function _save()
{
$this->autoRender = false;
$this->autoLayout = false;
$response = array();
# Validate form token
$this->components = array('security');
$this->__initComponents();
if ($this->invalidToken) {
return $this->ajaxError(s2messages::invalidToken());
}
if ($this->Config->user_report) {
$this->data['Report']['report_text'] = Sanitize::getString($this->data['Report'], 'report_text');
$listing_id = $this->data['Report']['listing_id'] = Sanitize::getInt($this->data['Report'], 'listing_id');
$review_id = $this->data['Report']['review_id'] = Sanitize::getInt($this->data['Report'], 'review_id');
$post_id = $this->data['Report']['post_id'] = Sanitize::getInt($this->data['Report'], 'post_id');
$extension = $this->data['Report']['extension'] = Sanitize::getString($this->data['Report'], 'extension');
if ($this->data['Report']['report_text'] != '') {
$this->data['Report']['user_id'] = $this->_user->id;
$this->data['Report']['ipaddress'] = $this->ipaddress;
$this->data['Report']['created'] = date('Y-m-d H:i:s');
$this->data['Report']['approved'] = 0;
if ($this->_user->id) {
$this->data['Report']['name'] = $this->_user->name;
$this->data['Report']['username'] = $this->_user->username;
$this->data['Report']['email'] = $this->_user->email;
} else {
$this->data['Report']['name'] = 'Guest';
$this->data['Report']['username'] = '******';
}
if ($this->Report->store($this->data)) {
$update_text = __t("Your report was submitted, thank you.", true);
$response[] = "jQuery('#jr_reportLink" . ($post_id > 0 ? $post_id : $review_id) . "').remove();";
return $this->ajaxUpdateDialog($update_text, $response);
}
return $this->ajaxError(s2Messages::submitErrorDb());
}
# Validation failed
if (isset($this->Security)) {
$reponse[] = "jQuery('jr_reportToken').val('" . $this->Security->reissueToken() . "')";
}
return $this->ajaxValidation(__t("The message is empty.", true), $response);
}
}
function _save()
{
$this->autoRender = false;
$this->autoLayout = false;
$this->components = array('security');
$this->__initComponents();
$listing_id = Sanitize::getInt($this->data['Claim'], 'listing_id');
$response = array();
# Validate form token
if ($this->invalidToken) {
return $this->ajaxError(s2Messages::invalidToken());
}
if (!$listing_id) {
return $this->ajaxError(s2Messages::accessDenied());
}
if ($this->Config->claims_enable && $this->_user->id) {
$this->data['Claim']['claim_text'] = Sanitize::getString($this->data['Claim'], 'claim_text');
if ($this->data['Claim']['claim_text'] != '') {
// Check if this user already has a claim for this listing to update it
$claim_id = $this->Claim->findOne(array('fields' => array('Claim.claim_id AS `Claim.claim_id`'), 'conditions' => array('Claim.user_id = ' . (int) $this->_user->id, 'Claim.listing_id = ' . $listing_id, 'Claim.approved <= 0')));
if ($claim_id > 0) {
$this->data['Claim']['claim_id'] = $claim_id;
}
$this->data['Claim']['user_id'] = $this->_user->id;
$this->data['Claim']['created'] = date('Y-m-d H:i:s');
$this->data['Claim']['approved'] = 0;
if ($this->Claim->store($this->data)) {
$update_text = __t("Your claim was submitted, thank you.", true);
$response[] = "jQuery('#jr_claimImg{$listing_id}').remove();";
return $this->ajaxUpdateDialog($update_text, $response);
}
} else {
# Validation failed
if (isset($this->Security)) {
$response[] = "jQuery('#jr_claimToken').val('" . $this->Security->reissueToken() . "');";
}
return $this->ajaxValidation(__t("The message is empty.", true), $response);
}
}
return $this->ajaxError(s2Messages::submitErrorDb());
