Esempio n. 1
0
 function comment()
 {
     $mainframe = JFactory::getApplication();
     jimport('joomla.mail.helper');
     JTable::addIncludePath(JPATH_COMPONENT_ADMINISTRATOR . DS . 'tables');
     $params = K2HelperUtilities::getParams('com_k2');
     $user = JFactory::getUser();
     $config = JFactory::getConfig();
     JLoader::register('Services_JSON', JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_k2' . DS . 'lib' . DS . 'JSON.php');
     $json = new Services_JSON();
     $response = new JObject();
     //Get item
     $item = JTable::getInstance('K2Item', 'Table');
     $item->load(JRequest::getInt('itemID'));
     //Get category
     $category = JTable::getInstance('K2Category', 'Table');
     $category->load($item->catid);
     //Access check
     if (K2_JVERSION != '15') {
         if (!in_array($item->access, $user->getAuthorisedViewLevels()) || !in_array($category->access, $user->getAuthorisedViewLevels())) {
             JError::raiseError(403, JText::_('K2_ALERTNOTAUTH'));
         }
     } else {
         if ($item->access > $user->get('aid', 0) || $category->access > $user->get('aid', 0)) {
             JError::raiseError(403, JText::_('K2_ALERTNOTAUTH'));
         }
     }
     //Published check
     if (!$item->published || $item->trash) {
         JError::raiseError(404, JText::_('K2_ITEM_NOT_FOUND'));
     }
     if (!$category->published || $category->trash) {
         JError::raiseError(404, JText::_('K2_ITEM_NOT_FOUND'));
     }
     //Check permissions
     if ($params->get('comments') == '2' && $user->id > 0 && K2HelperPermissions::canAddComment($item->catid) || $params->get('comments') == '1') {
         $row = JTable::getInstance('K2Comment', 'Table');
         if (!$row->bind(JRequest::get('post'))) {
             $response->message($row->getError());
             echo $json->encode($response);
             $mainframe->close();
         }
         $row->commentText = JRequest::getString('commentText', '', 'default');
         $row->commentText = strip_tags($row->commentText);
         //Strip a tags since all urls will be converted to links automatically on runtime.
         //Additionaly strip tables to avoid layout issues.
         //Also strip all attributes except src, alt and title.
         //$filter	= new JFilterInput(array('a', 'table'), array('src', 'alt', 'title'), 1);
         //$row->commentText = $filter->clean( $row->commentText );
         //Clean vars
         $filter = JFilterInput::getInstance();
         $row->userName = $filter->clean($row->userName, 'username');
         if ($row->commentURL && preg_match('/^((http|https|ftp):\\/\\/)?[a-z0-9]+([\\-\\.]{1}[a-z0-9]+)*\\.[a-z]{2,6}((:[0-9]{1,5})?\\/.*)?$/i', $row->commentURL)) {
             $url = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $row->commentURL);
             $url = str_replace(';//', '://', $url);
             if ($url != '') {
                 $url = !strstr($url, '://') ? 'http://' . $url : $url;
                 $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
                 $row->commentURL = $url;
             }
         } else {
             $row->commentURL = '';
         }
         $datenow = JFactory::getDate();
         $row->commentDate = K2_JVERSION == '15' ? $datenow->toMySQL() : $datenow->toSql();
         if (!$user->guest) {
             $row->userID = $user->id;
             $row->commentEmail = $user->email;
             $row->userName = $user->name;
         }
         $userName = trim($row->userName);
         $commentEmail = trim($row->commentEmail);
         $commentText = trim($row->commentText);
         $commentURL = trim($row->commentURL);
         if (empty($userName) || $userName == JText::_('K2_ENTER_YOUR_NAME') || empty($commentText) || $commentText == JText::_('K2_ENTER_YOUR_MESSAGE_HERE') || empty($commentEmail) || $commentEmail == JText::_('K2_ENTER_YOUR_EMAIL_ADDRESS')) {
             $response->message = JText::_('K2_YOU_NEED_TO_FILL_IN_ALL_REQUIRED_FIELDS');
             echo $json->encode($response);
             $mainframe->close();
         }
         if (!JMailHelper::isEmailAddress($commentEmail)) {
             $response->message = JText::_('K2_INVALID_EMAIL_ADDRESS');
             echo $json->encode($response);
             $mainframe->close();
         }
         if ($user->guest) {
             $db = JFactory::getDBO();
             $query = "SELECT COUNT(*) FROM #__users WHERE name=" . $db->Quote($userName) . " OR email=" . $db->Quote($commentEmail);
             $db->setQuery($query);
             $result = $db->loadresult();
             if ($result > 0) {
