/** * Determines if the captcha is correct * * @since 1.0 * @access public * @param string * @return */ public function checkCaptcha($post) { $config = DiscussHelper::getConfig(); $my = JFactory::getUser(); $ajax = DiscussHelper::getHelper('Ajax'); // Get recaptcha configuration $recaptcha = $config->get('antispam_recaptcha'); $public = $config->get('antispam_recaptcha_public'); $private = $config->get('antispam_recaptcha_private'); require_once DISCUSS_CLASSES . '/recaptcha.php'; if (DiscussRecaptcha::isRequired()) { $obj = DiscussRecaptcha::recaptcha_check_answer($private, $_SERVER['REMOTE_ADDR'], $post['recaptcha_challenge_field'], $post['recaptcha_response_field']); if (!$obj->is_valid) { $ajax->reloadCaptcha(); $ajax->reject('error', JText::_('COM_EASYDISCUSS_POST_INVALID_RECAPTCHA_RESPONSE')); $ajax->send(); return false; } } else { if ($config->get('antispam_easydiscuss_captcha')) { $runCaptcha = DiscussHelper::getHelper('Captcha')->showCaptcha(); if ($runCaptcha) { $response = JRequest::getVar('captcha-response'); $captchaId = JRequest::getInt('captcha-id'); $discussCaptcha = new stdClass(); $discussCaptcha->captchaResponse = $response; $discussCaptcha->captchaId = $captchaId; $state = DiscussHelper::getHelper('Captcha')->verify($discussCaptcha); if (!$state) { $ajax->reject('error', JText::_('COM_EASYDISCUSS_INVALID_CAPTCHA')); $ajax->send(); return false; } } } } return true; }
public static function validateCaptcha($data) { require_once DISCUSS_CLASSES . '/recaptcha.php'; require_once DISCUSS_CLASSES . '/captcha.php'; $config = DiscussHelper::getConfig(); if ($config->get('antispam_easydiscuss_captcha')) { // If captcha is not enforced, we should allow this to bypass if (!DiscussHelper::getHelper('Captcha')->showCaptcha()) { return true; } $discussCaptcha = new stdClass(); $discussCaptcha->captchaResponse = JRequest::getVar('captcha-response'); $discussCaptcha->captchaId = JRequest::getInt('captcha-id'); $state = DiscussHelper::getHelper('Captcha')->verify($discussCaptcha); return $state; } if (!DiscussRecaptcha::isRequired()) { return true; } $obj = DiscussRecaptcha::recaptcha_check_answer($config->get('antispam_recaptcha_private'), $_SERVER['REMOTE_ADDR'], $data['recaptcha_challenge_field'], $data['recaptcha_response_field']); if ($obj->is_valid) { return true; } return false; }
/** * Saves an edited reply if the site is configured to use a WYSIWYG editor * * @since 3.2 * @access public * @param string * @return */ public function saveReply() { //JRequest::checkToken('request') or jexit( 'Invalid Token' ); $config = DiscussHelper::getConfig(); $acl = DiscussHelper::getHelper('ACL'); $my = JFactory::getUser(); $app = JFactory::getApplication(); $post = JRequest::get('POST'); $output = array(); $output['id'] = $post['post_id']; $postTable = DiscussHelper::getTable('Post'); $postTable->load($post['post_id']); $categoryTable = DiscussHelper::getTable('category'); $categoryTable->load($postTable->category_id); $postAccess = DiscussHelper::getPostAccess($postTable, $categoryTable); if (!$postAccess->canEdit()) { DiscussHelper::setMessageQueue(JText::_('COM_EASYDISCUSS_SYSTEM_INSUFFICIENT_PERMISSIONS'), DISCUSS_QUEUE_ERROR); $app->redirect(DiscussRouter::_('index.php?option=com_easydiscuss&view=ask&id=' . $post['post_id'], false)); return $app->close(); } // do checking here! if (empty($post['dc_reply_content'])) { DiscussHelper::setMessageQueue(JText::_('COM_EASYDISCUSS_ERROR_REPLY_EMPTY'), DISCUSS_QUEUE_ERROR); $app->redirect(DiscussRouter::_('index.php?option=com_easydiscuss&view=ask&id=' . $post['post_id'], false)); return $app->close(); } // Rebind the post data $post['dc_reply_content'] = JRequest::getVar('dc_reply_content', '', 'post', 'none', JREQUEST_ALLOWRAW); $post['content'] = $post['dc_reply_content']; $data['content_type'] = DiscussHelper::getEditorType('reply'); $postTable->bind($post); $recaptcha = $config->get('antispam_recaptcha'); $public = $config->get('antispam_recaptcha_public'); $private = $config->get('antispam_recaptcha_private'); if (!