function _delete()
{
$this->Discussion->data =& $this->params;
if ($post_id = Sanitize::getInt($this->params, 'post_id')) {
$owner_id = $this->Discussion->getPostOwner($post_id);
$token = Sanitize::getString($this->params, 'token');
if (!$this->Access->canDeletePost($owner_id) || 0 != strcmp($token, cmsFramework::getCustomToken($post_id))) {
return $this->ajaxError(s2Messages::accessDenied());
}
if ($this->Discussion->delete('discussion_id', $post_id)) {
return $this->ajaxUpdatePage("jr_post{$post_id}", __t("The comment has been removed.", true));
}
}
return $this->ajaxError(__t("There was a problem removing the comment.", true, true));
}
function _save()
{
$response = array();
$formToken = cmsFramework::getCustomToken($this->review_id);
if ($this->denyAccess == true || !Sanitize::getString($this->params['form'], $formToken)) {
return $this->ajaxError(s2Messages::accessDenied());
}
# Validate form token
$this->components = array('security');
$this->__initComponents();
if ($this->invalidToken) {
return $this->ajaxError(s2messages::invalidToken());
}
// Check if an owner reply already exists
$this->OwnerReply->fields = array();
if ($reply = $this->OwnerReply->findRow(array('fields' => array('OwnerReply.owner_reply_text', 'OwnerReply.owner_reply_approved'), 'conditions' => array('OwnerReply.id = ' . $this->review_id)))) {
if ($reply['OwnerReply']['owner_reply_approved'] == 1) {
$error_text = __t("A reply for this review already exists.", true);
$response[] = "jQuery('#jr_ownerReplyLink{$this->review_id}').remove();";
return $this->ajaxError($error_text, $response);
}
}
if ($this->Config->owner_replies) {
if ($this->data['OwnerReply']['owner_reply_text'] != '' && $this->data['OwnerReply']['id'] > 0) {
$this->data['OwnerReply']['owner_reply_created'] = date('Y-m-d H:i:s');
$this->data['OwnerReply']['owner_reply_approved'] = 1;
// Replies will be moderated by default
if ($this->OwnerReply->store($this->data)) {
$update_text = $this->data['OwnerReply']['owner_reply_approved'] ? __t("Your reply was submitted and has been approved.", true) : __t("Your reply was submitted and will be published once it is verified.", true);
$response[] = "jQuery('#jr_ownerReplyLink{$this->review_id}').remove();";
return $this->ajaxUpdateDialog($update_text, $response);
}
return $this->ajaxError(s2Messages::submitErrorDb());
}
# Validation failed
if (isset($this->Security)) {
$reponse[] = "jQuery('s2Token').val('" . $this->Security->reissueToken() . "')";
}
return $this->ajaxValidation(__t("The reply is empty.", true), $response);
}
}
function _save()
{
$response = array();
$this->data['Vote']['user_id'] = $this->_user->id;
$this->data['Vote']['review_id'] = (int) $this->data['Vote']['review_id'];
# Exact vote check to prevent form tampering. User can cheat the js and enter any interger, thus increasing the count
$this->data['Vote']['vote_yes'] = Sanitize::getInt($this->data['Vote'], 'vote_yes') ? 1 : 0;
$this->data['Vote']['vote_no'] = Sanitize::getInt($this->data['Vote'], 'vote_no') ? 1 : 0;
$this->data['Vote']['created'] = gmdate('Y-m-d H:i:s');
$this->data['Vote']['ipaddress'] = $this->ipaddress;
if (!$this->data['Vote']['review_id']) {
return $this->ajaxError(s2Messages::submitErrorGeneric());
}
// Find duplicates
$duplicate = $this->Vote->findCount(array('conditions' => array('review_id = ' . $this->data['Vote']['review_id'], 'ipaddress = ' . $this->Vote->Quote($this->data['Vote']['ipaddress']))));
// It's a guest so we only care about checking the IP address if this feature is not disabled and
// server is not localhost
if (!$this->_user->id) {
if (!$this->Config->vote_ipcheck_disable && $this->ipaddress != '127.0.0.1') {
// Do the ip address check everywhere except in localhost
$duplicate = $this->Vote->findCount(array('conditions' => array('review_id = ' . $this->data['Vote']['review_id'], 'ipaddress = ' . $this->Vote->Quote($this->ipaddress))));
}
} else {
$duplicate = $this->Vote->findCount(array('conditions' => array('review_id = ' . $this->data['Vote']['review_id'], "(user_id = {$this->_user->id}" . ($this->ipaddress != '127.0.0.1' && !$this->Config->vote_ipcheck_disable ? " OR ipaddress = " . $this->Vote->Quote($this->ipaddress) . ") " : ')'))));
}
if ($duplicate > 0) {
# Hides vote buttons and shows message alert
$response[] = "jQuery('#jr_reviewVote{$this->data['Vote']['review_id']}').fadeOut('medium',function(){\n jQuery(this).html('" . __t("You already voted.", true, true) . "').fadeIn();\n });";
return $this->ajaxResponse($response);
}
if ($this->Vote->store($this->data)) {
# Hides vote buttons and shows message alert
$response[] = "jQuery('#jr_reviewVote{$this->data['Vote']['review_id']}').fadeOut('medium',function(){\n jQuery(this).html('" . __t("Thank you for your vote.", true, true) . "').fadeIn();\n });";
# Facebook wall integration only for positive votes
$facebook_integration = Sanitize::getBool($this->Config, 'facebook_enable') && Sanitize::getBool($this->Config, 'facebook_votes');
$token = cmsFramework::getCustomToken($this->data['Vote']['review_id']);
$facebook_integration and $this->data['Vote']['vote_yes'] and $response[] = "\n jQuery.ajax({url:s2AjaxUri+jreviews.ajax_params()+'&url=facebook/_postVote/id:{$this->data['Vote']['review_id']}&{$token}=1',dataType:'script'});\n ";
return $this->ajaxResponse($response);
}
return $this->ajaxError(s2Messages::submitErrorDb());
}
function _save()
{
$this->autoRender = false;
$this->autoLayout = false;
$response = array();
