コード例 #1
0
 function submit()
 {
     global $mainframe;
     $user =& JFactory::getUser();
     $db = JFactory::getDBO();
     $uri =& JFactory::getURI();
     //check the token before we do anything else
     $token = JUtility::getToken();
     if (!JRequest::getInt($token, 0, 'post')) {
         //JError::raiseError(403, 'Request Forbidden');
         $mainframe->redirect(JRoute::_('index.php', false), JText::_("Form data is not valid"));
         exit;
     }
     //Get Session Data (we have saved new session, because we want to check captcha
     $session =& JFactory::getSession();
     $phoca_guestbook_session = $session->get('phocaguestbooksession');
     //--------------------------------------------------------------------------------------------
     //Some POST data can be required or not, If yes, set message if there is POST data == ''
     //Get the params, e.g. if we define in params, that e.g. title can be "", we will not check it
     //if params doesn't exist it will be required, if exists and is required (1) it is required
     $params =& $mainframe->getParams();
     //Add requirement
     //Get POST Data ------------------------------------------------------------------------------
     $post = JRequest::get('post');
     $post['content'] = JRequest::getVar('pgbcontent', '', 'post', 'string', JREQUEST_ALLOWRAW);
     if (!isset($post['captcha'])) {
         $post['captcha'] = 0;
     }
     // HTML Purifier
     require_once JPATH_COMPONENT . DS . 'assets' . DS . 'library' . DS . 'HTMLPurifier.auto.php';
     $configP = HTMLPurifier_Config::createDefault();
     $configP->set('Core', 'TidyFormat', !empty($_REQUEST['tidy']));
     $configP->set('Core', 'DefinitionCache', null);
     $configP->set('HTML', 'Allowed', 'strong,em,p[style],span[style],img[src|width|height|alt|title],li,ul,ol,a[href],u,strike');
     $purifier = new HTMLPurifier($configP);
     $post['content'] = $purifier->purify($post['content']);
     // ------------
     $cid = JRequest::getVar('cid', array(0), 'post', 'array');
     $post['catid'] = (int) $cid[0];
     $post['published'] = (int) 1;
     if ($params->get('review_item') != '') {
         $post['published'] = (int) $params->get('review_item');
     }
     $post['ip'] = $_SERVER["REMOTE_ADDR"];
     if (!isset($post['pgusername'])) {
         $post['username'] = '';
     } else {
         $post['username'] = $post['pgusername'];
     }
     if (!isset($post['email'])) {
         $post['email'] = '';
     }
     //-------------------------------------------------------------------------------------------
     $require = '';
     $display = '';
     // if we disable email form field and name form field we cannot require these items
     $display['formusername'] = 1;
     if ($params->get('display_name_form') != '') {
         $display['formusername'] = $params->get('display_name_form');
     }
     $display['formemail'] = 1;
     if ($params->get('display_email_form') != '') {
         $display['formemail'] = $params->get('display_email_form');
     }
     $require['title'] = 1;
     if ($params->get('require_title') != '') {
         $require['title'] = $params->get('require_title');
     }
     $require['username'] = 1;
     if ($params->get('require_username') != '') {
         $require['username'] = $params->get('require_username');
     }
     $require['email'] = 0;
     if ($params->get('require_email') != '') {
         $require['email'] = $params->get('require_email');
     }
     // if we disable email form field and name form field we cannot require these items
     if ($display['formusername'] == 0) {
         $require['username'] = 0;
     }
     if ($display['formemail'] == 0) {
         $require['email'] = 0;
     }
     $require['content'] = 1;
     if ($params->get('require_content') != '') {
         $require['content'] = $params->get('require_content');
     }
     $require['reguser'] = 0;
     if ($params->get('registered_users_only') != '') {
         $require['reguser'] = $params->get('registered_users_only');
     }
     $config['maxchar'] = 2000;
     if ($params->get('max_char') != '') {
         $config['maxchar'] = $params->get('max_char');
     }
     $send_mail = 0;
     if ($params->get('send_mail') != '') {
         $send_mail = $params->get('send_mail');
     }
     $require['captcha'] = 1;
     if ($params->get('enable_captcha') != '') {
         $require['captcha'] = $params->get('enable_captcha');
     }
     $username_or_name = 0;
