBCode =& JCommentsFactory::getCustomBBCode(); $comment->comment = $customBBCode->filter($comment->comment); if (strlen($comment->comment) == 0 && $commentLength > 0) { JCommentsAJAX::showErrorMessage(JText::_('You have no rights to use this tag'), 'comment'); return $response; } } } if ($comment->comment == '') { JCommentsAJAX::showErrorMessage(JText::_('ERROR_EMPTY_COMMENT'), 'comment'); return $response; } $commentWithoutQuotes = $bbcode->removeQuotes($comment->comment); if ($commentWithoutQuotes == '') { JCommentsAJAX::showErrorMessage(JText::_('ERROR_NOTHING_EXCEPT_QUOTES'), 'comment'); return $response; } else { if ($config->getInt('comment_minlength', 0) != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($commentWithoutQuotes) < $config->get('comment_minlength')) { JCommentsAJAX::showErrorMessage(JText::_('Your comment is too short'), 'comment'); return $response; } } unset($commentWithoutQuotes); $values['subscribe'] = isset($values['subscribe']) ? (int) $values['subscribe'] : 0; if ($values['subscribe'] == 1 && $comment->email == '') { JCommentsAJAX::showErrorMessage(JText::_('ERROR_SUBSCRIPTION_EMAIL'), 'email'); return $response; } $object_group = trim(strip_tags($values['object_group'])); $object_group = preg_replace('#[^0-9A-Za-z\\-\\_\\,\\.]#is', '', $object_group); $comment->object_id = (int) $values['object_id']; $comment->object_group = $object_group; $comment->title = isset($values['title']) ? $values['title'] : ''; $comment->parent = isset($values['parent']) ? intval($values['parent']) : 0; $comment->lang = JCommentsMultilingual::getLanguage(); $comment->ip = $userIP; $comment->userid = $my->id ? $my->id : 0; $comment->published = $acl->check('autopublish'); if (JCOMMENTS_JVERSION == '1.5') { $dateNow =& JFactory::getDate(); $comment->date = $dateNow->toMySQL(); } else { $comment->date = date('Y-m-d H:i:s', time() + $mainframe->getCfg('offset') * 60 * 60); } $query = "SELECT COUNT(*) " . "\nFROM #__jcomments " . "\nWHERE comment = '" . $db->getEscaped($comment->comment) . "'" . "\n AND ip = '" . $db->getEscaped($comment->ip) . "'" . "\n AND name = '" . $db->getEscaped($comment->name) . "'" . "\n AND userid = '" . $comment->userid . "'" . "\n AND object_id = " . $comment->object_id . "\n AND parent = " . $comment->parent . "\n AND object_group = '" . $db->getEscaped($comment->object_group) . "'" . (JCommentsMultilingual::isEnabled() ? "\nAND lang = '" . JCommentsMultilingual::getLanguage() . "'" : ""); $db->setQuery($query); $found = $db->loadResult(); // if duplicates is not found if ($found == 0) { // trigger onBeforeCommentAdded event $allowed = true; if ($config->getInt('enable_mambots') == 1) { require_once JCOMMENTS_HELPERS . DS . 'plugin.php'; JCommentsPluginHelper::importPlugin('jcomments'); JCommentsPluginHelper::trigger('onBeforeCommentAdded', array(&$comment, &$response, &$allowed)); } if ($allowed === false) { return $response; } // save comments subscription if ($values['subscribe']) { require_once JCOMMENTS_BASE . DS . 'jcomments.subscription.php'; $manager =& JCommentsSubscriptionManager::getInstance(); $manager->subscribe($comment->object_id, $comment->object_group, $comment->userid, $comment->email, $comment->name, $comment->lang); } $merged = false; $merge_time = $config->getInt('merge_time', 0); // merge comments from same author if ($my->id && $merge_time > 0) { // load previous comment for same object and group $prevComment = JComments::getLastComment($comment->object_id, $comment->object_group, $comment->parent); if ($prevComment != null) { // if previous comment from same author and it currently not edited // by any user - we'll update comment, else - insert new record to database if ($prevComment->userid == $comment->userid && $prevComment->parent == $comment->parent && !