# Done here so it only loads on save and not for all controlller actions.
$this->components = array('security', 'notifications');
$this->__initComponents();
# Validate form token
if ($this->invalidToken) {
return $this->ajaxError(s2Messages::invalidToken());
}
$selected = '';
$msg = '';
$msgAlert = '';
$msgTags = array();
# Clean formValues
$review_id = Sanitize::getInt($this->data['Review'], 'id', 0);
$this->data['Review']['pid'] = $pid = Sanitize::getInt($this->data['Review'], 'pid', 0);
if ($review_id == 0) {
$isNew = $this->Review->isNew = true;
} else {
$isNew = $this->Review->isNew = false;
$this->action = '_edit';
}
$this->data['Criteria']['id'] = Sanitize::getInt($this->data['Criteria'], 'id', 0);
$this->data['Criteria']['state'] = Sanitize::getInt($this->data['Criteria'], 'state', 0);
$this->data['Review']['pid'] = Sanitize::getInt($this->data['Review'], 'pid');
$this->data['Review']['email'] = Sanitize::html($this->data['Review'], 'email', '', true);
$this->data['Review']['title'] = Sanitize::html($this->data['Review'], 'title', '', true);
$this->data['Review']['comments'] = Sanitize::html($this->data['Review'], 'comments', '', true);
$this->data['Review']['mode'] = Sanitize::html($this->data['Review'], 'mode', 'com_content', true);
# Override configuration
$listing_type = $this->Criteria->findRow(array('conditions' => array('Criteria.id = ' . $this->data['Criteria']['id'])));
isset($listing_type['ListingType']) and $this->Config->override($listing_type['ListingType']['config']);
if ($isNew || !$isNew && !$this->Access->isManager()) {
$this->data['Review']['name'] = $this->data['Review']['username'] = Sanitize::html($this->data['Review'], 'name', '', true);
}
// Check if user allowed to post new review
if ($isNew) {
if (method_exists($this->Listing, 'getListingOwner')) {
$owner = $this->Listing->getListingOwner($this->data['Review']['pid']);
if (!$this->Access->canAddReview($owner['user_id'])) {
return $this->ajaxUpdatePage('jr_review0Form', __t("You are not allowed to review your own listing.", true));
}
}
// Get reviewer type, for now editor reviews don't work in Everywhere components
$this->data['Review']['author'] = $this->data['Review']['mode'] != 'com_content' ? 0 : (int) $this->Access->isJreviewsEditor($this->_user->id);
} else {
$currentReview = $this->Review->findRow(array('conditions' => array('Review.id = ' . $review_id)), array());
# Stop form data tampering
$formData = $this->data['Review'] + array('criteria_id' => Sanitize::getInt($this->data['Criteria'], 'id'));
$formToken = cmsFramework::formIntegrityToken($formData, array_keys($this->formTokenKeys), false);
if (!$this->Access->canEditReview($currentReview['User']['user_id']) || !$this->__validateToken($formToken)) {
return $this->ajaxError(s2Messages::accessDenied());
}
$this->data['Review']['author'] = $currentReview['Review']['editor'];
}
# If we are in multiple editor review mode, and this editor has already posted an editor review,
# he is not allowed to post any kind of review.
# if we are in single-editor-review mode, his review will become a user review.
if ($isNew && $this->data['Review']['mode'] == 'com_content' && $this->data['Review']['author']) {
if ($this->Review->findCount(array('conditions' => array('Review.pid = ' . $this->data['Review']['pid'], 'Review.author = 1', "Review.mode = '" . $this->data['Review']['mode'] . "'", $this->Config->author_review == 2 ? 'Review.userid = ' . $this->_user->id : '1 = 1')))) {
if ($this->Config->author_review == 2) {
return $this->ajaxUpdatePage('jr_review0Form', __t("You already submitted a review.", true));
} else {
$this->data['Review']['author'] = 0;
}
}
}
# check for duplicate reviews
$is_jr_editor = $this->Access->isJreviewsEditor($this->_user->id);
$is_duplicate = false;
// It's a guest so we only care about checking the IP address if this feature is not disabled and
// server is not localhost
if (!$this->_user->id) {
if (!$this->Config->review_ipcheck_disable && $this->ipaddress != '127.0.0.1') {
// Do the ip address check everywhere except in localhost
$is_duplicate = (bool) $this->Review->findCount(array('conditions' => array('Review.pid = ' . $this->data['Review']['pid'], "Review.ipaddress = '{$this->ipaddress}'", "Review.mode = '{$this->data['Review']['mode']}'", "Review.published >= 0")));
}
} elseif (!$is_jr_editor && !$this->Config->user_multiple_reviews || $is_jr_editor && $this->Config->author_review == 2) {
$is_duplicate = (bool) $this->Review->findCount(array('conditions' => array('Review.pid = ' . $this->data['Review']['pid'], "(Review.userid = {$this->_user->id}" . ($this->ipaddress != '127.0.0.1' && !$this->Config->review_ipcheck_disable && !$is_jr_editor ? " OR Review.ipaddress = '{$this->ipaddress}') " : ')'), "Review.mode = '{$this->data['Review']['mode']}'", "Review.published >= 0")));
}
if ($isNew && $is_duplicate) {
return $this->ajaxUpdatePage('jr_review0Form', __t("You already submitted a review.", true));
}
# Validate standard fields
$this->Review->validateInput($this->data['Review']['name'], "name", "text", __t("You must fill in your name.", true), !$this->_user->id && ($this->Config->reviewform_name == 'required' ? true : false));
$this->Review->validateInput($this->data['Review']['email'], "email", "email", __t("You must fill in a valid email address.", true), ($this->Config->reviewform_email == 'required' ? true : false) && !$this->_user->id && $isNew);
$this->Review->validateInput($this->data['Review']['title'], "title", "text", __t("You must fill in a title for the review.", true), $this->Config->reviewform_title == 'required' ? true : false);
if ($listing_type['Criteria']['state'] == 1) {
# Validate rating fields
$criteria_qty = $listing_type['Criteria']['quantity'];
$ratingErr = 0;
if (!isset($this->data['Rating'])) {
$ratingErr = $criteria_qty;
} else {
for ($i = 0; $i < $criteria_qty; $i++) {
if (!isset($this->data['Rating']['ratings'][$i]) || (empty($this->data['Rating']['ratings'][$i]) || $this->data['Rating']['ratings'][$i] == 'undefined' || (double) $this->data['Rating']['ratings'][$i] > $this->Config->rating_scale)) {
$ratingErr++;
}
}
}
$this->Review->validateInput('', "rating", "text", sprintf(__t("You are missing a rating in %s criteria.", true), $ratingErr), $ratingErr);
}