     if ($params->get('username_or_name') != '') {
         $username_or_name = $params->get('username_or_name');
     }
     //---------------------------------------------------------------------------------------------
     //Maximum of character, they will be saved in database
     $post['content'] = substr($post['content'], 0, $config['maxchar']);
     //TITLE CHECK  --------------------------------------------------------------------------------
     if ($require['title'] == 1) {
         if ($post['title'] && trim($post['title']) != '') {
             $title = 1;
             // there is a value in title ... OK
         } else {
             $title = 0;
             JRequest::setVar('title-msg-1', 1, 'get', true);
             // there is no value in title ... FALSE
         }
     } else {
         $title = 1;
         //there is a value or there is no value but it is not required, so it is OK
     }
     if ($title != 0 && eregi("[\\<|\\>]", $post['title'])) {
         $title = 0;
         JRequest::setVar('title-msg-2', 1, 'get', true);
     }
     //USERNAME  OR NAME CHECK ------------------------------------------------------------------------------
     //$post is the same for both (name or username)
     //$require['username'] is the same for both (name or username)
     if ($username_or_name == 1) {
         if ($require['username'] == 1) {
             if ($post['username'] && trim($post['username']) != '') {
                 $username = 1;
             } else {
                 $username = 0;
                 JRequest::setVar('username-msg-1', 1, 'get', true);
             }
         } else {
             $username = 1;
         }
         if ($username != 0 && eregi("[\\<|\\>|\"|\\'|\\%|\\;|\\(|\\)|\\&|\\+|\\-]", $post['username'])) {
             $username = 0;
             JRequest::setVar('username-msg-2', 1, 'get', true);
         }
         // Check for existing username
         $query = 'SELECT id' . ' FROM #__users ' . ' WHERE username = '******'username']) . ' OR name = ' . $db->Quote($post['username']) . ' AND id != ' . (int) $user->id;
         $db->setQuery($query);
         $xid = intval($db->loadResult());
         if ($xid && $xid != intval($user->id)) {
             $username = 0;
             JRequest::setVar('username-msg-3', 1, 'get', true);
         }
     } else {
         if ($require['username'] == 1) {
             if ($post['username'] && trim($post['username']) != '') {
                 $username = 1;
             } else {
                 $username = 0;
                 JRequest::setVar('username-msg-1', 1, 'get', true);
             }
         } else {
             $username = 1;
         }
         if ($username != 0 && eregi("[\\<|\\>|\"|\\'|\\%|\\;|\\(|\\)|\\&|\\+|\\-]", $post['username'])) {
             $username = 0;
             JRequest::setVar('username-msg-2', 1, 'get', true);
         }
         // Check for existing username
         $query = 'SELECT id' . ' FROM #__users ' . ' WHERE username = '******'username']) . ' OR name = ' . $db->Quote($post['username']) . ' AND id != ' . (int) $user->id;
         $db->setQuery($query);
         $xid = intval($db->loadResult());
         if ($xid && $xid != intval($user->id)) {
             $username = 0;
             JRequest::setVar('username-msg-3', 1, 'get', true);
         }
     }
     // EMAIL CHECK -------------------------------------------------------------------------------
     if ($require['email'] == 1) {
         if ($post['email'] && trim($post['email']) != '') {
             $email = 1;
         } else {
             $email = 0;
             JRequest::setVar('email-msg-1', 1, 'get', true);
         }
         if ($email != 0 && !JMailHelper::isEmailAddress($post['email'])) {
             $email = 0;
             JRequest::setVar('email-msg-2', 1, 'get', true);
         }
     } else {
         $email = 1;
         if ($email != 0 && $post['email'] != '' && !JMailHelper::isEmailAddress($post['email'])) {
             $email = 0;
             JRequest::setVar('email-msg-2', 1, 'get', true);
         }
     }
     // check for existing email
     $query = 'SELECT id' . ' FROM #__users ' . ' WHERE email = ' . $db->Quote($post['email']) . ' AND id != ' . (int) $user->id;
     $db->setQuery($query);
     $xid = intval($db->loadResult());
     if ($xid && $xid != intval($user->id)) {
         $email = 0;
         JRequest::setVar('email-msg-3', 1, 'get', true);
     }