}
function _save()
{
$response = array();
$this->data['Vote']['user_id'] = $this->_user->id;
$this->data['Vote']['review_id'] = (int) $this->data['Vote']['review_id'];
# Exact vote check to prevent form tampering. User can cheat the js and enter any interger, thus increasing the count
$this->data['Vote']['vote_yes'] = Sanitize::getInt($this->data['Vote'], 'vote_yes') ? 1 : 0;
$this->data['Vote']['vote_no'] = Sanitize::getInt($this->data['Vote'], 'vote_no') ? 1 : 0;
$this->data['Vote']['created'] = gmdate('Y-m-d H:i:s');
$this->data['Vote']['ipaddress'] = $this->ipaddress;
if (!$this->data['Vote']['review_id']) {
return $this->ajaxError(s2Messages::submitErrorGeneric());
}
// Find duplicates
$duplicate = $this->Vote->findCount(array('conditions' => array('review_id = ' . $this->data['Vote']['review_id'], 'ipaddress = ' . $this->Vote->Quote($this->data['Vote']['ipaddress']))));
// It's a guest so we only care about checking the IP address if this feature is not disabled and
// server is not localhost
if (!$this->_user->id) {
if (!$this->Config->vote_ipcheck_disable && $this->ipaddress != '127.0.0.1') {
// Do the ip address check everywhere except in localhost
$duplicate = $this->Vote->findCount(array('conditions' => array('review_id = ' . $this->data['Vote']['review_id'], 'ipaddress = ' . $this->Vote->Quote($this->ipaddress))));
}
} else {
$duplicate = $this->Vote->findCount(array('conditions' => array('review_id = ' . $this->data['Vote']['review_id'], "(user_id = {$this->_user->id}" . ($this->ipaddress != '127.0.0.1' && !$this->Config->vote_ipcheck_disable ? " OR ipaddress = " . $this->Vote->Quote($this->ipaddress) . ") " : ')'))));
}
if ($duplicate > 0) {
# Hides vote buttons and shows message alert
$response[] = "jQuery('#jr_reviewVote{$this->data['Vote']['review_id']}').fadeOut('medium',function(){\n jQuery(this).html('" . __t("You already voted.", true, true) . "').fadeIn();\n });";
return $this->ajaxResponse($response);
}
if ($this->Vote->store($this->data)) {
# Hides vote buttons and shows message alert
$response[] = "jQuery('#jr_reviewVote{$this->data['Vote']['review_id']}').fadeOut('medium',function(){\n jQuery(this).html('" . __t("Thank you for your vote.", true, true) . "').fadeIn();\n });";
# Facebook wall integration only for positive votes
$facebook_integration = Sanitize::getBool($this->Config, 'facebook_enable') && Sanitize::getBool($this->Config, 'facebook_votes');
$token = cmsFramework::getCustomToken($this->data['Vote']['review_id']);
$facebook_integration and $this->data['Vote']['vote_yes'] and $response[] = "\n jQuery.ajax({url:s2AjaxUri+jreviews.ajax_params()+'&url=facebook/_postVote/id:{$this->data['Vote']['review_id']}&{$token}=1',dataType:'script'});\n ";
return $this->ajaxResponse($response);
}
return $this->ajaxError(s2Messages::submitErrorDb());
}
function _save()
{
$response = array();
$formToken = cmsFramework::getCustomToken($this->review_id);
if ($this->denyAccess == true || !$this->__validateToken($formToken)) {
return $this->ajaxError(s2Messages::accessDenied());
}
# Validate form token
$this->components = array('security');
$this->__initComponents();
if ($this->invalidToken) {
return $this->ajaxError(s2messages::invalidToken());
}
// Check if an owner reply already exists
$this->OwnerReply->fields = array();
if ($reply = $this->OwnerReply->findRow(array('fields' => array('OwnerReply.owner_reply_text', 'OwnerReply.owner_reply_approved'), 'conditions' => array('OwnerReply.id = ' . $this->review_id)))) {