# Validate custom fields
$review_valid_fields = $this->Field->validate($this->data, 'review', $this->Access);
$this->Review->validateErrors = array_merge($this->Review->validateErrors, $this->Field->validateErrors);
$this->Review->validateInput($this->data['Review']['comments'], "comments", "text", __t("You must fill in your comment.", true), $this->Config->reviewform_comment == 'required' ? true : false);
# Validate security code
if ($isNew && $this->Access->showCaptcha()) {
if (!isset($this->data['Captcha']['code'])) {
$this->Review->validateSetError("code", __t("The security code you entered was invalid.", true));
} elseif ($this->data['Captcha']['code'] == '') {
$this->Review->validateInput($this->data['Captcha']['code'], "code", "text", __t("You must fill in the security code.", true), 1);
} else {
if (!$this->Captcha->checkCode($this->data['Captcha']['code'], $this->ipaddress)) {
$this->Review->validateSetError("code", __t("The security code you entered was invalid.", true));
}
}
}
# Process validation errors
$validation = $this->Review->validateGetErrorArray();
if (!empty($validation)) {
if ($isNew && $this->Access->showCaptcha()) {
// Replace captcha with new instance
$captcha = $this->Captcha->displayCode();
$response[] = "jQuery('.jr_captcha').find('img').attr('src','{$captcha['src']}');";
$response[] = "jQuery('.jr_captcha_code').val('');";
}
return $this->ajaxValidation(implode('<br />', $validation), $response);
}
$savedReview = $this->Review->save($this->data, $this->Access, $review_valid_fields);
$review_id = $this->data['Review']['id'];
// Error on review save
if (Sanitize::getString($savedReview, 'err')) {
return $this->ajaxError($savedReview['err']);
}
// Process moderated actions
if ($isNew && $this->Access->moderateReview() && !$this->data['Review']['author'] || !$isNew && ($this->Config->moderation_review_edit && $this->Access->moderateReview()) && !$this->data['Review']['author'] || $isNew && $this->Config->moderation_editor_reviews && $this->data['Review']['author'] || !$isNew && ($this->Config->moderation_editor_review_edit && $this->Config->moderation_editor_reviews && $this->Access->moderateReview()) && $this->data['Review']['author']) {
$target_id = $isNew ? 'jr_review0Form' : 'jr_review_' . $review_id;
$update_text = __t("Thank you for your submission. It will be published once it is verified.", true);
return $this->ajaxUpdatePage($target_id, $update_text, '');
}
// Get updated review info for non-moderated actions and plugin callback
$fields = array('Criteria.id AS `Criteria.criteria_id`', 'Criteria.criteria AS `Criteria.criteria`', 'Criteria.state AS `Criteria.state`', 'Criteria.tooltips AS `Criteria.tooltips`', 'Criteria.weights AS `Criteria.weights`');
$joins = $this->Listing->joinsReviews;
// Triggers the afterFind in the Observer Model
$this->EverywhereAfterFind = true;
if (isset($this->viewVars['reviews'])) {
$review = current($this->viewVars['reviews']);
} else {
$this->Review->runProcessRatings = true;
$review = $this->Review->findRow(array('fields' => $fields, 'conditions' => 'Review.id = ' . $this->data['Review']['id'], 'joins' => $joins), array('afterFind'));
}
$this->set(array('reviewType' => 'user', 'User' => $this->_user, 'Access' => $this->Access, 'reviews' => array($review['Review']['review_id'] => $review)));
$response = array();
$fb_checkbox = Sanitize::getBool($this->data, 'fb_publish');
$facebook_integration = Sanitize::getBool($this->Config, 'facebook_enable') && Sanitize::getBool($this->Config, 'facebook_reviews') && $fb_checkbox;
// Process non moderated actions
# New user review
if ($isNew && !$this->data['Review']['author']) {
$remove_class = true;
$target_id = 'jr_user_reviews';
$update_text = __t("Thank you for your submission.", true);
$update_html = $this->render('reviews', 'reviews');
# Facebook wall integration
$token = cmsFramework::getCustomToken($review['Review']['review_id']);
$facebook_integration and $response[] = "\n jQuery.get(s2AjaxUri+jreviews.ajax_params()+'&url=facebook/_postReview/id:{$review['Review']['review_id']}&{$token}=1');\n ";
return $this->ajaxUpdatePage($target_id, $update_text, $update_html, compact('response', 'remove_class'));
}
# Edited user review
if (!$isNew && !$this->data['Review']['author']) {
// Setup vars for post submit effects
$target_id = 'jr_review_' . $review_id;
$update_text = __t("Your changes were saved.", true);
$update_html = $this->render('reviews', 'reviews');
return $this->ajaxUpdatePage($target_id, $update_text, $update_html);
}
# New editor review
if ($isNew && $this->data['Review']['author']) {
$target_id = 'jr_review_' . $review_id;
$update_text = Sanitize::getInt($review['Criteria'], 'state') != 2 ? __t("Thank you for your submission. Refresh the page to see your review.", true) : __t("Thank you for your submission. Refresh the page to see your comment.", true);
# Facebook wall integration
$token = cmsFramework::getCustomToken($review['Review']['review_id']);
$facebook_integration and $response[] = "\n jQuery.get(s2AjaxUri+jreviews.ajax_params()+'&url=facebook/_postReview/id:{$review['Review']['review_id']}&{$token}=1');\n ";
return $this->ajaxUpdatePage($target_id, $update_text, '', compact('response'));
}
# Edited editor review
if (!$isNew && $this->data['Review']['author']) {
$target_id = 'jr_review_' . $review_id;
$update_text = __t("Your changes were saved, refresh the page to see them.", true);
return $this->ajaxUpdatePage($target_id, $update_text);
}
}
function listingManager($listing)
{
$canEdit = $this->Access->canEditListing($listing['Listing']['user_id']);
$canPublish = $this->Access->canPublishListing($listing['Listing']['user_id']);
$canDelete = $this->Access->canDeleteListing($listing['Listing']['user_id']);
$isManager = $this->Access->isManager();
$listing_id = $listing['Listing']['listing_id'];
$formToken = cmsFramework::getCustomToken($listing_id);
$canOrder = false;
if ($this->Paid && $this->Paid->canOrder($listing)) {
$canOrder = $this->PaidRoutes->getPaymentLink($listing, array('lazy_load' => true));
}
if ($canEdit || $canPublish || $canDelete || $isManager || $canOrder) {
?>
<span class="jrManagement jrButton"><?php
__t("Manage");
?>
<span class="jrArrowBottom"></span>
<?php
if ($canOrder) {
// Load assets for paid listings onclick
?>
<script type="text/javascript">