     // CONTENT CHECK -------------------------------------------------------------------------------
     if ($require['content'] == 1) {
         if ($post['content'] && trim($post['content']) != '') {
             $content = 1;
         } else {
             $content = 0;
             JRequest::setVar('content-msg-1', 1, 'get', true);
         }
     } else {
         $content = 1;
     }
     //IP BAN CHECK ---------------------------------------------------------------------------------
     $ip_ban = trim($params->get('ip_ban'));
     $ip_ban_array = explode(';', $ip_ban);
     $ipa = 1;
     //display
     if (is_array($ip_ban_array)) {
         foreach ($ip_ban_array as $value) {
             if ($post['ip'] == trim($value)) {
                 $ipa = 0;
                 JRequest::setVar('ip-msg-1', 1, 'get', true);
             }
         }
     }
     //REGISTERED USER ONLY CHECK --------------------------------------------------------------------
     if ($require['reguser'] == 1) {
         if ($user->id > 0) {
             $reguser = 1;
         } else {
             $reguser = 0;
             JRequest::setVar('reguser-msg-1', 1, 'get', true);
         }
     } else {
         $reguser = 1;
     }
     //ENABLE OR DISABLE CAPTCHA ----------------------------------------------------------------
     if ($require['captcha'] < 1) {
         $phoca_guestbook_session = 1;
         $post['captcha'] = 1;
     } elseif ($params->get('enable_captcha') == 20) {
         require_once JPATH_COMPONENT . DS . 'assets' . DS . 'library' . DS . 'recaptchalib.php';
         $resp = recaptcha_check_answer($params->get('recaptcha_privatekey'), $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
         if (!$resp->is_valid) {
             $phoca_guestbook_session = 0;
             $post['captcha'] = 1;
         } else {
             $phoca_guestbook_session = 1;
             $post['captcha'] = 1;
         }
     }
     /*
     		if ($content != 0 && eregi( "[\<|\>]", $post['content']))
     		{
     			$content = 0; JRequest::setVar( 'content-msg-2', 	1, 'get',true );
     		}*/
     // SAVING DATA ----------------------------------------------------------------------------------
     //the captcha picture code is the same as captcha input code, we can save the data
     //and other post data are OK
     if ($phoca_guestbook_session && $post['captcha'] && $phoca_guestbook_session == $post['captcha'] && $title == 1 && $username == 1 && $email == 1 && $content == 1 && $ipa == 1 && $reguser == 1 && isset($post['task']) && $post['task'] == 'submit' && isset($post['save']) && isset($post['published'])) {
         $model = $this->getModel('phocaguestbook');
         if ($model->store($post)) {
             // Send mail to admin or super admin or user
             if ((int) $send_mail > 0) {
                 PhocaGuestbookControllerPhocaGuestbook::sendPhocaGuestbookMail((int) $send_mail, $post, $uri->toString());
             }
             if ($post['published'] == 0) {
                 $msg = JText::_('Phoca Guestbook Item Saved') . ", " . JText::_('Review Message');
             } else {
                 $msg = JText::_('Phoca Guestbook Item Saved');
             }
         } else {
             $msg = JText::_('Error Saving Phoca Guestbook Item');
         }
         // Set Itemid id for redirect, exists this link in Menu?
         $menu =& JSite::getMenu();
         $items = $menu->getItems('link', 'index.php?option=com_phocaguestbook&view=phocaguestbook&id=' . (int) $cid[0]);
         if (isset($items[0])) {
             $itemid = $items[0]->id;
             $alias = $items[0]->alias;
         }
         // No JRoute - there are some problems
         // $this->setRedirect(JRoute::_('index.php?option=com_phocaguestbook&view=phocaguestbook&id='. (int) $cid[0].'&Itemid='.$itemid),$msg );
         $this->setRedirect($uri->toString(), $msg);
     } else {
         if ($post['captcha'] == 0) {
             JRequest::setVar('captcha-msg', 1, 'get', true);
         }
         if (!$post['captcha']) {
             JRequest::setVar('captcha-msg', 1, 'get', true);
         }
         if ($phoca_guestbook_session != $post['captcha']) {
             JRequest::setVar('captcha-msg', 1, 'get', true);
         }
         $this->display();
     }
 }
コード例 #2
0
 function submit()
 {
     global $mainframe;
     $user =& JFactory::getUser();
     $db =& JFactory::getDBO();
     $uri =& JFactory::getURI();
     $token = JUtility::getToken();
