Esempio n. 1
0
 function _processData()
 {
     // don't process anything if the form hasn't been submitted
     if (empty($this->_data['task']) || $this->_data['task'] != 'submit') {
         return;
     }
     $mainframe =& JFactory::getApplication();
     // get the customer (ticket submitter) information
     $user = JFactory::getUser();
     if ($mainframe->isSite() && $user->get('guest') || $mainframe->isAdmin() && $this->_data['submit_type'] == 1) {
         jimport('joomla.mail.helper');
         if (empty($this->_data['email']) || !JMailHelper::isEmailAddress($this->_data['email'])) {
             JError::raiseNotice(500, JText::_('RST_TICKET_EMAIL_ERROR'));
             return;
         }
         $this->_db->setQuery("SELECT id FROM #__users WHERE email LIKE '" . $this->_db->getEscaped($this->_data['email']) . "'");
         $user_id = $this->_db->loadResult();
         if ($user_id && RSTicketsProHelper::isStaff($user_id)) {
             JError::raiseNotice(500, JText::sprintf('RST_TICKET_EMAIL_STAFF_ERROR', $this->_data['email']));
             return;
         }
         $this->_data['customer_id'] = 0;
         if (empty($this->_data['name'])) {
             JError::raiseNotice(500, JText::_('RST_TICKET_NAME_ERROR'));
             return;
         }
     } else {
         $this->_data['email'] = $user->get('email');
         $this->_data['name'] = $user->get('name');
         $this->_data['customer_id'] = $user->get('id');
         if (RSTicketsProHelper::isStaff()) {
             $permissions = RSTicketsProHelper::getCurrentPermissions();
             if (!$permissions->add_ticket && !$permissions->add_ticket_customers && !$permissions->add_ticket_staff) {
                 JError::raiseWarning(500, JText::_('RST_STAFF_CANNOT_SUBMIT_TICKET'));
                 $mainframe->redirect(RSTicketsProHelper::route('index.php?option=com_rsticketspro&view=rsticketspro', false));
             } elseif ($permissions->add_ticket_customers || $permissions->add_ticket_staff) {
                 $this->_data['email'] = '';
                 $this->_data['name'] = '';
                 $this->_data['customer_id'] = 0;
                 $customer_id = JRequest::getInt('customer_id', 0, 'post');
                 if ($mainframe->isSite() && !$customer_id || $mainframe->isAdmin() && $this->_data['submit_type'] == 2 && !$customer_id) {
                     JError::raiseNotice(500, JText::_('RST_TICKET_CUSTOMER_ERROR'));
                     return;
                 }
                 $customer = JFactory::getUser($customer_id);
                 $this->_data['email'] = $customer->get('email');
                 $this->_data['name'] = $customer->get('name');
                 $this->_data['customer_id'] = $customer->get('id');
             }
         }
     }
     // must select a department
     if (empty($this->_data['department_id'])) {
         JError::raiseNotice(500, JText::_('RST_TICKET_DEPARTMENT_ERROR'));
         return;
     }
     // get all custom fields
     $custom_fields = $this->_getList("SELECT * FROM #__rsticketspro_custom_fields WHERE department_id='" . (int) $this->_data['department_id'] . "' AND published=1 ORDER BY ordering");
     // get the submitted custom fields
     $sent_custom_fields = JRequest::getVar('rst_custom_fields', array(), 'post');
     $sent_custom_fields = @$sent_custom_fields['department_' . $this->_data['department_id']];
     // add the custom fields to an array so that we can send them as a parameter later on
     $correct_custom_fields = array();
     foreach ($custom_fields as $field) {
         if ($field->type == 'freetext') {
             continue;
         }
         if ($field->required) {
             $validation_message = JText::_($field->validation);
             if (empty($validation_message)) {
                 $validation_message = JText::sprintf('RST_VALIDATION_DEFAULT_ERROR', JText::_($field->label));
             }
             if (empty($sent_custom_fields[$field->name])) {
                 JError::raiseNotice(500, $validation_message);
                 return false;
             } elseif (is_array($sent_custom_fields[$field->name]) && empty($sent_custom_fields[$field->name][0])) {
                 JError::raiseNotice(500, $validation_message);
                 return false;
             }
         }
         if (!empty($sent_custom_fields[$field->name])) {
             $correct_custom_fields[$field->id] = $sent_custom_fields[$field->name];
         }
     }