/* <![CDATA[ */
function jr_paidLoadScript(afterLoad)
{
if(jQuery('body').data('jrOrderAssets') == true)
{
if(undefined!=afterLoad) afterLoad();
} else {
jQuery.getScript('<?php
echo $this->locateScript('paidlistings');
?>
',function(){
jQuery.getCSS("<?php
echo pathToUrl($this->locateThemeFile('theme_css', 'paidlistings', '.css'));
?>
",function()
{
jQuery('body').data('jrOrderAssets',true);
if(afterLoad!=undefined) afterLoad();
});
});
}
};
/* ]]> */
</script>
<?php
}
?>
<div id="jr_listing_manager<?php
echo $listing_id;
?>
" class="jrManager">
<ul class="jrManagementLinks">
<?php
if ($canOrder) {
?>
<li>
<?php
echo $canOrder;
?>
</li>
<?php
}
?>
<?php
if ($canEdit) {
?>
<li>
<span class="jrIcon jrIconEdit"></span>
<?php
echo $this->Routes->listingEdit(__t("Edit", true), $listing, array('class' => 'jr_edit'));
?>
</li>
<?php
}
?>
<?php
if ($canPublish) {
?>
<li>
<span class="jrIcon <?php
echo $listing['Listing']['state'] ? 'jrIconYes' : 'jrIconDisabled';
?>
"></span>
<a href="#publish" id="jr_publishLink<?php
echo $listing_id;
?>
" class="<?php
echo $listing['Listing']['state'] ? 'jr_published' : 'jr_unpublished';
?>
" onclick="jreviews.listing.publish(this,{'token':'<?php
echo $formToken;
?>
','listing_id':<?php
echo $listing_id;
?>
,'unpublished':'<?php
__t("Unpublished", false, true);
?>
','published':'<?php
__t("Published", false, true);
?>
'});return false;"><?php
echo $listing['Listing']['state'] ? __t("Published", true) : __t("Unpublished", true);
?>
</a>
</li>
<?php
}
?>
<?php
if ($isManager) {
?>
<li>
<span class="jrIcon <?php
echo $listing['Listing']['featured'] ? 'jrIconYes' : 'jrIconDisabled';
?>
"></span>
<a href="#feature" id="jr_featuredLink<?php
echo $listing_id;
?>
" class="<?php
echo $listing['Listing']['featured'] ? 'jr_published' : 'jr_unpublished';
?>
" onclick="jreviews.listing.feature(this,{'token':'<?php
echo $formToken;
?>
','listing_id':<?php
echo $listing_id;
?>
,'state':<?php
echo (int) $listing['Listing']['featured'];
?>
,'unpublished':'<?php
__t("Not featured", false, true);
?>
','published':'<?php
__t("Featured", false, true);
?>
'});return false;"><?php
echo $listing['Listing']['featured'] == 1 ? __t("Featured", true) : __t("Not featured", true);
?>
</a>
</li>
<li>
<span class="jrIcon <?php
echo $listing['Listing']['frontpage'] ? 'jrIconYes' : 'jrIconDisabled';
?>
"></span>
<a href="#frontpage" id="jr_frontpageLink<?php
echo $listing_id;
?>
" class="<?php
echo $listing['Listing']['frontpage'] ? 'jr_published' : 'jr_unpublished';
?>
" onclick="jreviews.listing.frontpage(this,{'token':'<?php
echo $formToken;
?>
','listing_id':<?php
echo $listing_id;
?>
,'unpublished':'<?php
__t("Not frontpaged", false, true);
?>
','published':'<?php
__t("Frontpaged", false, true);
?>
'});return false;"><?php
echo $listing['Listing']['frontpage'] > 0 ? __t("Frontpaged", true) : __t("Not frontpaged", true);
?>
</a>
</li>
<?php
}
?>
<?php
if ($canDelete) {
?>
<li>
<a href="#delete" id="jr_deleteLink<?php
echo $listing_id;
?>
" class="jr_delete" onclick="jreviews.listing.remove(this,{'token':'<?php
echo $formToken;
?>
','title':'<?php
__t("Delete", false, true);
?>
','listing_id':<?php
echo $listing['Listing']['listing_id'];
?>
,'text':'<?php
__t("Are you sure you want to delete this listing?", false, true);
?>
'});return false;">
<span class="jrIcon jrIconDelete"></span> <?php
__t("Delete");
?>
</a>
</li>
<?php
}
?>
</ul>
</div>
</span>
<?php
}
}
function _save()
{
/*******************************************************************
* This method is processed inside an iframe
* To access any of the DOM elements via jQuery it's necessary to prepend
* all jQuery calls with $parentFrame (i.e. $parentFrame.jQuery)
********************************************************************/
$this->autoRender = false;
$this->autoLayout = false;
$response = array();
$parentFrame = 'window.parent';
$validation = '';
$listing_id = Sanitize::getInt($this->data['Listing'], 'id', 0);
$isNew = $this->Listing->isNew = $listing_id == 0 ? true : false;
$this->data['email'] = Sanitize::getString($this->data, 'email');
$this->data['name'] = Sanitize::getString($this->data, 'name');
$this->data['categoryid_hidden'] = Sanitize::getInt($this->data['Listing'], 'categoryid_hidden');
$cat_id = Sanitize::getVar($this->data['Listing'], 'catid');
$this->data['Listing']['catid'] = is_array($cat_id) ? (int) array_pop(array_filter($cat_id)) : (int) $cat_id;
/*J16*/
$this->data['Listing']['title'] = Sanitize::getString($this->data['Listing'], 'title', '');
$this->data['Listing']['created_by_alias'] = Sanitize::getString($this->data, 'name', '');
if ($this->cmsVersion == CMS_JOOMLA15) {
$this->data['sectionid_hidden'] = Sanitize::getInt($this->data['Listing'], 'sectionid_hidden');
$this->data['Listing']['sectionid'] = Sanitize::getInt($this->data['Listing'], 'sectionid');
} else {
$this->data['Listing']['language'] = '*';
$this->data['Listing']['access'] = 1;
}
$category_id = $this->data['Listing']['catid'] ? $this->data['Listing']['catid'] : $this->data['categoryid_hidden'];
# Get criteria info
$criteria = $this->Criteria->findRow(array('conditions' => array('Criteria.id =
(SELECT criteriaid FROM #__jreviews_categories WHERE id = ' . (int) $category_id . ' AND `option` = "com_content")
')));
if (!$criteria) {
$validation = __t("The category selected is invalid.", true, true);
$response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
$response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
$response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
return $this->makeJS($response);
}
$this->data['Criteria']['id'] = $criteria['Criteria']['criteria_id'];
# Override global configuration
isset($criteria['ListingType']) and $this->Config->override($criteria['ListingType']['config']);
# Perform access checks
if ($isNew && !$this->Access->canAddListing()) {
return $this->makeJS("{$parentFrame}.s2Alert('" . __t("You are not allowed to submit listings in this category.", true, true) . "')");
} elseif (!$isNew) {
$query = "SELECT created_by FROM #__content WHERE id = " . $listing_id;
$this->_db->setQuery($query);
$listing_owner = $this->_db->loadResult();
if (!$this->Access->canEditListing($listing_owner)) {
return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::accessDenied() . "')");