if ($reply['OwnerReply']['owner_reply_approved'] == 1) {
$error_text = __t("A reply for this review already exists.", true);
$response[] = "jQuery('#jr_ownerReplyLink{$this->review_id}').remove();";
return $this->ajaxError($error_text, $response);
}
}
if ($this->Config->owner_replies) {
if ($this->data['OwnerReply']['owner_reply_text'] != '' && $this->data['OwnerReply']['id'] > 0) {
$this->data['OwnerReply']['owner_reply_created'] = date('Y-m-d H:i:s');
$this->data['OwnerReply']['owner_reply_approved'] = (int) (!$this->Access->moderateOwnerReply());
// Replies will be moderated by default
if ($this->OwnerReply->store($this->data)) {
$update_text = $this->data['OwnerReply']['owner_reply_approved'] ? __t("Your reply was submitted and has been approved.", true) : __t("Your reply was submitted and will be published once it is verified.", true);
$response[] = "jQuery('#jr_ownerReplyLink{$this->review_id}').remove();";
return $this->ajaxUpdateDialog($update_text, $response);
}
return $this->ajaxError(s2Messages::submitErrorDb());
}
# Validation failed
return $this->ajaxValidation(__t("The reply is empty.", true), $response);
}
}
function _delete($params)
{
$response = array();
$listing_id = $this->data['Listing']['id'] = Sanitize::getInt($this->params, 'id');
# Stop form data tampering
$formToken = cmsFramework::getCustomToken($listing_id);
if (!$listing_id || !$this->__validateToken($formToken)) {
return $this->ajaxError(s2Messages::accessDenied());
}
# Load current listing author id
$query = "SELECT Listing.created_by, Listing.images FROM #__content AS Listing WHERE Listing.id = " . $listing_id;
$this->_db->setQuery($query);
$row = end($this->_db->loadAssocList());
# Check access
if (!$this->Access->canDeleteListing($row['created_by'])) {
return $this->ajaxError(s2Messages::accessDenied());
}
$this->data['Listing']['images'] = $row['images'];
# Delete listing and all associated records and images
if ($this->Listing->delete($this->data)) {
$msg = __t("The listing has been removed.", true);
$response[] = "jQuery('#jr_listing_manager{$listing_id}').hide('fast').html('{$msg}').fadeIn(1000).effect('highlight',{},5000);";
return $this->ajaxResponse($response);
}
return $this->ajaxError(s2Messages::submitErrorDb());
}
function _delete($params)
{
// For compat with xajax
if ($this->xajaxRequest) {
$xajax = new xajaxResponse();
$xajax->loadCommands($this->{$this->action . 'Xajax'}($params));
return $xajax;
}
$this->autoRender = false;
$this->autoLayout = false;
$response = array();
$listing_id = $this->data['Listing']['id'] = Sanitize::getInt($this->params, 'id');
# Check if listing_id is valid
if ($listing_id == 0) {
return $this->ajaxError(s2Messages::accessDenied());
}
# Load current listing author id
$query = "SELECT Listing.created_by, Listing.images FROM #__content AS Listing WHERE Listing.id = " . $listing_id;
$this->_db->setQuery($query);
$row = end($this->_db->loadAssocList());
# Check access
if (!$this->Access->canDeleteListing($row['created_by'])) {
return $this->ajaxError(s2Messages::accessDenied());
}
$this->data['Listing']['images'] = $row['images'];
# Delete listing and all associated records and images
if ($this->Listing->delete($this->data)) {
$msg = __t("The listing has been removed.", true);
$response[] = "jQuery('#jr_listing_manager{$listing_id}').hide('fast').html('{$msg}').fadeIn(1000).effect('highlight',{},5000);";
return $this->ajaxResponse($response);
}
return $this->ajaxError(s2Messages::submitErrorDb());
}
