/** * @Route("/", methods="POST") * @Route("/{id}", methods="POST", requirements={"id"="\d+"}) * @Request({"comment": "array", "id": "int"}, csrf=true) */ public function saveAction($data, $id = 0) { if (!$id) { if (!$this->user->hasAccess('blog: post comments')) { App::abort(403, __('Insufficient User Rights.')); } $comment = Comment::create(); if ($this->user->isAuthenticated()) { $data['author'] = $this->user->name; $data['email'] = $this->user->email; $data['url'] = $this->user->url; } elseif ($this->blog->config('comments.require_email') && (!@$data['author'] || !@$data['email'])) { App::abort(400, __('Please provide valid name and email.')); } $comment->user_id = $this->user->isAuthenticated() ? (int) $this->user->id : 0; $comment->ip = App::request()->getClientIp(); $comment->created = new \DateTime(); } else { if (!$this->user->hasAccess('blog: manage comments')) { App::abort(403, __('Insufficient User Rights.')); } $comment = Comment::find($id); if (!$comment) { App::abort(404, __('Comment not found.')); } } unset($data['created']); // check minimum idle time in between user comments if (!$this->user->hasAccess('blog: skip comment min idle') and $minidle = $this->blog->config('comments.minidle') and $commentIdle = Comment::where($this->user->isAuthenticated() ? ['user_id' => $this->user->id] : ['ip' => App::request()->getClientIp()])->orderBy('created', 'DESC')->first()) { $diff = $commentIdle->created->diff(new \DateTime("- {$minidle} sec")); if ($diff->invert) { App::abort(403, __('Please wait another %seconds% seconds before commenting again.', ['%seconds%' => $diff->s + $diff->i * 60 + $diff->h * 3600])); } } if (@$data['parent_id'] && !($parent = Comment::find((int) $data['parent_id']))) { App::abort(404, __('Parent not found.')); } if (!@$data['post_id'] || !($post = Post::where(['id' => $data['post_id']])->first()) or !($this->user->hasAccess('blog: manage comments') || $post->isCommentable() && $post->isPublished())) { App::abort(404, __('Post not found.')); } $approved_once = (bool) Comment::where(['user_id' => $this->user->id, 'status' => Comment::STATUS_APPROVED])->first(); $comment->status = $this->user->hasAccess('blog: skip comment approval') ? Comment::STATUS_APPROVED : $this->user->hasAccess('blog: comment approval required once') && $approved_once ? Comment::STATUS_APPROVED : Comment::STATUS_PENDING; // check the max links rule if ($comment->status == Comment::STATUS_APPROVED && $this->blog->config('comments.maxlinks') <= preg_match_all('/<a [^>]*href/i', @$data['content'])) { $comment->status = Comment::STATUS_PENDING; } // check for spam //App::trigger('system.comment.spam_check', new CommentEvent($comment)); $comment->save($data); return ['message' => 'success', 'comment' => $comment]; }
/** * Updates the comments info on post. * * @param int $id */ public static function updateCommentInfo($id) { $query = Comment::where(['post_id' => $id, 'status' => Comment::STATUS_APPROVED]); self::where(compact('id'))->update(['comment_count' => $query->count()]); }