}
}
# Load the notifications observer model component and initialize it.
# Done here so it only loads on save and not for all controlller actions.
$this->components = array('security', 'notifications');
$this->__initComponents();
if ($this->invalidToken == true) {
return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::invalidToken() . "')");
}
# Override configuration
$category = $this->Category->findRow(array('conditions' => array('Category.id = ' . $this->data['Listing']['catid'])));
$this->Config->override($category['ListingType']['config']);
if ($this->Access->loadWysiwygEditor()) {
$this->data['Listing']['introtext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'introtext')));
$this->data['Listing']['fulltext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'fulltext')));
$this->data['Listing']['introtext'] = html_entity_decode($this->data['Listing']['introtext'], ENT_QUOTES, cmsFramework::getCharset());
$this->data['Listing']['fulltext'] = html_entity_decode($this->data['Listing']['fulltext'], ENT_QUOTES, cmsFramework::getCharset());
} else {
$this->data['Listing']['introtext'] = Sanitize::stripAll($this->data['Listing'], 'introtext', '');
if (isset($this->data['Listing']['fulltext'])) {
$this->data['Listing']['fulltext'] = Sanitize::stripAll($this->data['Listing'], 'fulltext', '');
} else {
$this->data['Listing']['fulltext'] = '';
}
}
$this->data['Listing']['introtext'] = str_replace('<br>', '<br />', $this->data['Listing']['introtext']);
$this->data['Listing']['fulltext'] = str_replace('<br>', '<br />', $this->data['Listing']['fulltext']);
if ($this->Access->canAddMeta()) {
$this->data['Listing']['metadesc'] = Sanitize::getString($this->data['Listing'], 'metadesc');
$this->data['Listing']['metakey'] = Sanitize::getString($this->data['Listing'], 'metakey');
}
// Title alias handling
$slug = '';
$alias = Sanitize::getString($this->data['Listing'], 'alias');
if ($isNew && $alias == '') {
$slug = S2Router::sefUrlEncode($this->data['Listing']['title']);
if (trim(str_replace('-', '', $slug)) == '') {
$slug = date("Y-m-d-H-i-s");
}
} elseif ($alias != '') {
// Alias filled in so we convert it to a valid alias
$slug = S2Router::sefUrlEncode($alias);
if (trim(str_replace('-', '', $slug)) == '') {
$slug = date("Y-m-d-H-i-s");
}
}
$slug != '' and $this->data['Listing']['alias'] = $slug;
# Check for duplicates
switch ($this->Config->content_title_duplicates) {
case 'category':
// Checks for duplicates in the same category
$query = "\r\n SELECT \r\n count(*) \r\n FROM \r\n #__content AS Listing WHERE Listing.title = " . $this->_db->Quote($this->data['Listing']['title']) . "\r\n AND Listing.state >= 0 \r\n AND Listing.catid = " . $this->data['Listing']['catid'] . (!$isNew ? " AND Listing.id <> " . $listing_id : '');
$this->_db->setQuery($query);
$titleExists = $this->_db->loadResult();
break;
case 'no':
// Checks for duplicates all over the place
$query = "\r\n SELECT \r\n count(*) \r\n FROM \r\n #__content AS Listing\r\n WHERE \r\n Listing.title = " . $this->_db->Quote($this->data['Listing']['title']) . "\r\n AND Listing.state >= 0\r\n " . (!$isNew ? " AND Listing.id <> " . $listing_id : '');
$this->_db->setQuery($query);
$titleExists = $this->_db->loadResult();
break;
case 'yes':
// Duplicates are allowed, no checking necessary
$titleExists = false;
break;
}
if ($titleExists && $this->data['Listing']['title'] != '') {
// if listing exists
$validation = '<span>' . __t("A listing with that title already exists.", true, true) . "</span>";
$response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
$response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
$response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
return $this->makeJS($response);
}
// Review form display check logic used several times below
$revFormSetting = $this->Config->content_show_reviewform;
if ($revFormSetting == 'noteditors' && !$this->Config->author_review) {
$revFormSetting = 'all';
}
$revFormEnabled = !isset($this->data['review_optional']) && $this->Access->canAddReview() && $isNew && ($revFormSetting == 'all' && ($this->Config->author_review || $this->Config->user_reviews) || $revFormSetting == 'authors' && $this->Access->isJreviewsEditor($this->_user->id) || $revFormSetting == 'noteditors' && !$this->Access->isJreviewsEditor($this->_user->id));
// Validation of content default input fields
if ($this->cmsVersion == CMS_JOOMLA15) {
if (!$this->data['Listing']['catid'] || !$this->data['Listing']['sectionid']) {
$this->Listing->validateSetError("sec_cat", __t("You need to select both a section and a category.", true));
}
} else {
!$this->data['Listing']['catid'] and $this->Listing->validateSetError("sec_cat", __t("You need to select a category.", true));
}
// Validate only if it's a new listing
if ($isNew) {
if (!$this->_user->id) {
$this->Listing->validateInput($this->data['name'], "name", "text", __t("You must fill in your name.", true), $this->Config->content_name == "required" ? 1 : 0);
$this->Listing->validateInput($this->data['email'], "email", "email", __t("You must fill in a valid email address.", true), $this->Config->content_email == "required" ? 1 : 0);
$this->data['name'] = Sanitize::getString($this->data, 'name', '');
$this->data['email'] = Sanitize::getString($this->data, 'email', '');
} else {
$this->data['name'] = $this->_user->name;
$this->data['email'] = $this->_user->email;
}
}
$this->Listing->validateInput($this->data['Listing']['title'], "title", "text", __t("You must fill in a title for the new listing.", true, true), 1);
# Validate listing custom fields
$listing_valid_fields =& $this->Field->validate($this->data, 'listing', $this->Access);
$this->Listing->validateErrors = array_merge($this->Listing->validateErrors, $this->Field->validateErrors);
$this->Listing->validateInput($this->data['Listing']['introtext'], "introtext", "text", __t("You must fill in a summary for the new listing.", true, true), $this->Config->content_summary == "required" ? 1 : 0);
$this->Listing->validateInput($this->data['Listing']['fulltext'], "fulltext", "text", __t("You must fill in a description for the new listing.", true, true), $this->Config->content_description == "required" ? 1 : 0);
# Validate review custom fields
if ($revFormEnabled && $criteria['Criteria']['state']) {
// Review inputs
$this->data['Review']['userid'] = $this->_user->id;
