/** * Add a comment to a blog post * * @param array $post * @param int $blogPostId * @return bool */ protected function addComment(array $post = [], int $blogPostId = 0) : bool { if (!$this->config('blog.comments.enabled')) { $this->storeLensVar('blog_error', \__('Comments are not enabled on this blog.')); return false; } if (!$this->isLoggedIn() && !$this->config('blog.comments.guests')) { $this->storeLensVar('blog_error', \__('Guest comments are not enabled on this blog.')); return false; } if (!$this->isLoggedIn() && (empty($post['name']) || empty($post['email']))) { $this->storeLensVar('blog_error', \__('Name and email address are required fields.')); return false; } if ($this->isLoggedIn() && !$this->isSuperUser()) { if (!empty($post['author'])) { $allowedAuthors = $this->blog->getAuthorsForUser($this->getActiveUserId()); if (!\in_array($post['author'], $allowedAuthors)) { $this->storeLensVar('blog_error', \__('You do not have permission to post as this author.')); return false; } } } $msg = \trim($post['message']); if (Binary::safeStrlen($msg) < 2) { $this->storeLensVar('blog_error', \__('The comment you attempted to leave is much too short.')); return false; } $published = false; $can_comment = false; if ($this->can('publish')) { // No CAPTCHA necessary $published = true; $can_comment = true; } elseif ($this->config('blog.comments.recaptcha')) { if (isset($post['g-recaptcha-response'])) { $rc = \Airship\getReCaptcha($this->config('recaptcha.secret-key'), $this->config('recaptcha.curl-opts') ?? []); $resp = $rc->verify($post['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']); $can_comment = $resp->isSuccess(); } } else { $can_comment = true; } if (!$can_comment) { $this->storeLensVar('blog_error', \__('Invalid CAPTCHA Response. Please try again.')); return false; } return $this->blog->addCommentToPost($post, $blogPostId, $published); }