     // must write a subject
     if (empty($this->_data['subject'])) {
         JError::raiseNotice(500, JText::_('RST_TICKET_SUBJECT_ERROR'));
         return;
     }
     // must write a message
     if (empty($this->_data['message'])) {
         JError::raiseNotice(500, JText::_('RST_TICKET_MESSAGE_ERROR'));
         return;
     }
     // must select a priority
     if (empty($this->_data['priority_id'])) {
         JError::raiseNotice(500, JText::_('RST_TICKET_PRIORITY_ERROR'));
         return;
     }
     if ($mainframe->isSite()) {
         $captcha_enabled = RSTicketsProHelper::getConfig('captcha_enabled');
         $use_captcha = $this->getUseCaptcha();
         if ($use_captcha && $captcha_enabled) {
             if ($captcha_enabled == 1) {
                 $captcha_image = new JSecurImage();
                 $valid = $captcha_image->check($this->_data['captcha']);
                 if (!$valid) {
                     JError::raiseNotice(500, JText::_('RST_TICKET_CAPTCHA_ERROR'));
                     return;
                 }
             } elseif ($captcha_enabled == 2) {
                 $privatekey = RSTicketsProHelper::getConfig('recaptcha_private_key');
                 $response = JReCAPTCHA::checkAnswer($privatekey, @$_SERVER['REMOTE_ADDR'], @$this->_data['recaptcha_challenge_field'], @$this->_data['recaptcha_response_field']);
                 if ($response === false || !$response->is_valid) {
                     $this->recaptcha_error = @$response->error;
                     JError::raiseNotice(500, JText::_('RST_TICKET_CAPTCHA_ERROR'));
                     return;
                 }
             }
         }
     }
     $this->_data['agent'] = @$_SERVER['HTTP_USER_AGENT'];
     $this->_data['referer'] = @$_SERVER['HTTP_REFERER'];
     $this->_data['ip'] = @$_SERVER['REMOTE_ADDR'];
     $correct_files = array();
     if ($this->getCanUpload()) {
         $department =& JTable::getInstance('RSTicketsPro_Departments', 'Table');
         $department->load($this->_data['department_id']);
         $upload_extensions = str_replace("\r\n", "\n", $department->upload_extensions);
         $upload_extensions = explode("\n", $upload_extensions);
         $files = JRequest::get('files');
         $files = @$files['rst_files'];
         if (is_array($files)) {
             foreach ($files['tmp_name'] as $i => $file_tmp) {
                 if ($files['error'][$i] == 4) {
                     continue;
                 }
                 switch ($files['error'][$i]) {
                     default:
                         $msg = 'RST_TICKET_UPLOAD_ERROR';
                         break;
                     case 1:
                         $msg = 'RST_TICKET_UPLOAD_ERROR_INI_SIZE';
                         break;
                     case 2:
                         $msg = 'RST_TICKET_UPLOAD_ERROR_FORM_SIZE';
                         break;
                     case 3:
                         $msg = 'RST_TICKET_UPLOAD_ERROR_PARTIAL';
                         break;
                     case 6:
                         $msg = 'RST_TICKET_UPLOAD_ERROR_NO_TMP_DIR';
                         break;
                     case 7:
                         $msg = 'RST_TICKET_UPLOAD_ERROR_CANT_WRITE';
                         break;
                     case 8:
                         $msg = 'RST_TICKET_UPLOAD_ERROR_PHP_EXTENSION';
                         break;
                 }
                 $file_name = $files['name'][$i];
                 if ($files['error'][$i]) {
                     JError::raiseWarning(500, JText::sprintf($msg, $file_name));
                     return;
                 }
                 if (!RSTicketsProHelper::isAllowedExtension(RSTicketsProHelper::getExtension($file_name), $upload_extensions)) {
                     $upload_extensions = implode(', ', $upload_extensions);
                     JError::raiseNotice(500, JText::sprintf('RST_TICKET_UPLOAD_EXTENSION_ERROR', $file_name, $upload_extensions));
                     return;
                 }
                 if ($department->upload_size > 0 && $files['size'][$i] > $department->upload_size * 1048576) {
                     JError::raiseWarning(500, JText::sprintf('RST_TICKET_UPLOAD_SIZE_ERROR', $file_name, $department->upload_size));
                     return;
                 }
                 $correct_files[] = array('src' => 'upload', 'tmp_name' => $file_tmp, 'name' => $file_name);
             }
         }
     }