$this->data['Review']['email'] = $this->data['email'];
$this->data['Review']['name'] = $this->data['name'];
$this->data['Review']['username'] = Sanitize::getString($this->data, 'name', '');
$this->data['Review']['title'] = Sanitize::getString($this->data['Review'], 'title');
$this->data['Review']['location'] = Sanitize::getString($this->data['Review'], 'location');
// deprecated
$this->data['Review']['comments'] = Sanitize::getString($this->data['Review'], 'comments');
// Review standard fields
$this->Listing->validateInput($this->data['Review']['title'], "rev_title", "text", __t("You must fill in a title for the review.", true, true), $this->Config->reviewform_title == 'required' ? true : false);
if ($criteria['Criteria']['state'] == 1) {
$criteria_qty = $criteria['Criteria']['quantity'];
$ratingErr = 0;
if (!isset($this->data['Rating'])) {
$ratingErr = $criteria_qty;
} else {
for ($i = 0; $i < $criteria_qty; $i++) {
if (!isset($this->data['Rating']['ratings'][$i]) || (empty($this->data['Rating']['ratings'][$i]) || $this->data['Rating']['ratings'][$i] == 'undefined' || (double) $this->data['Rating']['ratings'][$i] > $this->Config->rating_scale)) {
$ratingErr++;
}
}
}
$this->Listing->validateInput('', "rating", "text", sprintf(__t("You are missing a rating in %s criteria.", true, true), $ratingErr), $ratingErr);
}
// Review custom fields
$this->Field->validateErrors = array();
// Clear any previous validation errors
$review_valid_fields = $this->Field->validate($this->data, 'review', $this->Access);
$this->Listing->validateErrors = array_merge($this->Listing->validateErrors, $this->Field->validateErrors);
$this->Listing->validateInput($this->data['Review']['comments'], "comments", "text", __t("You must fill in your comment.", true, true), $this->Config->reviewform_comment == 'required' ? true : false);
}
// if ($revFormEnabled && $criteria['Criteria']['state'])
# Validate image fields
$this->Uploads->validateImages();
# Validate Captcha security code
if ($isNew && $this->Access->showCaptcha()) {
if (!isset($this->data['Captcha']['code'])) {
$this->Listing->validateSetError("code", __t("The security code you entered was invalid.", true, true));
} elseif ($this->data['Captcha']['code'] == '') {
$this->Listing->validateInput($this->data['Captcha']['code'], "code", "text", __t("You must fill in the security code.", true), 1);
} else {
if (!$this->Captcha->checkCode($this->data['Captcha']['code'], $this->ipaddress)) {
$this->Listing->validateSetError("code", __t("The security code you entered was invalid.", true, true));
}
}
}
# Get all validation messages
$validation = $this->Listing->validateGetError() . $this->Uploads->getMsg();
# Validation failed
if ($validation != '') {
$response[] = "var parentForm = {$parentFrame}.jQuery('#jr_listingForm');";
$response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
$response[] = "parentForm.find('.button').removeAttr('disabled');";
// Transform textareas into wysiwyg editors
if ($this->Access->loadWysiwygEditor()) {
App::import('Helper', 'Editor', 'jreviews');
$Editor = new EditorHelper();
$response[] = $parentFrame . '.' . $Editor->transform(true);
}
// Replace captcha with new instance
if ($this->Access->in_groups($this->Config->security_image)) {
$captcha = $this->Captcha->displayCode();
$response[] = "{$parentFrame}.jQuery('#captcha').attr('src','{$captcha['src']}');";
$response[] = "{$parentFrame}.jQuery('#jr_captchaCode').val('');";
}
$response[] = "parentForm.find('.jr_loadingSmall').hide();";
return $this->makeJS($response);
// Can't use ajaxResponse b/c we are in an iframe
}
# Validation passed, continue...
if ($isNew) {
$this->data['Listing']['created'] = _CURRENT_SERVER_TIME;
//gmdate('Y-m-d H:i:s');
$this->data['Listing']['publish_up'] = _CURRENT_SERVER_TIME;
//gmdate('Y-m-d H:i:s');
$this->data['Listing']['created_by'] = $this->_user->id;
$this->data['Listing']['publish_down'] = NULL_DATE;
$this->data['Field']['Listing']['email'] = $this->data['email'];
// If visitor, assign name field to content Alias
if (!$this->_user->id) {
$this->data['Listing']['created_by_alias'] = $this->data['name'];
}
// Check moderation settings
$this->data['Listing']['state'] = (int) (!$this->Access->moderateListing());
// If listing moderation is enabled, then the review is also moderated
if (!$this->data['Listing']['state']) {
$this->Config->moderation_reviews = $this->Config->moderation_editor_reviews = $this->Config->moderation_item;
}
} else {
if ($this->Config->moderation_item_edit) {
$this->data['Listing']['state'] = (int) (!$this->Access->moderateListing());
}
$this->data['Listing']['modified'] = _CURRENT_SERVER_TIME;
//gmdate('Y-m-d H:i:s');
$this->data['Listing']['modified_by'] = $this->_user->id;
$query = 'SELECT images FROM #__content WHERE id = ' . $this->data['Listing']['id'];
$this->_db->setQuery($query);
$this->data['Listing']['images'] = $this->_db->loadResult();
// Check total number of images
if (!$this->Uploads->checkImageCount($this->data['Listing']['images'])) {
$validation .= '<span>' . sprintf(__t("The total number of images is limited to %s", true, true), $this->Config->content_images) . '</span><br />';
$response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
$response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
$response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
return $this->makeJS($response);
}
}
// Process images and update data array
if ($this->Uploads->success) {
$imageUploadPath = PATH_ROOT . _JR_PATH_IMAGES . 'jreviews' . DS;
$this->Uploads->uploadImages($this->data['Listing']['id'], $imageUploadPath);
if ($isNew) {
// New item
$currImages = $this->Uploads->images;
} elseif ($this->data['Listing']['images'] != '') {
// Editing and there are existing images
$currImages = array_merge(explode("\n", $this->data['Listing']['images']), $this->Uploads->images);
} else {
// Editing and there are no existing images
$currImages = $this->Uploads->images;
}
$this->data['Listing']['images'] = implode("\n", $currImages);
}
# Save listing
$savedListing = $this->Listing->store($this->data);
$listing_id = $this->data['Listing']['id'];
if (!$savedListing) {
$validation .= __t("The was a problem saving the listing", true, true);
}
// Error on listing save
if ($validation != '') {
$response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