$acl->isLocked($prevComment)) { $newText = $prevComment->comment . '<br /><br />' . $comment->comment; $timeDiff = strtotime($comment->date) - strtotime($prevComment->datetime); if ($timeDiff < $merge_time) { $maxlength = $config->getInt('comment_maxlength'); $needcheck = $acl->check('enable_comment_length_check'); // validate new comment text length and if it longer than specified - // disable union current comment with previous if ($needcheck == 0 || $needcheck == 1 && $maxlength != 0 && JCommentsText::strlen($newText) <= $maxlength) { $comment->id = $prevComment->id; $comment->comment = $newText; $merged = true; } } } unset($prevComment); } } if ($comment->parent > 0) { $parent = new JCommentsDB($db); if ($parent->load($comment->parent)) { if ($config->getInt('comment_title') == 1 && $comment->title == '') { if (!empty($parent->title)) { $comment->title = JText::_('Re') . ' ' . $parent->title; } } $comment->level = $parent->level + 1; $comment->path = $parent->path . ',' . $parent->id; } } else { if ($config->getInt('comment_title') == 1 && $comment->title == '') { $object_title = JCommentsObjectHelper::getTitle($comment->object_id, $comment->object_group, $comment->lang); $comment->title = JText::_('Re') . ' ' . $object_title; } $comment->path = '0'; } // save new comment to database if (!$comment->store()) { $response->addScript("jcomments.clear('comment');"); if ($acl->check('enable_captcha') == 1) { JCommentsCaptcha::destroy(); $response->addScript("jcomments.clear('captcha');"); } $errorMessage = $db->getErrorMsg(); if ($errorMessage != '') { if ($my->usertype == 'Super Administrator') { JCommentsAJAX::showErrorMessage($db->getErrorMsg()); } } return $response; } // datetime field is used in prepareComment function $comment->datetime = $comment->date; if (is_string($comment->datetime)) { $comment->datetime = strtotime($comment->datetime); } if ($config->getInt('enable_mambots') == 1) { require_once JCOMMENTS_HELPERS . DS . 'plugin.php'; JCommentsPluginHelper::importPlugin('jcomments'); JCommentsPluginHelper::trigger('onAfterCommentAdded', array(&$comment, &$response, &$allowed)); } // send notification to administrators if ($config->getInt('enable_notification') == 1) { if ($config->check('notification_type', 1) == true) { JComments::sendNotification($comment, true); } } // if comment published we need update comments list if ($comment->published) { // send notification to comment subscribers JComments::sendToSubscribers($comment, true); $comment->usertype = $my->id != 0 ? str_replace(' ', '-', strtolower($my->usertype)) : 'guest'; if ($merged) { $commentText = $comment->comment; JComments::prepareComment($comment); $tmpl =& JCommentsFactory::getTemplate(); $tmpl->load('tpl_comment'); $tmpl->addVar('tpl_comment', 'get_comment_body', 1); $tmpl->addObject('tpl_comment', 'comment', $comment); $html = $tmpl->renderTemplate('tpl_comment'); $html = JCommentsText::jsEscape($html); $response->addScript("jcomments.updateComment(" . $comment->id . ", '{$html}');"); $comment->comment = $commentText; } else { $count = JCommentsModel::getCommentsCount($comment->object_id, $comment->object_group); if ($config->get('template_view') == 'tree') { if ($count > 1) { $html = JComments::getCommentListItem($comment); $html = JCommentsText::jsEscape($html); $response->addScript("jcomments.updateTree('{$html}','{$comment->parent}');"); } else { $html = JComments::getCommentsTree($comment->object_id, $comment->object_group); $html = JCommentsText::jsEscape($html); $response->addScript("jcomments.updateTree('{$html}',null);"); } } else { // if pagination disabled and comments