                 $response->message = JText::_('K2_THE_NAME_OR_EMAIL_ADDRESS_YOU_TYPED_IS_ALREADY_IN_USE');
                 echo $json->encode($response);
                 $mainframe->close();
             }
         }
         // Google reCAPTCHA
         if ($params->get('antispam') == 'recaptcha' || $params->get('antispam') == 'both') {
             if ($user->guest || $params->get('recaptchaForRegistered', 1)) {
                 if (!function_exists('_recaptcha_qsencode')) {
                     require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_k2' . DS . 'lib' . DS . 'recaptchalib.php';
                 }
                 $privatekey = $params->get('recaptcha_private_key');
                 $recaptcha_challenge_field = isset($_POST["recaptcha_challenge_field"]) ? $_POST["recaptcha_challenge_field"] : '';
                 $recaptcha_response_field = isset($_POST["recaptcha_response_field"]) ? $_POST["recaptcha_response_field"] : '';
                 $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $recaptcha_challenge_field, $recaptcha_response_field);
                 if (!$resp->is_valid) {
                     $response->message = JText::_('K2_THE_WORDS_YOU_TYPED_DID_NOT_MATCH_THE_ONES_DISPLAYED_PLEASE_TRY_AGAIN');
                     echo $json->encode($response);
                     $mainframe->close();
                 }
             }
         }
         // Akismet
         if ($params->get('antispam') == 'akismet' || $params->get('antispam') == 'both') {
             if ($user->guest || $params->get('akismetForRegistered', 1)) {
                 if ($params->get('akismetApiKey')) {
                     require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_k2' . DS . 'lib' . DS . 'akismet.class.php';
                     $akismetApiKey = $params->get('akismetApiKey');
                     $akismet = new Akismet(JURI::root(false), $akismetApiKey);
                     $akismet->setCommentAuthor($userName);
                     $akismet->setCommentAuthorEmail($commentEmail);
                     $akismet->setCommentAuthorURL($commentURL);
                     $akismet->setCommentContent($commentText);
                     $akismet->setPermalink(JURI::root(false) . 'index.php?option=com_k2&view=item&id=' . JRequest::getInt('itemID'));
                     try {
                         if ($akismet->isCommentSpam()) {
                             $response->message = JText::_('K2_SPAM_ATTEMPT_HAS_BEEN_DETECTED_THE_COMMENT_HAS_BEEN_REJECTED');
                             echo $json->encode($response);
                             $mainframe->close();
                         }
                     } catch (Exception $e) {
                         $response->message = $e->getMessage();
                         echo $json->encode($response);
                         $mainframe->close();
                     }
                 }
             }
         }
         if ($commentURL == JText::_('K2_ENTER_YOUR_SITE_URL') || $commentURL == "") {
             $row->commentURL = NULL;
         } else {
             if (substr($commentURL, 0, 7) != 'http://') {
                 $row->commentURL = 'http://' . $commentURL;
             }
         }
         if ($params->get('commentsPublishing')) {
             $row->published = 1;
         } else {
             $row->published = 0;
             // Auto publish comments for users with administrative permissions
             if (K2_JVERSION != '15') {
                 if ($user->authorise('core.admin')) {
                     $row->published = 1;
                 }
             } else {
                 if ($user->gid > 23) {
                     $row->published = 1;
                 }
             }
         }
         if (!$row->store()) {
             $response->message = $row->getError();
             echo $json->encode($response);
             $mainframe->close();
         }
         if ($row->published) {
             $caching = K2_JVERSION == '30' ? $config->get('caching') : $config->getValue('config.caching');
             if ($caching && $user->guest) {
                 $response->message = JText::_('K2_THANK_YOU_YOUR_COMMENT_WILL_BE_PUBLISHED_SHORTLY');
                 echo $json->encode($response);
             } else {
                 $response->message = JText::_('K2_COMMENT_ADDED_REFRESHING_PAGE');
                 $response->refresh = 1;
                 echo $json->encode($response);
             }
         } else {
             $response->message = JText::_('K2_COMMENT_ADDED_AND_WAITING_FOR_APPROVAL');
             echo $json->encode($response);
         }
     }
     $mainframe->close();
 }