$response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
$response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
return $this->makeJS($response);
}
# Save listing custom fields
$this->data['Field']['Listing']['contentid'] = $this->data['Listing']['id'];
$this->Field->save($this->data, 'listing', $isNew, $listing_valid_fields);
# Begin insert review in table
if ($revFormEnabled && $criteria['Criteria']['state']) {
// Get reviewer type, for now editor reviews don't work in Everywhere components
$this->data['Review']['author'] = (int) $this->Access->isJreviewsEditor($this->_user->id);
$this->data['Review']['mode'] = 'com_content';
$this->data['Review']['pid'] = (int) $this->data['Listing']['id'];
// Force plugin loading on Review model
$this->_initPlugins('Review');
$this->Review->isNew = true;
$savedReview = $this->Review->save($this->data, $this->Access, $review_valid_fields);
}
# Before render callback
if ($isNew && isset($this->Listing->plgBeforeRenderListingSaveTrigger)) {
$plgBeforeRenderListingSave = $this->Listing->plgBeforeRenderListingSave();
switch ($plgBeforeRenderListingSave) {
case '0':
$this->data['Listing']['state'] = 1;
break;
case '1':
$this->data['Listing']['state'] = 0;
break;
case '':
break;
default:
return $plgBeforeRenderListingSave;
break;
}
}
# Moderation disabled
if (!isset($this->data['Listing']['state']) || $this->data['Listing']['state']) {
$fields = array('Criteria.criteria AS `Criteria.criteria`', 'Criteria.tooltips AS `Criteria.tooltips`');
$listing = $this->Listing->findRow(array('fields' => $fields, 'conditions' => array('Listing.id = ' . $listing_id)), array('afterFind'));
# Facebook wall integration
$fb_checkbox = Sanitize::getBool($this->data, 'fb_publish');
$facebook_integration = Sanitize::getBool($this->Config, 'facebook_enable') && Sanitize::getBool($this->Config, 'facebook_listings') && $fb_checkbox;
$token = cmsFramework::getCustomToken($listing_id);
$facebook_integration and $response[] = $parentFrame . '.jQuery.get(' . $parentFrame . '.s2AjaxUri+' . $parentFrame . '.jreviews.ajax_params()+\'&url=facebook/_postListing/id:' . $listing_id . '&' . $token . '=1\');
';
$url = cmsFramework::route($listing['Listing']['url']);
$update_text = $isNew ? __t("Thank you for your submission.", true, true) : __t("The listing was successfully saved.", true, true);
//JOEYG CODE
//THE FOLLOWING GETS THE LISTING TYPE FROM THE DB FOR THE NEWLY SAVED LISTING
//IF THE TYPE IS BUSINESS PROFILE OR PROJECT LISTING THEN DISPLAY THE after_submit.thtml file
//ELSE DISPLAY NORMAL MESSAGE
//IF WE ONLY WANT TO ADD THE after_submit.thtml if the listing is new then add
if ($isNew) {
$query = "SELECT `listing_type` FROM `jos_vpbd_content_criteria` WHERE `jos_vpbd_content_criteria`.`listing_id` = " . $this->data['Listing']['id'];
$this->_db->setQuery($query);
$jg_listing_type = $this->_db->loadResult();
if ($jg_listing_type == 2 || $jg_listing_type == 7) {
$update_html = $this->render('listings', 'after_submit');
} else {
$update_html = "<a href=\"{$url}\">" . __t("Click here to view your listing", true) . "</a>";
}
//ends if/else
} else {
//not new
$update_html = "<a href=\"{$url}\">" . __t("Click here to view your listing", true) . "</a>";
}
//ends if($isNew)
//ENDS JOEYG ALTER CODE
$jsonObject = json_encode(compact('target_id', 'update_text', 'update_html'));
$response[] = '
var $parentForm = ' . $parentFrame . '.jQuery(\'#jr_listingForm\');
$parentForm.scrollTo({duration:400,offset:-100});
$parentForm.s2ShowUpdate(' . $jsonObject . ');
';
return $this->makeJS($response);
}
# Moderation enabled
$update_text = __t("Thank you for your submission. It will be published once it is verified.", true);
$update_html = '<div id=\\"s2Msgjr_listingForm\\" class=\\"jr_postUpdate\\">' . $update_text . '</div>';
$response[] = '
var $parentForm = ' . $parentFrame . '.jQuery(\'#jr_listingForm\');
$parentForm.scrollTo({duration:400,offset:-100},function(){
$parentForm.fadeOut(250,function(){$parentForm.html("' . $update_html . '").show();});
});
';
return $this->makeJS($response);
}
function formIntegrityToken($entry, $keys, $input = true)
{
$string = '';
!isset($entry['form']) and $entry['form'] = array();
!isset($entry['data']) and $entry['data'] = array();
unset($entry['data']['controller'], $entry['data']['action'], $entry['data']['module']);
foreach ($keys as $key) {
if (isset($entry[$key])) {
$string .= is_array($entry[$key]) ? serialize($entry[$key]) : $entry[$key];
}
}
if ($string == '') {
return '';
}
return $input ? '<input type="hidden" name="' . cmsFramework::getCustomToken($string) . '" value="1" />' : cmsFramework::getCustomToken($string);
}
function _postVote()
{
# Check if FB integration for reviews is enabled
$facebook_integration = Sanitize::getBool($this->Config, 'facebook_enable') && Sanitize::getBool($this->Config, 'facebook_reviews');
if (!$facebook_integration) {
return;
}
$review_id = Sanitize::getInt($this->params, 'id');
# First check - review id
if (!$review_id) {
return;
}
# Stop form data tampering
$formToken = cmsFramework::getCustomToken($review_id);
if (!cmsFramework::isAdmin() && !$this->__validateToken($formToken)) {
return s2Messages::accessDenied();
}
$facebook = $this->_getFBClass();
# Second check - FB session
if ($fbsession = $facebook->getSession()) {
try {
//get user id
$uid = $facebook->getUser();
$user = $facebook->api('/me');
$fql = "SELECT publish_stream FROM permissions WHERE uid = " . $uid;
$param = array('method' => 'fql.query', 'query' => $fql, 'callback' => '');
$fqlResult = $facebook->api($param);
if (!$fqlResult[0]['publish_stream']) {
return false;
} else {
$review = $this->Review->findRow(array('conditions' => array('Review.id = ' . $review_id)), array());
$this->Everywhere->loadListingModel($this, $review['Review']['extension']);
$listing = $this->Listing->findRow(array('conditions' => array('Listing.' . $this->Listing->realKey . ' = ' . $review['Review']['listing_id'])), array('afterFind'));
$listing_url = $this->makeUrl($listing['Listing']['url']);
$review['Review']['comments'] = strip_tags($review['Review']['comments']);
if ($this->Config->facebook_posts_trim >= 0) {
App::import('Helper', 'text', 'jreviews');
$Text = ClassRegistry::getClass('TextHelper');
$review['Review']['comments'] = $Text->truncateWords($review['Review']['comments'], $this->Config->facebook_posts_trim);