     if (!JRequest::getInt($token, 0, 'post')) {
         $mainframe->redirect(JRoute::_('index.php', false), JText::_("Form data is not valid"));
         exit;
     }
     //Get Session Data (we have saved new session, because we want to check captcha
     $session =& JFactory::getSession();
     $phoca_guestbook_session = $session->get('phocaguestbooksession');
     // - - - - - - - - - -
     //Some POST data can be required or not, If yes, set message if there is POST data == ''
     //Get the params, e.g. if we define in params, that e.g. title can be "", we will not check it
     //if params doesn't exist it will be required, if exists and is required (1) it is required
     $params =& $mainframe->getParams();
     //Add requirement
     $tmpl['display_title_form'] = $params->get('display_title_form', 2);
     $tmpl['display_name_form'] = $params->get('display_name_form', 2);
     $tmpl['display_email_form'] = $params->get('display_email_form', 1);
     $tmpl['display_website_form'] = $params->get('display_website_form', 0);
     $tmpl['display_content_form'] = $params->get('display_content_form', 2);
     $tmpl['max_char'] = $params->get('max_char', 2000);
     $tmpl['send_mail'] = $params->get('send_mail', 0);
     $tmpl['registered_users_only'] = $params->get('registered_users_only', 0);
     $tmpl['enable_captcha'] = $params->get('enable_captcha', 1);
     $tmpl['enable_captcha_users'] = $params->get('enable_captcha_users', 0);
     $tmpl['username_or_name'] = $params->get('username_or_name', 0);
     $tmpl['predefined_name'] = $params->get('predefined_name', '');
     $tmpl['disable_user_check'] = $params->get('disable_user_check', 0);
     $tmpl['enable_html_purifier'] = $params->get('enable_html_purifier', 1);
     //Get POST Data - - - - - - - - -
     $post = JRequest::get('post');
     $post['content'] = JRequest::getVar('pgbcontent', '', 'post', 'string', JREQUEST_ALLOWRAW);
     if (!isset($post['captcha'])) {
         $post['captcha'] = 0;
     }
     // HTML Purifier - - - - - - - - - -
     if ($tmpl['enable_html_purifier'] == 0) {
         $filterTags = '';
         //preg_split( '#[,\s]+#', trim( ) ); // black list method is used
         $filterAttrs = '';
         //preg_split( '#[,\s]+#', trim( ) ); // black list method is used
         $filter = new JFilterInput($filterTags, $filterAttrs, 1, 1, 1);
         $post['content'] = $filter->clean($post['content']);
     } else {
         require_once JPATH_COMPONENT . DS . 'assets' . DS . 'library' . DS . 'HTMLPurifier.auto.php';
         $configP = HTMLPurifier_Config::createDefault();
         $configP->set('Core', 'TidyFormat', !empty($_REQUEST['tidy']));
         $configP->set('Core', 'DefinitionCache', null);
         $configP->set('HTML', 'Allowed', 'strong,em,p[style],span[style],img[src|width|height|alt|title],li,ul,ol,a[href],u,strike,br');
         $purifier = new HTMLPurifier($configP);
         $post['content'] = $purifier->purify($post['content']);
     }
     $cid = JRequest::getVar('cid', array(0), 'post', 'array');
     $post['catid'] = (int) $cid[0];
     $post['published'] = (int) 1;
     if ($params->get('review_item') != '') {
         $post['published'] = (int) $params->get('review_item');
     }
     $post['ip'] = $_SERVER["REMOTE_ADDR"];
     if (!isset($post['pgusername'])) {
         $post['username'] = '';
     } else {
         $post['username'] = $post['pgusername'];
     }
     if (!isset($post['email'])) {
         $post['email'] = '';
     }
     if (!isset($post['website'])) {
         $post['website'] = '';
     }
     // Maximum of character, they will be saved in database
     $post['content'] = substr($post['content'], 0, $tmpl['max_char']);
     // Title Check
     if ($tmpl['display_title_form'] == 2) {
         if ($post['title'] && trim($post['title']) != '') {
             $title = 1;
             // there is a value in title ... OK
         } else {
             $title = 0;
             JRequest::setVar('title-msg-1', 1, 'get', true);
             // there is no value in title ... FALSE
         }
     } else {
         $title = 1;
         //there is a value or there is no value but it is not required, so it is OK
     }
     if ($title != 0 && eregi("[\\<|\\>]", $post['title'])) {
         $title = 0;
         JRequest::setVar('title-msg-2', 1, 'get', true);
     }
     // Username or name check
     //$post is the same for both (name or username)
     //$tmpl['username'] is the same for both (name or username)