count > 1... if ($config->getInt('comments_per_page') == 0 && $count > 1) { // update only added comment $html = JComments::getCommentListItem($comment); $html = JCommentsText::jsEscape($html); if ($config->get('comments_order') == 'DESC') { $response->addScript("jcomments.updateList('{$html}','p');"); } else { $response->addScript("jcomments.updateList('{$html}','a');"); } } else { // update comments list $html = JComments::getCommentsList($comment->object_id, $comment->object_group, JComments::getCommentPage($comment->object_id, $comment->object_group, $comment->id)); $html = JCommentsText::jsEscape($html); $response->addScript("jcomments.updateList('{$html}','r');"); } // scroll to first comment if ($config->get('comments_order') == 'DESC') { $response->addScript("jcomments.scrollToList();"); } } } JCommentsAJAX::showInfoMessage(JText::_('Thank you for your submission!')); } else { JCommentsAJAX::showInfoMessage(JText::_('Thank you, your comment will be published once reviewed')); } // clear comments textarea & update comment length counter if needed $response->addScript("jcomments.clear('comment');"); unset($comment); if ($acl->check('enable_captcha') == 1) { $captchaEngine = $config->get('captcha_engine', 'kcaptcha'); if ($captchaEngine == 'kcaptcha') { require_once JCOMMENTS_BASE . DS . 'jcomments.captcha.php'; JCommentsCaptcha::destroy(); $response->addScript("jcomments.clear('captcha');"); } } } else { JCommentsAJAX::showErrorMessage(JText::_('ERROR_DUPLICATE_COMMENT'), 'comment'); } } } } } } } } else { $response->addAlert(JText::_('ERROR_CANT_COMMENT')); } return $response; }
public static function addComment($values = array()) { if (JCommentsSecurity::badRequest() == 1) { JCommentsSecurity::notAuth(); } $user = JCommentsFactory::getUser(); $acl = JCommentsFactory::getACL(); $config = JCommentsFactory::getConfig(); $response = JCommentsFactory::getAjaxResponse(); if ($acl->canComment()) { $values = self::prepareValues($_POST); $object_group = isset($values['object_group']) ? JCommentsSecurity::clearObjectGroup($values['object_group']) : ''; $object_id = isset($values['object_id']) ? intval($values['object_id']) : ''; if ($object_group == '' || $object_id == '') { // TODO: add appropriate error message return $response; } $commentsPerObject = $config->getInt('max_comments_per_object'); if ($commentsPerObject > 0) { $commentsCount = JComments::getCommentsCount($object_id, $object_group); if ($commentsCount >= $commentsPerObject) { $message = $config->get('message_locked'); if (empty($message)) { $message = $config->get('ERROR_CANT_COMMENT'); } $message = self::escapeMessage($message); $response->addAlert($message); return $response; } } $userIP = $acl->getUserIP(); if (!$user->id) { $noErrors = false; if (isset($values['userid']) && intval($values['userid']) > 0) { // TODO: we need more correct way to detect login timeout self::showErrorMessage(JText::_('ERROR_SESSION_EXPIRED')); } else { if ($config->getInt('author_name', 2) == 2 && empty($values['name'])) { self::showErrorMessage(JText::_('ERROR_EMPTY_NAME'), 'name'); } else { if (JCommentsSecurity::checkIsRegisteredUsername($values['name']) == 1) { self::showErrorMessage(JText::_('ERROR_NAME_EXISTS'), 'name'); } else { if (JCommentsSecurity::checkIsForbiddenUsername($values['name']) == 1) { self::showErrorMessage(JText::_('ERROR_FORBIDDEN_NAME'), 'name'); } else { if (preg_match('/[\\"\'\\[\\]\\=\\<\\>\\(\\)\\;]+/', $values['name'])) { self::showErrorMessage(JText::_('ERROR_INVALID_NAME'), 'name'); } else { if ($config->get('username_maxlength') != 0 && JCommentsText::strlen($values['name']) > $config->get('username_maxlength')) { self::showErrorMessage(JText::_('ERROR_TOO_LONG_USERNAME'), 