}
# Publish stream permission granted so we can post on the user's wall!
# Begin building the stream $fbArray
$fbArray = array();
$fbArray['method'] = 'stream.publish';
$fbArray['message'] = sprintf($this->activities['vote helpful'], $listing['Listing']['title']);
$fbArray['attachment'] = array('name' => $listing['Listing']['title'], 'href' => $listing_url, 'description' => $review['Review']['comments']);
$fbArray['attachment']['properties'][__t("Website", true)] = array('text' => cmsFramework::getConfig('sitename'), 'href' => WWW_ROOT);
$review['Rating']['average_rating'] > 0 and $fbArray['attachment']['properties'][__t("Rating", true)] = sprintf(__t("%s stars", true), round($review['Rating']['average_rating'], 1));
isset($listing['Listing']['images'][0]) and $fbArray['attachment']['media'] = array(array('type' => 'image', 'src' => WWW_ROOT . _JR_WWW_IMAGES . $listing['Listing']['images'][0]['path'], 'href' => $listing_url));
$fbArray['attachment'] = json_encode($fbArray['attachment']);
$fbArray['action_links'] = json_encode(array(array('text' => __t("Read review", true), 'href' => $listing_url)));
$fbArray['comments_xid'] = $listing['Listing']['listing_id'];
if ($this->Config->facebook_optout) {
return "FB.ui(" . json_encode($fbArray) . ")";
}
$fb_update = $facebook->api($fbArray);
return true;
}
} catch (Exception $o) {
// Error reading permissions
return false;
}
}
return false;
}
function formIntegrityToken($entry, $keys, $input = true)
{
$string = '';
$tokens = array();
!isset($entry['form']) and $entry['form'] = array();
!isset($entry['data']) and $entry['data'] = array();
unset($entry['data']['controller'], $entry['data']['action'], $entry['data']['module'], $entry['data']['__raw']);
// Leave only desired $keys from $entry
$params = array_intersect_key($entry, array_fill_keys($keys, 1));
// Orders the array by keys so the hash will match
ksort($params);
// Remove empty elements and cast all values to strings
foreach ($params as $key => $param) {
if (is_array($param) && !empty($param)) {
$param = is_array($param) ? array_filter($param) : false;
if (!empty($param)) {
$tokens[] = array_map('strval', $param);
}
} elseif (!empty($param)) {
$tokens[] = strval($param);
}
}
sort($tokens);
$string = serialize($tokens);
if ($string == '') {
return '';
}
return $input ? '<input type="hidden" name="' . cmsFramework::getCustomToken($string) . '" value="1" />' : cmsFramework::getCustomToken($string);
}
function getParentCatIds($cat_id)
{
# Check for cached version
$cache_file = 'jreviews_menu_cat_' . cmsFramework::locale() . '_' . cmsFramework::getCustomToken($cat_id);
if (Configure::read('Cache.query') && ($cache = S2Cache::read($cache_file))) {
return $cache['___menu_cat'];
}
$query = "\n (\n SELECT \n ParentCategory.id AS cat_id,\n ParentCategory.lft AS lft\n FROM \n #__categories AS Category, \n #__categories AS ParentCategory\n INNER JOIN\n #__jreviews_categories AS JreviewsCategory ON JreviewsCategory.id = ParentCategory.id\n WHERE \n (\n ParentCategory.id = " . (int) $cat_id . " AND ParentCategory.published = 1\n )\n )\n UNION\n (\n SELECT \n ParentCategory.id AS cat_id,\n ParentCategory.lft AS lft\n FROM\n #__categories AS Category,\n #__categories AS ParentCategory\n INNER JOIN\n #__jreviews_categories AS JreviewsCategory ON JreviewsCategory.id = ParentCategory.id\n WHERE\n ( \n Category.published = 1\n AND Category.lft BETWEEN ParentCategory.lft AND ParentCategory.rgt\n AND Category.id = " . (int) $cat_id . "\n AND ParentCategory.parent_id > 0\n )\n ORDER BY \n Category.lft\n )\n ";
$rows = $this->query($query, 'loadObjectList');
$last = array_shift($rows);
array_push($rows, $last);
Configure::read('Cache.query') and S2Cache::write($cache_file, array('___menu_cat' => $rows));
return $rows;
}
function _delete($params)
{
$response = array();
$listing_id = $this->data['Listing']['id'] = Sanitize::getInt($this->params, 'id');
# Stop form data tampering
$formToken = cmsFramework::getCustomToken($listing_id);
if (!$listing_id || !Sanitize::getString($this->params['form'], $formToken)) {
return $this->ajaxError(s2Messages::accessDenied());
}
# Load current listing author id
$query = "SELECT Listing.created_by, Listing.images FROM #__content AS Listing WHERE Listing.id = " . $listing_id;
$this->_db->setQuery($query);
$row = end($this->_db->loadAssocList());
# Check access
if (!$this->Access->canDeleteListing($row['created_by'])) {
return $this->ajaxError(s2Messages::accessDenied());
}
$this->data['Listing']['images'] = $row['images'];
# Delete listing and all associated records and images
if ($this->Listing->delete($this->data)) {
$msg = __t("The listing has been removed.", true);
$response[] = "jQuery('#jr_listing_manager{$listing_id}').hide('fast').html('{$msg}').fadeIn(1000).effect('highlight',{},5000);";
return $this->ajaxResponse($response);
}
return $this->ajaxError(s2Messages::submitErrorDb());
}
