function comment()
{
$mainframe = JFactory::getApplication();
jimport('joomla.mail.helper');
JTable::addIncludePath(JPATH_COMPONENT_ADMINISTRATOR . DS . 'tables');
$params = K2HelperUtilities::getParams('com_k2');
$user = JFactory::getUser();
$config = JFactory::getConfig();
JLoader::register('Services_JSON', JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_k2' . DS . 'lib' . DS . 'JSON.php');
$json = new Services_JSON();
$response = new JObject();
//Get item
$item = JTable::getInstance('K2Item', 'Table');
$item->load(JRequest::getInt('itemID'));
//Get category
$category = JTable::getInstance('K2Category', 'Table');
$category->load($item->catid);
//Access check
if (K2_JVERSION != '15') {
if (!in_array($item->access, $user->getAuthorisedViewLevels()) || !in_array($category->access, $user->getAuthorisedViewLevels())) {
JError::raiseError(403, JText::_('K2_ALERTNOTAUTH'));
}
} else {
if ($item->access > $user->get('aid', 0) || $category->access > $user->get('aid', 0)) {
JError::raiseError(403, JText::_('K2_ALERTNOTAUTH'));
}
}
//Published check
if (!$item->published || $item->trash) {
JError::raiseError(404, JText::_('K2_ITEM_NOT_FOUND'));
}
if (!$category->published || $category->trash) {
JError::raiseError(404, JText::_('K2_ITEM_NOT_FOUND'));
}
//Check permissions
if ($params->get('comments') == '2' && $user->id > 0 && K2HelperPermissions::canAddComment($item->catid) || $params->get('comments') == '1') {
$row = JTable::getInstance('K2Comment', 'Table');
if (!$row->bind(JRequest::get('post'))) {
$response->message($row->getError());
echo $json->encode($response);
$mainframe->close();
}
$row->commentText = JRequest::getString('commentText', '', 'default');
$row->commentText = strip_tags($row->commentText);
//Strip a tags since all urls will be converted to links automatically on runtime.
//Additionaly strip tables to avoid layout issues.
//Also strip all attributes except src, alt and title.
//$filter = new JFilterInput(array('a', 'table'), array('src', 'alt', 'title'), 1);
//$row->commentText = $filter->clean( $row->commentText );
//Clean vars
$filter = JFilterInput::getInstance();
$row->userName = $filter->clean($row->userName, 'username');
if ($row->commentURL && preg_match('/^((http|https|ftp):\\/\\/)?[a-z0-9]+([\\-\\.]{1}[a-z0-9]+)*\\.[a-z]{2,6}((:[0-9]{1,5})?\\/.*)?$/i', $row->commentURL)) {
$url = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $row->commentURL);
$url = str_replace(';//', '://', $url);
if ($url != '') {
$url = !strstr($url, '://') ? 'http://' . $url : $url;
$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
$row->commentURL = $url;
}
} else {
$row->commentURL = '';
}
$datenow = JFactory::getDate();
$row->commentDate = K2_JVERSION == '15' ? $datenow->toMySQL() : $datenow->toSql();
if (!$user->guest) {
$row->userID = $user->id;
$row->commentEmail = $user->email;
$row->userName = $user->name;
}
$userName = trim($row->userName);
$commentEmail = trim($row->commentEmail);
$commentText = trim($row->commentText);
$commentURL = trim($row->commentURL);
if (empty($userName) || $userName == JText::_('K2_ENTER_YOUR_NAME') || empty($commentText) || $commentText == JText::_('K2_ENTER_YOUR_MESSAGE_HERE') || empty($commentEmail) || $commentEmail == JText::_('K2_ENTER_YOUR_EMAIL_ADDRESS')) {
$response->message = JText::_('K2_YOU_NEED_TO_FILL_IN_ALL_REQUIRED_FIELDS');
echo $json->encode($response);
$mainframe->close();
}
if (!JMailHelper::isEmailAddress($commentEmail)) {
$response->message = JText::_('K2_INVALID_EMAIL_ADDRESS');