'name'); } else { if ($config->getInt('author_email') == 2 && empty($values['email'])) { self::showErrorMessage(JText::_('ERROR_EMPTY_EMAIL'), 'email'); } else { if (!empty($values['email']) && !preg_match(_JC_REGEXP_EMAIL2, $values['email'])) { self::showErrorMessage(JText::_('ERROR_INCORRECT_EMAIL'), 'email'); } else { if ($config->getInt('author_email') != 0 && JCommentsSecurity::checkIsRegisteredEmail($values['email']) == 1) { self::showErrorMessage(JText::_('ERROR_EMAIL_EXISTS'), 'email'); } else { if ($config->getInt('author_homepage') == 2 && empty($values['homepage'])) { self::showErrorMessage(JText::_('ERROR_EMPTY_HOMEPAGE'), 'homepage'); } else { $noErrors = true; } } } } } } } } } } if (!$noErrors) { return $response; } } if ($acl->check('floodprotection') == 1 && JCommentsSecurity::checkFlood($userIP)) { self::showErrorMessage(JText::_('ERROR_TOO_QUICK')); } else { if (empty($values['homepage']) && $config->get('author_homepage') == 3) { self::showErrorMessage(JText::_('ERROR_EMPTY_HOMEPAGE'), 'homepage'); } else { if (empty($values['title']) && $config->get('comment_title') == 3) { self::showErrorMessage(JText::_('ERROR_EMPTY_TITLE'), 'title'); } else { if (empty($values['comment'])) { self::showErrorMessage(JText::_('ERROR_EMPTY_COMMENT'), 'comment'); } else { if ($config->getInt('comment_maxlength') != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($values['comment']) > $config->get('comment_maxlength')) { self::showErrorMessage(JText::_('ERROR_YOUR_COMMENT_IS_TOO_LONG'), 'comment'); } else { if ($config->getInt('comment_minlength', 0) != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($values['comment']) < $config->get('comment_minlength')) { self::showErrorMessage(JText::_('ERROR_YOUR_COMMENT_IS_TOO_SHORT'), 'comment'); } else { if ($acl->check('enable_captcha') == 1) { $captchaEngine = $config->get('captcha_engine', 'kcaptcha'); if ($captchaEngine == 'kcaptcha') { require_once JCOMMENTS_BASE . DS . 'jcomments.captcha.php'; if (!JCommentsCaptcha::check($values['captcha_refid'])) { self::showErrorMessage(JText::_('ERROR_CAPTCHA'), 'captcha'); JCommentsCaptcha::destroy(); $response->addScript("jcomments.clear('captcha');"); return $response; } } else { $result = JCommentsEvent::trigger('onJCommentsCaptchaVerify', array($values['captcha_refid'], &$response)); // if all plugins returns false if (!in_array(true, $result, true)) { self::showErrorMessage(JText::_('ERROR_CAPTCHA')); return $response; } } } $db = JCommentsFactory::getDBO(); // small fix (by default $my has empty 'name' and 'email' field) if ($user->id) { $currentUser = JCommentsFactory::getUser($user->id); $user->name = $currentUser->name; $user->username = $currentUser->username; $user->email = $currentUser->email; unset($currentUser); } if (empty($values['name'])) { $values['name'] = 'Guest'; // JText::_('Guest'); } $comment = new JCommentsTableComment($db); $comment->id = 0; $comment->name = $user->id ? $user->name : preg_replace("/[\\'\"\\>\\<\\(\\)\\[\\]]?+/i", '', $values['name']); $comment->username = $user->id ? $user->username : $comment->name; $comment->email = $user->id ? $user->email : (isset($values['email']) ? $values['email'] : ''); if ($config->getInt('author_homepage') != 0 && !empty($values['homepage'])) { $comment->homepage = JCommentsText::url($values['homepage']); } $comment->comment = $values['comment']; // filter forbidden bbcodes $bbcode = JCommentsFactory::getBBCode(); $comment->comment = $bbcode->filter($comment->comment); if ($comment->comment != '') { if ($config->getInt('enable_custom_bbcode')) { // filter forbidden custom bbcodes $commentLength = strlen($comment->comment); $customBBCode = JCommentsFactory::getCustomBBCode(); $comment->comment = $customBBCode->filter($comment->comment); if (strlen($comment->comment) == 0 && $commentLength > 0) { self::showErrorMessage(JText::_('ERROR_YOU_HAVE_NO_RIGHTS_TO_USE_THIS_TAG'), 'comment'); return $response; } } } if ($comment->comment == '') { self::showErrorMessage(JText::_('ERROR_EMPTY_COMMENT'), 'comment'); return $response; } $commentWithoutQuotes = $bbcode->removeQuotes($comment->comment); if ($commentWithoutQuotes == '') { self::showErrorMessage(JText::_('ERROR_NOTHING_EXCEPT_QUOTES'), 'comment'); return $response; } else { if ($config->getInt('comment_minlength', 0) != 0 && $acl->check('enable_comment_length_check') == 1 && JCommentsText::strlen($commentWithoutQuotes) < $config->get('comment_minlength')) { self::showErrorMessage(JText::_('ERROR_YOUR_COMMENT_IS_TOO_SHORT'), 'comment'); return $response; } } $values['subscribe'] = isset($values['subscribe']) ? (int) $values['subscribe'] : 0; if ($values['subscribe'] == 1 && $comment->email == '') { self::showErrorMessage(JText::_('ERROR_SUBSCRIPTION_EMAIL'), 'email'); return $response; } $comment->object_id = (int) $object_id; $comment->object_group = $object_group; $comment->title = isset($values['title']) ? $values['title'] : ''; $comment->parent = isset($values['parent']) ? intval($values['parent']) : 0; $comment->lang = JCommentsMultilingual::getLanguage(); $comment->ip = $userIP; $comment->userid = $user->id ? $user->id : 0; $comment->published = $acl->check('autopublish'); $comment->date = JCommentsFactory::getDate(); $query = "SELECT COUNT(*) " . "\nFROM #__jcomments " . "\nWHERE comment = '" . $db->getEscaped($comment->comment) . "'" . "\n AND ip = '" . $db->getEscaped($comment->ip) . "'" . "\n AND name = '" . $db->getEscaped($comment->name) . "'" . "\n AND userid = '" . $comment->userid . "'" . "\n AND object_id = " . $comment->object_id . "\n AND parent = " . $comment->parent . "\n AND object_group = '" . $db->getEscaped($comment->object_group) . "'" . (JCommentsMultilingual::isEnabled() ? "\nAND lang = '" . JCommentsMultilingual::getLanguage() . "'" : ""); $db->setQuery($query); $found = $db->loadResult(); // if duplicates is not found if ($found == 0) { $result = JCommentsEvent::trigger('onJCommentsCommentBeforeAdd', array(&$comment)); if (in_array(false, $result, true)) { return $response; } // save comments subscription if ($values['subscribe']) { require_once JCOMMENTS_BASE . DS . 'jcomments.subscription.php'; $manager = JCommentsSubscriptionManager::getInstance(); $manager->subscribe($comment->object_id, $comment->object_group, $comment->userid, $comment->email, $comment->name, $comment->lang); } $merged = false; $merge_time = $config->getInt('merge_time', 0); // merge comments from same author if ($user->id && $merge_time > 0) { // load previous comment for same object and group $prevComment = JCommentsModel::getLastComment($comment->object_id, $comment->object_group, $comment->parent); if ($prevComment != null) { // if previous comment from same author and it currently not edited // by any user - we'll update comment, else - insert new record to database if ($prevComment->userid == $comment->userid && $prevComment->parent == $comment->parent && !$acl->isLocked($prevComment)) { $newText = $prevComment->comment . '<br /><br />' . $comment->comment; $timeDiff = strtotime($comment->date) - strtotime($prevComment->date); if ($timeDiff < $merge_time) { $maxlength = $config->getInt('comment_maxlength'); $needcheck = $acl->check('enable_comment_length_check'); // validate new comment text length and if it longer than specified - // disable union current comment with previous if ($needcheck == 0 || $needcheck == 1 && $maxlength != 0 && JCommentsText::strlen($newText) <= $maxlength) { $comment->id = $prevComment->id; $comment->comment = $newText; $merged = true; } } } unset($prevComment); } } // save new comment to database if (!