     RSTicketsProHelper::addTicket($this->_data, $correct_custom_fields, $correct_files);
     $redirect = RSTicketsProHelper::getConfig('submit_redirect');
     if ($redirect && $mainframe->isSite()) {
         $mainframe->redirect($redirect);
     } else {
         $mainframe->redirect(RSTicketsProHelper::route('index.php?option=com_rsticketspro&view=submit', false), JText::_('RST_TICKET_SUBMIT_OK'));
     }
 }
Esempio n. 2
0
 function _bindData($verbose = true)
 {
     $option = 'com_rsmembership';
     jimport('joomla.mail.helper');
     $return = true;
     $post = JRequest::get('post');
     if (empty($post)) {
         return false;
     }
     $this->_data = new stdClass();
     $user =& JFactory::getUser();
     $choose_username = RSMembershipHelper::getConfig('choose_username');
     if ($choose_username) {
         $post['username'] = str_replace('-', '_', JFilterOutput::linkXHTMLSafe(@$post['username']));
         if ($user->get('guest')) {
             if (empty($post['username']) || strlen($post['username']) < 2) {
                 if ($verbose) {
                     JError::raiseWarning(500, JText::_('RSM_PLEASE_TYPE_USERNAME'));
                 }
                 $return = false;
             }
             $this->_db->setQuery("SELECT id FROM #__users WHERE username='******'username']) . "'");
             if ($this->_db->loadResult()) {
                 if ($verbose) {
                     JError::raiseWarning(500, JText::_('RSM_USERNAME_NOT_OK'));
                 }
                 $return = false;
             }
         }
         $this->_data->username = $user->get('guest') ? @$post['username'] : $user->get('username');
     }
     $choose_password = RSMembershipHelper::getConfig('choose_password');
     if ($choose_password) {
         $password = JRequest::getVar('password', '', 'default', 'none', JREQUEST_ALLOWRAW);
         $password2 = JRequest::getVar('password2', '', 'default', 'none', JREQUEST_ALLOWRAW);
         if ($user->get('guest')) {
             if (!strlen($password)) {
                 if ($verbose) {
                     JError::raiseWarning(500, JText::_('RSM_PLEASE_TYPE_PASSWORD'));
                 }
                 $return = false;
             } elseif (strlen($password) < 6) {
                 if ($verbose) {
                     JError::raiseWarning(500, JText::_('RSM_PLEASE_TYPE_PASSWORD_6'));
                 }
                 $return = false;
             } elseif ($password != $password2) {
                 if ($verbose) {
                     JError::raiseWarning(500, JText::_('RSM_PLEASE_CONFIRM_PASSWORD'));
                 }
                 $return = false;
             }
         }
         $this->_data->password = $user->get('guest') ? md5($password) : '';
     }
     if ($user->get('guest') && empty($post['name'])) {
         if ($verbose) {
             JError::raiseWarning(500, JText::_('RSM_PLEASE_TYPE_NAME'));
         }
         $return = false;
     }
     $this->_data->name = $user->get('guest') ? @$post['name'] : $user->get('name');
     if ($user->get('guest') && (empty($post['email']) || !JMailHelper::isEmailAddress($post['email']))) {
         if ($verbose) {
             JError::raiseWarning(500, JText::_('RSM_PLEASE_TYPE_EMAIL'));
         }
         $return = false;
     }
     $this->_data->email = $user->get('guest') ? @$post['email'] : $user->get('email');
     $db =& JFactory::getDBO();
     $db->setQuery("SELECT * FROM #__rsmembership_fields WHERE (required='1' OR `rule` != '') AND published='1' ORDER BY ordering");
     $fields = $db->loadObjectList();
     foreach ($fields as $field) {
         if ($field->required && empty($post['rsm_fields'][$field->name]) || $field->rule && !empty($post['rsm_fields'][$field->name]) && is_callable('RSMembershipValidation', $field->rule) && !call_user_func(array('RSMembershipValidation', $field->rule), @$post['rsm_fields'][$field->name])) {
             $validation_message = JText::_($field->validation);
             if (empty($validation_message)) {
                 $validation_message = JText::sprintf('RSM_VALIDATION_DEFAULT_ERROR', JText::_($field->label));
             }
             if ($verbose) {
                 JError::raiseWarning(500, $validation_message);
             }
             $return = false;
         }
     }
     $this->_data->fields = @$post['rsm_fields'];
     // coupon
     $this->_data->coupon = JRequest::getVar('coupon');
     $captcha_enabled = RSMembershipHelper::getConfig('captcha_enabled');