echo $json->encode($response);
$mainframe->close();
}
if ($user->guest) {
$db = JFactory::getDBO();
$query = "SELECT COUNT(*) FROM #__users WHERE name=" . $db->Quote($userName) . " OR email=" . $db->Quote($commentEmail);
$db->setQuery($query);
$result = $db->loadresult();
if ($result > 0) {
$response->message = JText::_('K2_THE_NAME_OR_EMAIL_ADDRESS_YOU_TYPED_IS_ALREADY_IN_USE');
echo $json->encode($response);
$mainframe->close();
}
}
// Google reCAPTCHA
if ($params->get('antispam') == 'recaptcha' || $params->get('antispam') == 'both') {
if ($user->guest || $params->get('recaptchaForRegistered', 1)) {
if (!function_exists('_recaptcha_qsencode')) {
require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_k2' . DS . 'lib' . DS . 'recaptchalib.php';
}
$privatekey = $params->get('recaptcha_private_key');
$recaptcha_challenge_field = isset($_POST["recaptcha_challenge_field"]) ? $_POST["recaptcha_challenge_field"] : '';
$recaptcha_response_field = isset($_POST["recaptcha_response_field"]) ? $_POST["recaptcha_response_field"] : '';
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $recaptcha_challenge_field, $recaptcha_response_field);
if (!$resp->is_valid) {
$response->message = JText::_('K2_THE_WORDS_YOU_TYPED_DID_NOT_MATCH_THE_ONES_DISPLAYED_PLEASE_TRY_AGAIN');
echo $json->encode($response);
$mainframe->close();
}
}
}
// Akismet
if ($params->get('antispam') == 'akismet' || $params->get('antispam') == 'both') {
if ($user->guest || $params->get('akismetForRegistered', 1)) {
if ($params->get('akismetApiKey')) {
require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_k2' . DS . 'lib' . DS . 'akismet.class.php';
$akismetApiKey = $params->get('akismetApiKey');
$akismet = new Akismet(JURI::root(false), $akismetApiKey);
$akismet->setCommentAuthor($userName);
$akismet->setCommentAuthorEmail($commentEmail);
$akismet->setCommentAuthorURL($commentURL);
$akismet->setCommentContent($commentText);
$akismet->setPermalink(JURI::root(false) . 'index.php?option=com_k2&view=item&id=' . JRequest::getInt('itemID'));
try {
if ($akismet->isCommentSpam()) {
$response->message = JText::_('K2_SPAM_ATTEMPT_HAS_BEEN_DETECTED_THE_COMMENT_HAS_BEEN_REJECTED');
echo $json->encode($response);
$mainframe->close();
}
} catch (Exception $e) {
$response->message = $e->getMessage();
echo $json->encode($response);
$mainframe->close();
}
}
}
}
if ($commentURL == JText::_('K2_ENTER_YOUR_SITE_URL') || $commentURL == "") {
$row->commentURL = NULL;
} else {
if (substr($commentURL, 0, 7) != 'http://') {
$row->commentURL = 'http://' . $commentURL;
}
}
if ($params->get('commentsPublishing')) {
$row->published = 1;
} else {
$row->published = 0;
// Auto publish comments for users with administrative permissions
if (K2_JVERSION != '15') {
if ($user->authorise('core.admin')) {
$row->published = 1;
}
} else {
if ($user->gid > 23) {
$row->published = 1;
}
}
}
if (!$row->store()) {
$response->message = $row->getError();
echo $json->encode($response);
$mainframe->close();
}
if ($row->published) {
$caching = K2_JVERSION == '30' ? $config->get('caching') : $config->getValue('config.caching');
if ($caching && $user->guest) {
$response->message = JText::_('K2_THANK_YOU_YOUR_COMMENT_WILL_BE_PUBLISHED_SHORTLY');
echo $json->encode($response);
} else {
$response->message = JText::_('K2_COMMENT_ADDED_REFRESHING_PAGE');
$response->refresh = 1;
echo $json->encode($response);
}
} else {
$response->message = JText::_('K2_COMMENT_ADDED_AND_WAITING_FOR_APPROVAL');
echo $json->encode($response);
}
}
$mainframe->close();
}
