/** * Validate the form */ private function validateForm() { // get settings $commentsAllowed = isset($this->settings['allow_comments']) && $this->settings['allow_comments']; // comments aren't allowed so we don't have to validate if (!$commentsAllowed) { return false; } // is the form submitted if ($this->frm->isSubmitted()) { // cleanup the submitted fields, ignore fields that were added by hackers $this->frm->cleanupFields(); // does the key exists? if (SpoonSession::exists('blog_comment_' . $this->record['id'])) { // calculate difference $diff = time() - (int) SpoonSession::get('blog_comment_' . $this->record['id']); // calculate difference, it it isn't 10 seconds the we tell the user to slow down if ($diff < 10 && $diff != 0) { $this->frm->getField('message')->addError(FL::err('CommentTimeout')); } } // validate required fields $this->frm->getField('author')->isFilled(FL::err('AuthorIsRequired')); $this->frm->getField('email')->isEmail(FL::err('EmailIsRequired')); $this->frm->getField('message')->isFilled(FL::err('MessageIsRequired')); // validate optional fields if ($this->frm->getField('website')->isFilled() && $this->frm->getField('website')->getValue() != 'http://') { $this->frm->getField('website')->isURL(FL::err('InvalidURL')); } // no errors? if ($this->frm->isCorrect()) { // get module setting $spamFilterEnabled = isset($this->settings['spamfilter']) && $this->settings['spamfilter']; $moderationEnabled = isset($this->settings['moderation']) && $this->settings['moderation']; // reformat data $author = $this->frm->getField('author')->getValue(); $email = $this->frm->getField('email')->getValue(); $website = $this->frm->getField('website')->getValue(); if (trim($website) == '' || $website == 'http://') { $website = null; } $text = $this->frm->getField('message')->getValue(); // build array $comment['post_id'] = $this->record['id']; $comment['language'] = FRONTEND_LANGUAGE; $comment['created_on'] = FrontendModel::getUTCDate(); $comment['author'] = $author; $comment['email'] = $email; $comment['website'] = $website; $comment['text'] = $text; $comment['status'] = 'published'; $comment['data'] = serialize(array('server' => $_SERVER)); // get URL for article $permaLink = FrontendNavigation::getURLForBlock('blog', 'detail') . '/' . $this->record['url']; $redirectLink = $permaLink; // is moderation enabled if ($moderationEnabled) { // if the commenter isn't moderated before alter the comment status so it will appear in the moderation queue if (!FrontendBlogModel::isModerated($author, $email)) { $comment['status'] = 'moderation'; } } // should we check if the item is spam if ($spamFilterEnabled) { // check for spam $result = FrontendModel::isSpam($text, SITE_URL . $permaLink, $author, $email, $website); // if the comment is spam alter the comment status so it will appear in the spam queue if ($result) { $comment['status'] = 'spam'; } elseif ($result == 'unknown') { $comment['status'] = 'moderation'; } } // insert comment $comment['id'] = FrontendBlogModel::insertComment($comment); // trigger event FrontendModel::triggerEvent('blog', 'after_add_comment', array('comment' => $comment)); // append a parameter to the URL so we can show moderation if (strpos($redirectLink, '?') === false) { if ($comment['status'] == 'moderation') { $redirectLink .= '?comment=moderation#' . FL::act('Comment'); } if ($comment['status'] == 'spam') { $redirectLink .= '?comment=spam#' . FL::act('Comment'); } if ($comment['status'] == 'published') { $redirectLink .= '?comment=true#comment-' . $comment['id']; } } else { if ($comment['status'] == 'moderation') { $redirectLink .= '&comment=moderation#' . FL::act('Comment'); } if ($comment['status'] == 'spam') { $redirectLink .= '&comment=spam#' . FL::act('Comment'); } if ($comment['status'] == 'published') { $redirectLink .= '&comment=true#comment-' . $comment['id']; } } // set title $comment['post_title'] = $this->record['title']; $comment['post_url'] = $this->record['url']; // notify the admin FrontendBlogModel::notifyAdmin($comment); // store timestamp in session so we can block excesive usage SpoonSession::set('blog_comment_' . $this->record['id'], time()); // store author-data in cookies try { SpoonCookie::set('comment_author', $author, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain()); SpoonCookie::set('comment_email', $email, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain()); SpoonCookie::set('comment_website', $website, 30 * 24 * 60 * 60, '/', '.' . $this->URL->getDomain()); } catch (Exception $e) { // settings cookies isn't allowed, but because this isn't a real problem we ignore the exception } // redirect $this->redirect($redirectLink); } } }