     if ($tmpl['username_or_name'] == 1) {
         if ($tmpl['display_name_form'] == 2) {
             if ($post['username'] && trim($post['username']) != '') {
                 $username = 1;
             } else {
                 $username = 0;
                 JRequest::setVar('username-msg-1', 1, 'get', true);
             }
         } else {
             $username = 1;
         }
         if ($username != 0 && eregi("[\\<|\\>|\"|\\'|\\%|\\;|\\(|\\)|\\&|\\+|\\-]", $post['username'])) {
             $username = 0;
             JRequest::setVar('username-msg-2', 1, 'get', true);
         }
         if ($tmpl['disable_user_check'] == 0) {
             // Check for existing username
             $query = 'SELECT id' . ' FROM #__users ' . ' WHERE username = '******'username']) . ' OR name = ' . $db->Quote($post['username']) . ' AND id != ' . (int) $user->id;
             $db->setQuery($query);
             $xid = intval($db->loadResult());
             if ($xid && $xid != intval($user->id)) {
                 $username = 0;
                 JRequest::setVar('username-msg-3', 1, 'get', true);
             }
         }
     } else {
         if ($tmpl['display_name_form'] == 2) {
             if ($post['username'] && trim($post['username']) != '') {
                 $username = 1;
             } else {
                 $username = 0;
                 JRequest::setVar('username-msg-1', 1, 'get', true);
             }
         } else {
             $username = 1;
         }
         if ($username != 0 && eregi("[\\<|\\>|\"|\\'|\\%|\\;|\\(|\\)|\\&|\\+]", $post['username'])) {
             $username = 0;
             JRequest::setVar('username-msg-2', 1, 'get', true);
         }
         if ($tmpl['disable_user_check'] == 0) {
             // Check for existing username
             $query = 'SELECT id' . ' FROM #__users ' . ' WHERE username = '******'username']) . ' OR name = ' . $db->Quote($post['username']) . ' AND id != ' . (int) $user->id;
             $db->setQuery($query);
             $xid = intval($db->loadResult());
             if ($xid && $xid != intval($user->id)) {
                 $username = 0;
                 JRequest::setVar('username-msg-3', 1, 'get', true);
             }
         }
     }
     // Email Check
     if ($tmpl['display_email_form'] == 2) {
         if ($post['email'] && trim($post['email']) != '') {
             $email = 1;
         } else {
             $email = 0;
             JRequest::setVar('email-msg-1', 1, 'get', true);
         }
         if ($email != 0 && !JMailHelper::isEmailAddress($post['email'])) {
             $email = 0;
             JRequest::setVar('email-msg-2', 1, 'get', true);
         }
     } else {
         $email = 1;
         if ($email != 0 && $post['email'] != '' && !JMailHelper::isEmailAddress($post['email'])) {
             $email = 0;
             JRequest::setVar('email-msg-2', 1, 'get', true);
         }
     }
     if ($tmpl['disable_user_check'] == 0) {
         // check for existing email
         $query = 'SELECT id' . ' FROM #__users ' . ' WHERE email = ' . $db->Quote($post['email']) . ' AND id != ' . (int) $user->id;
         $db->setQuery($query);
         $xid = intval($db->loadResult());
         if ($xid && $xid != intval($user->id)) {
             $email = 0;
             JRequest::setVar('email-msg-3', 1, 'get', true);
         }
     }
     // Website Check
     if ($tmpl['display_website_form'] == 2) {
         if ($post['website'] && trim($post['website']) != '') {
             $website = 1;
         } else {
             $website = 0;
             JRequest::setVar('website-msg-1', 1, 'get', true);
         }
         if ($website != 0 && !PhocaguestbookHelper::isURLAddress($post['website'])) {
             $website = 0;
             JRequest::setVar('website-msg-2', 1, 'get', true);
         }
     } else {
         $website = 1;
         if ($website != 0 && $post['website'] != '' && !PhocaguestbookHelper::isURLAddress($post['website'])) {
             $website = 0;
             JRequest::setVar('website-msg-2', 1, 'get', true);
         }
     }
     // Content Check
     if ($tmpl['display_content_form'] == 2) {
         if ($post['content'] && trim($post['content']) != '') {
             $content = 1;
         } else {
             $content = 0;
             JRequest::setVar('content-msg-1', 1, 'get', true);
         }
     } else {
         $content = 1;
     }
     // IP BAN Check
     $ip_ban = trim($params->get('ip_ban'));