$config->get('antispam_recaptcha_registered_members') && $my->id > 0) { $recaptcha = false; } if ($recaptcha && $public && $private) { require_once DISCUSS_CLASSES . '/recaptcha.php'; $obj = DiscussRecaptcha::recaptcha_check_answer($private, $_SERVER['REMOTE_ADDR'], $post['recaptcha_challenge_field'], $post['recaptcha_response_field']); if (!$obj->is_valid) { $ajax->reloadCaptcha(); $ajax->reject('error', JText::_('COM_EASYDISCUSS_POST_INVALID_RECAPTCHA_RESPONSE')); $ajax->send(); } } else { if ($config->get('antispam_easydiscuss_captcha')) { $runCaptcha = DiscussHelper::getHelper('Captcha')->showCaptcha(); if ($runCaptcha) { $response = JRequest::getVar('captcha-response'); $captchaId = JRequest::getInt('captcha-id'); $discussCaptcha = new stdClass(); $discussCaptcha->captchaResponse = $response; $discussCaptcha->captchaId = $captchaId; $state = DiscussHelper::getHelper('Captcha')->verify($discussCaptcha); if (!$state) { DiscussHelper::setMessageQueue(JText::_('COM_EASYDISCUSS_INVALID_CAPTCHA'), DISCUSS_QUEUE_ERROR); $app->redirect(DiscussRouter::_('index.php?option=com_easydiscuss&view=post&layout=edit&id=' . $postTable->id, false)); return $app->close(); } } } } // @rule: Bind parameters if ($config->get('reply_field_references')) { $postTable->bindParams($post); } // Bind file attachments if ($acl->allowed('add_attachment', '0')) { $postTable->bindAttachments(); } $isNew = false; // @trigger: onBeforeSave DiscussEventsHelper::importPlugin('content'); DiscussEventsHelper::onContentBeforeSave('post', $postTable, $isNew); if (!$postTable->store()) { $ajax->reject('error', JText::_('COM_EASYDISCUSS_ERROR')); $ajax->send(); } // Process poll items $includePolls = JRequest::getBool('pollitems', false); // Process poll items here. if ($includePolls && $config->get('main_polls')) { $pollItems = JRequest::getVar('pollitems'); $pollItemsOri = JRequest::getVar('pollitemsOri'); // Delete polls if necessary since this post doesn't contain any polls. //if( !$isNew && !$includePolls ) if (count($pollItems) == 1 && empty($pollItems[0]) && !$isNew) { $postTable->removePoll(); } // Check if the multiple polls checkbox is it checked? $multiplePolls = JRequest::getVar('multiplePolls', '0'); if ($pollItems) { // As long as we need to create the poll answers, we need to create the main question. $pollTitle = JRequest::getVar('poll_question', ''); // Since poll question are entirely optional. $pollQuestion = DiscussHelper::getTable('PollQuestion'); $pollQuestion->loadByPost($postTable->id); $pollQuestion->post_id = $postTable->id; $pollQuestion->title = $pollTitle; $pollQuestion->multiple = $config->get('main_polls_multiple') ? $multiplePolls : false; $pollQuestion->store(); if (!$isNew) { // Try to detect which poll items needs to be removed. $remove = JRequest::getVar('pollsremove'); if (!empty($remove)) { $remove = explode(',', $remove); foreach ($remove as $id) { $id = (int) $id; $poll = DiscussHelper::getTable('Poll'); $poll->load($id); $poll->delete(); } } } for ($i = 0; $i < count($pollItems); $i++) { $item = $pollItems[$i]; $itemOri = isset($pollItemsOri[$i]) ? $pollItemsOri[$i] : ''; $value = (string) $item; $valueOri = (string) $itemOri; if (trim($value) == '') { continue; } $poll = DiscussHelper::getTable('Poll'); if (empty($valueOri) && !empty($value)) { // this is a new item. $poll->set('value', $value); $poll->set('post_id', $postTable->get('id')); $poll->store(); } else { if (!empty($valueOri) && !empty($value)) { // update existing value. if (!