     $use_captcha = $this->getUseCaptcha();
     if ($use_captcha && $captcha_enabled && $verbose) {
         if ($captcha_enabled == 1) {
             if (!class_exists('JSecurImage')) {
                 require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_rsmembership' . DS . 'helpers' . DS . 'securimage' . DS . 'securimage.php';
             }
             $captcha_image = new JSecurImage();
             $valid = $captcha_image->check($post['captcha']);
             if (!$valid) {
                 JError::raiseNotice(500, JText::_('RSM_CAPTCHA_ERROR'));
                 $return = false;
             }
         } elseif ($captcha_enabled == 2) {
             if (!class_exists('JReCAPTCHA')) {
                 require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_rsmembership' . DS . 'helpers' . DS . 'recaptcha' . DS . 'recaptchalib.php';
             }
             $privatekey = RSMembershipHelper::getConfig('recaptcha_private_key');
             $response = JReCAPTCHA::checkAnswer($privatekey, @$_SERVER['REMOTE_ADDR'], @$post['recaptcha_challenge_field'], @$post['recaptcha_response_field']);
             if ($response === false || !$response->is_valid) {
                 $this->recaptcha_error = @$response->error;
                 JError::raiseNotice(500, JText::_('RSM_CAPTCHA_ERROR'));
                 $return = false;
             }
         }
     }
     $session = JFactory::getSession();
     $session->set($option . '.subscribe.data', $this->_data);
     return $return;
 }
Esempio n. 3
0
 public function validateCaptcha()
 {
     $builtin = $this->getUseBuiltin();
     $recaptcha = $this->getUseReCaptcha();
     $recaptcha_new = $this->getUseReCaptchaNew();
     $input = JFactory::getApplication()->input;
     if ($this->getUseCaptcha()) {
         if ($builtin) {
             // Load Captcha
             if (!class_exists('JSecurImage')) {
                 require_once JPATH_ADMINISTRATOR . '/components/com_rsmembership/helpers/securimage/securimage.php';
             }
             $image = new JSecurImage();
             $code = $input->get('captcha', '', 'string');
             if (!$image->check($code)) {
                 $this->setError(JText::_('COM_RSMEMBERSHIP_CAPTCHA_ERROR'));
                 return false;
             }
         } elseif ($recaptcha) {
             // Load ReCaptcha
             if (!class_exists('JReCAPTCHA')) {
                 require_once JPATH_ADMINISTRATOR . '/components/com_rsmembership/helpers/recaptcha/recaptchalib.php';
             }
             $privatekey = RSMembershipHelper::getConfig('recaptcha_private_key');
             $challenge = $input->get('recaptcha_challenge_field', '', 'string');
             $response = $input->get('recaptcha_response_field', '', 'string');
             $result = JReCAPTCHA::checkAnswer($privatekey, isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '', $challenge, $response);
             if (!$result || !$result->is_valid) {
                 if ($result) {
                     $this->recaptcha_error = $result->error;
                 }
                 $this->setError(JText::_('COM_RSMEMBERSHIP_CAPTCHA_ERROR'));
                 return false;
             }
         } elseif ($recaptcha_new) {
             $response = $input->get('g-recaptcha-response', '', 'raw');
             $ip = $input->server->get('REMOTE_ADDR');
             $secret = RSMembershipHelper::getConfig('recaptcha_new_secret_key');
             try {
                 jimport('joomla.http.factory');
                 $http = JHttpFactory::getHttp();
                 if ($request = $http->get('https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($secret) . '&response=' . urlencode($response) . '&remoteip=' . urlencode($ip))) {
                     $json = json_decode($request->body);
                 }
             } catch (Exception $e) {
                 $this->setError($e->getMessage());
                 return false;
             }
             if (empty($json->success) || !$json->success) {
                 if (!empty($json) && isset($json->{'error-codes'}) && is_array($json->{'error-codes'})) {
                     foreach ($json->{'error-codes'} as $code) {
                         $this->setError(JText::_('COM_RSMEMBERSHIP_RECAPTCHA_NEW_ERR_' . str_replace('-', '_', $code)));
                         return false;
                     }
                 }
             }
         }
     }
     return true;
 }