     $ip_ban_array = explode(',', $ip_ban);
     $tmpl['ipa'] = 1;
     //display
     if (is_array($ip_ban_array)) {
         foreach ($ip_ban_array as $valueIp) {
             //if ($post['ip'] == trim($value)) {
             if ($valueIp != '') {
                 if (strstr($post['ip'], trim($valueIp)) && strpos($post['ip'], trim($valueIp)) == 0) {
                     $tmpl['ipa'] = 0;
                     JRequest::setVar('ip-msg-1', 1, 'get', true);
                     break;
                 }
             }
         }
     }
     // Not allowed URLs
     $tmpl['deny_url_words'] = $params->get('deny_url_words', '');
     if (!empty($tmpl['deny_url_words'])) {
         $tmpl['deny_url_words'] = explode(',', $params->get('deny_url_words', ''));
     }
     if (!empty($tmpl['deny_url_words']) && $content == 1) {
         $deny_url = 1;
         foreach ($tmpl['deny_url_words'] as $word) {
             if ($word != '') {
                 if (strpos($post['content'], $word) !== false || strpos($post['title'], $word) !== false || strpos($post['username'], $word) !== false) {
                     $deny_url = 0;
                     JRequest::setVar('denyurl-msg-1', 1, 'get', true);
                 }
             }
         }
     } else {
         $deny_url = 1;
     }
     // Registered user Check
     if ($tmpl['registered_users_only'] == 1) {
         if ($user->id > 0) {
             $reguser = 1;
         } else {
             $reguser = 0;
             JRequest::setVar('reguser-msg-1', 1, 'get', true);
         }
     } else {
         $reguser = 1;
     }
     // Captcha not for registered
     if ((int) $tmpl['enable_captcha_users'] == 1) {
         if ((int) $user->id > 0) {
             $tmpl['enable_captcha'] = 0;
         }
     }
     // Enable or disable Captcha
     if ($tmpl['enable_captcha'] < 1) {
         $phoca_guestbook_session = 1;
         $post['captcha'] = 1;
     }
     /*
     		if ($content != 0 && eregi( "[\<|\>]", $post['content'])) {
     			$content = 0; JRequest::setVar( 'content-msg-2', 	1, 'get',true );
     		}*/
     // SAVING DATA - - - - - - - - - -
     //the captcha picture code is the same as captcha input code, we can save the data
     //and other post data are OK
     if ($phoca_guestbook_session && $post['captcha'] && $phoca_guestbook_session == $post['captcha'] && $title == 1 && $username == 1 && $email == 1 && $content == 1 && $website == 1 && $tmpl['ipa'] == 1 && $deny_url == 1 && $reguser == 1 && isset($post['task']) && $post['task'] == 'submit' && isset($post['save']) && isset($post['published'])) {
         $model = $this->getModel('phocaguestbook');
         $post['homesite'] = $post['website'];
         if ($model->store($post)) {
             // Send mail to admin or super admin or user
             if ((int) $tmpl['send_mail'] > 0) {
                 PhocaGuestbookControllerPhocaGuestbook::sendPhocaGuestbookMail((int) $tmpl['send_mail'], $post, $uri->toString(), $tmpl);
             }
             if ($post['published'] == 0) {
                 $msg = JText::_('Phoca Guestbook Item Saved') . ", " . JText::_('Review Message');
             } else {
                 $msg = JText::_('Phoca Guestbook Item Saved');
             }
         } else {
             $msg = JText::_('Error Saving Phoca Guestbook Item');
         }
         // Set Itemid id for redirect, exists this link in Menu?
         /*	$menu 	= &JSite::getMenu();
         			$items	= $menu->getItems('link', 'index.php?option=com_phocaguestbook&view=phocaguestbook&id='.(int) $cid[0]);
         
         			if(isset($items[0])) {
         				$itemid = $items[0]->id;
         				$alias 	= $items[0]->alias;
         			}		*/
         // No JRoute - there are some problems
         // $this->setRedirect(JRoute::_('index.php?option=com_phocaguestbook&view=phocaguestbook&id='. (int) $cid[0].'&Itemid='.$itemid),$msg );
         $this->setRedirect($uri->toString(), $msg);
     } else {
         // captcha image code is not the same as captcha input field (don't redirect because we need post data)
         if ($post['captcha'] == 0) {
             JRequest::setVar('captcha-msg', 1, 'get', true);
         }
         if (!$post['captcha']) {
             JRequest::setVar('captcha-msg', 1, 'get', true);
         }
         if ($phoca_guestbook_session != $post['captcha']) {
             JRequest::setVar('captcha-msg', 1, 'get', true);
         }
         $this->display();
     }
 }