$poll->loadByValue($valueOri, $postTable->get('id'))) { $poll->set('value', $value); $poll->store(); } } } } } } if (!empty($postTable->id)) { //Clear off previous records before storing $ruleModel = DiscussHelper::getModel('CustomFields'); $ruleModel->deleteCustomFieldsValue($postTable->id, 'update'); // Process custom fields. $fieldIds = JRequest::getVar('customFields'); if (!empty($fieldIds)) { foreach ($fieldIds as $fieldId) { $fields = JRequest::getVar('customFieldValue_' . $fieldId); if (!empty($fields)) { // Cater for custom fields select list // To detect if there is no value selected for the select list custom fields if (in_array('defaultList', $fields)) { $tempKey = array_search('defaultList', $fields); $fields[$tempKey] = ''; } } $postTable->bindCustomFields($fields, $fieldId); } } } // @trigger: onAfterSave DiscussEventsHelper::onContentAfterSave('post', $postTable, $isNew); //get parent post $parentId = $postTable->parent_id; $parentTable = DiscussHelper::getTable('Post'); $parentTable->load($parentId); // filtering badwords $postTable->title = DiscussHelper::wordFilter($postTable->title); $postTable->content = DiscussHelper::wordFilter($postTable->content); //all access control goes here. $canDelete = false; if (DiscussHelper::isSiteAdmin() || $acl->allowed('delete_reply', '0') || $postTable->user_id == $user->id) { $canDelete = true; } // @rule: URL References $postTable->references = $postTable->getReferences(); // set for vote status $voteModel = DiscussHelper::getModel('Votes'); $postTable->voted = $voteModel->hasVoted($postTable->id); // get total vote for this reply $postTable->totalVote = $postTable->sum_totalvote; //load porfile info and auto save into table if user is not already exist in discuss's user table. $creator = DiscussHelper::getTable('Profile'); $creator->load($postTable->user_id); $postTable->user = $creator; //default value $postTable->isVoted = 0; $postTable->total_vote_cnt = 0; $postTable->likesAuthor = ''; $postTable->minimize = 0; if ($config->get('main_content_trigger_replies')) { // process content plugins DiscussEventsHelper::importPlugin('content'); DiscussEventsHelper::onContentPrepare('reply', $postTable); $postTable->event = new stdClass(); $results = DiscussEventsHelper::onContentBeforeDisplay('reply', $postTable); $postTable->event->beforeDisplayContent = trim(implode("\n", $results)); $results = DiscussEventsHelper::onContentAfterDisplay('reply', $postTable); $postTable->event->afterDisplayContent = trim(implode("\n", $results)); } $theme = new DiscussThemes(); $question = DiscussHelper::getTable('Post'); $question->load($postTable->parent_id); $recaptcha = ''; $enableRecaptcha = $config->get('antispam_recaptcha'); $publicKey = $config->get('antispam_recaptcha_public'); $skipRecaptcha = $config->get('antispam_skip_recaptcha'); $model = DiscussHelper::getModel('Posts'); $postCount = count($model->getPostsBy('user', $my->id)); if ($enableRecaptcha && !empty($publicKey) && $postCount < $skipRecaptcha) { require_once DISCUSS_CLASSES . '/recaptcha.php'; $recaptcha = getRecaptchaData($publicKey, $config->get('antispam_recaptcha_theme'), $config->get('antispam_recaptcha_lang'), null, $config->get('antispam_recaptcha_ssl'), 'edit-reply-recaptcha' . $postTable->id); } // Get the post access object here. $category = DiscussHelper::getTable('Category'); $category->load($postTable->category_id); $access = $postTable->getAccess($category); $postTable->access = $access; // Get comments for the post $commentLimit = $config->get('main_comment_pagination') ? $config->get('main_comment_pagination_count') : null; $comments = $postTable->getComments($commentLimit); $postTable->comments = DiscussHelper::formatComments($comments); $theme->set('question', $question); $theme->set('post', $postTable); $theme->set('category', $category); $html = $theme->fetch('post.reply.item.php'); if ($recaptcha && $public && $private) { $output['type'] = 'success.captcha'; } if (!$parentTable->islock) { $output['type'] = 'locked'; } $message = $isNew ? JText::_('COM_EASYDISCUSS_POST_STORED') : JText::_('COM_EASYDISCUSS_EDIT_SUCCESS'); $state = 'success'; // Let's set our custom message here. DiscussHelper::setMessageQueue($message, $state); $redirect = JRequest::getVar('redirect', ''); if (!empty($redirect)) { $redirect = base64_decode($redirect); return $this->setRedirect($redirect); } $this->setRedirect(DiscussRouter::getPostRoute($post['parent_id'], false)); }