$comment->store()) { $response->addScript("jcomments.clear('comment');"); if ($acl->check('enable_captcha') == 1 && $config->get('captcha_engine', 'kcaptcha') == 'kcaptcha') { JCommentsCaptcha::destroy(); $response->addScript("jcomments.clear('captcha');"); } return $response; } // store/update information about commented object JCommentsObjectHelper::storeObjectInfo($comment->object_id, $comment->object_group, $comment->lang); JCommentsEvent::trigger('onJCommentsCommentAfterAdd', array(&$comment)); // send notification to administrators if ($config->getInt('enable_notification') == 1) { if ($config->check('notification_type', 1) == true) { JComments::sendNotification($comment, true); } } // if comment published we need update comments list if ($comment->published) { // send notification to comment subscribers JComments::sendToSubscribers($comment, true); if ($merged) { $commentText = $comment->comment; $html = JCommentsText::jsEscape(JComments::getCommentItem($comment)); $response->addScript("jcomments.updateComment(" . $comment->id . ", '{$html}');"); $comment->comment = $commentText; } else { $count = JComments::getCommentsCount($comment->object_id, $comment->object_group); if ($config->get('template_view') == 'tree') { if ($count > 1) { $html = JComments::getCommentListItem($comment); $html = JCommentsText::jsEscape($html); $mode = $config->getInt('tree_order') == 1 || $config->getInt('tree_order') == 2 && $comment->parent > 0 ? 'b' : 'a'; $response->addScript("jcomments.updateTree('{$html}','{$comment->parent}','{$mode}');"); } else { $html = JComments::getCommentsTree($comment->object_id, $comment->object_group); $html = JCommentsText::jsEscape($html); $response->addScript("jcomments.updateTree('{$html}',null);"); } } else { // if pagination disabled and comments count > 1... if ($config->getInt('comments_per_page') == 0 && $count > 1) { // update only added comment $html = JComments::getCommentListItem($comment); $html = JCommentsText::jsEscape($html); if ($config->get('comments_order') == 'DESC') { $response->addScript("jcomments.updateList('{$html}','p');"); } else { $response->addScript("jcomments.updateList('{$html}','a');"); } } else { // update comments list $html = JComments::getCommentsList($comment->object_id, $comment->object_group, JComments::getCommentPage($comment->object_id, $comment->object_group, $comment->id)); $html = JCommentsText::jsEscape($html); $response->addScript("jcomments.updateList('{$html}','r');"); } // scroll to first comment if ($config->get('comments_order') == 'DESC') { $response->addScript("jcomments.scrollToList();"); } } } self::showInfoMessage(JText::_('THANK_YOU_FOR_YOUR_SUBMISSION')); } else { self::showInfoMessage(JText::_('THANK_YOU_YOUR_COMMENT_WILL_BE_PUBLISHED_ONCE_REVIEWED')); } // clear comments textarea & update comment length counter if needed $response->addScript("jcomments.clear('comment');"); if ($acl->check('enable_captcha') == 1 && $config->get('captcha_engine', 'kcaptcha') == 'kcaptcha') { require_once JCOMMENTS_BASE . DS . 'jcomments.captcha.php'; JCommentsCaptcha::destroy(); $response->addScript("jcomments.clear('captcha');"); } } else { self::showErrorMessage(JText::_('ERROR_DUPLICATE_COMMENT'), 'comment'); } } } } } } } } else { $message = $config->get('ERROR_CANT_COMMENT'); if ($acl->getUserBlocked()) { $bannedMessage = $config->get('message_banned'); if (!empty($bannedMessage)) { $message = self::escapeMessage($bannedMessage); } } $response->addAlert($message); } return $response; }