/**
* onBeforeSave method. Hook for chidlren model to prepare the data.
*
* @param array $data The data to be saved.
* @param JTable $table The table object.
*
* @return boolean
*/
protected function onBeforeSave(&$data, $table)
{
// Get application
$application = JFactory::getApplication();
// Params
$params = JComponentHelper::getParams('com_k2');
// Get user
$user = JFactory::getUser();
// New comments
if (!$table->id) {
// New comments only allowed in frontend
if ($application->isAdmin()) {
$this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'));
return false;
}
// Don't allow new comments if comments are disabled
if (!$params->get('comments')) {
$this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'));
return false;
}
// Get the item to check permissions
$model = K2Model::getInstance('Items');
$model->setState('id', $data['itemId']);
$item = $model->getRow();
// First check that user can actualy view the specific item
if (!$item->checkSiteAccess()) {
$this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'));
return false;
}
// Check that the current user can comment on this category
if (!$user->authorise('k2.comment.create', 'com_k2.category.' . $item->catid)) {
$this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'));
return false;
}
// Text is required for both guests and authenticated users
if (trim($data['text']) == '') {
$this->setError(JText::_('K2_YOU_NEED_TO_FILL_IN_ALL_REQUIRED_FIELDS'));
return false;
}
// Validate user data for guests
if ($user->guest) {
// Check that the required fields have been set
if (trim($data['name']) == '' || trim($data['email']) == '') {
$this->setError(JText::_('K2_YOU_NEED_TO_FILL_IN_ALL_REQUIRED_FIELDS'));
return false;
}
// Check that the email is valid
if (!JMailHelper::isEmailAddress($data['email'])) {
$this->setError(JText::_('K2_INVALID_EMAIL_ADDRESS'));
return false;
}
// Check for spoofing
$model = K2Model::getInstance('Users');
$spoofing = $model->checkSpoofing(trim($data['name']), $data['email']);
if ($spoofing > 0) {
$this->setError(JText::_('K2_THE_NAME_OR_EMAIL_ADDRESS_YOU_TYPED_IS_ALREADY_IN_USE'));
return false;
}
// Enforce some data for guests
$data['userId'] = 0;
} else {
// Enforce some data for authenticated users
$data['userId'] = $user->id;
$data['name'] = $user->name;
$data['email'] = $user->email;
}
// Check captcha depending on settings
require_once JPATH_SITE . '/components/com_k2/helpers/captcha.php';
if (!($result = K2HelperCaptcha::check($data, $this))) {
return false;
}
// Everything seems fine, lets enforce the common variables
$data['ip'] = $_SERVER['REMOTE_ADDR'];
$data['hostname'] = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$data['date'] = JFactory::getDate()->toSql();
$data['state'] = $params->get('commentsPublishing') ? 1 : 0;
// Set a variable to indicate that this was a new comment
$this->setState('isNew', true);
} else {
// Check permissions
$canEditAnyComment = $user->authorise('k2.comment.edit', 'com_k2');
if (!$canEditAnyComment) {
$this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'));
return false;
}
// Edit is only allowed for comment text and state. The rest fields should not be edited.
$data['id'] = $table->id;
$data['itemId'] = $table->itemId;
$data['userId'] = $table->userId;
$data['name'] = $table->name;
$data['date'] = $table->date;
$data['email'] = $table->email;
$data['url'] = $table->url;
$data['ip'] = $table->ip;
$data['hostname'] = $table->hostname;
}
return true;
}
public function report()
{
// Check for token
JSession::checkToken() or K2Response::throwError(JText::_('JINVALID_TOKEN'));
// Get application
$application = JFactory::getApplication();
// Get configuration
$configuration = JFactory::getConfig();
// Get input
$id = $application->input->get('id', 0, 'int');
$reportName = $application->input->get('reportName', '', 'string');
$reportReason = $application->input->get('reportReason', '', 'string');
// Get params
$params = JComponentHelper::getParams('com_k2');
// Get user
$user = JFactory::getUser();
// Check if user can report
if (!$params->get('comments') || !$params->get('commentsReporting') || $params->get('commentsReporting') == '2' && $user->guest) {
K2Response::throwError(JText::_('K2_ALERTNOTAUTH'), 403);
}
// Get comment
$comment = K2Comments::getInstance($id);
// Check comment is published
if (!$comment->state) {
K2Response::throwError(JText::_('K2_COMMENT_NOT_FOUND'));
}
// Get item
$item = K2Items::getInstance($comment->itemId);
// Check access to the item
$item->checkSiteAccess();
// Check input
if (trim($reportName) == '') {
K2Response::throwError(JText::_('K2_PLEASE_TYPE_YOUR_NAME'));
}
if (trim($reportReason) == '') {
K2Response::throwError(JText::_('K2_PLEASE_TYPE_THE_REPORT_REASON'));
}
// Check captcha depending on settings
require_once JPATH_SITE . '/components/com_k2/helpers/captcha.php';
$data = $this->getInputData();
if (!($result = K2HelperCaptcha::check($data, $this))) {
K2Response::throwError($this->getError());
}
$mailer = JFactory::getMailer();
$senderEmail = $configuration->get('mailfrom');
$senderName = $configuration->get('fromname');
$mailer->setSender(array($senderEmail, $senderName));
$mailer->setSubject(JText::_('K2_COMMENT_REPORT'));
$mailer->IsHTML(true);
$body = "\n <strong>" . JText::_('K2_NAME') . "</strong>: " . $reportName . " <br/>\n <strong>" . JText::_('K2_REPORT_REASON') . "</strong>: " . $reportReason . " <br/>\n <strong>" . JText::_('K2_COMMENT') . "</strong>: " . nl2br($comment->text) . " <br/>\n ";
$mailer->setBody($body);
$mailer->ClearAddresses();
$mailer->AddAddress($params->get('commentsReportRecipient', $configuration->get('mailfrom')));
$mailer->Send();
$application->enqueueMessage(JText::_('K2_REPORT_SUBMITTED'));
echo json_encode(K2Response::render());
return $this;
}
