/** * onBeforeSave method. Hook for chidlren model to prepare the data. * * @param array $data The data to be saved. * @param JTable $table The table object. * * @return boolean */ protected function onBeforeSave(&$data, $table) { // Get application $application = JFactory::getApplication(); // Params $params = JComponentHelper::getParams('com_k2'); // Get user $user = JFactory::getUser(); // New comments if (!$table->id) { // New comments only allowed in frontend if ($application->isAdmin()) { $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION')); return false; } // Don't allow new comments if comments are disabled if (!$params->get('comments')) { $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION')); return false; } // Get the item to check permissions $model = K2Model::getInstance('Items'); $model->setState('id', $data['itemId']); $item = $model->getRow(); // First check that user can actualy view the specific item if (!$item->checkSiteAccess()) { $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION')); return false; } // Check that the current user can comment on this category if (!$user->authorise('k2.comment.create', 'com_k2.category.' . $item->catid)) { $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION')); return false; } // Text is required for both guests and authenticated users if (trim($data['text']) == '') { $this->setError(JText::_('K2_YOU_NEED_TO_FILL_IN_ALL_REQUIRED_FIELDS')); return false; } // Validate user data for guests if ($user->guest) { // Check that the required fields have been set if (trim($data['name']) == '' || trim($data['email']) == '') { $this->setError(JText::_('K2_YOU_NEED_TO_FILL_IN_ALL_REQUIRED_FIELDS')); return false; } // Check that the email is valid if (!JMailHelper::isEmailAddress($data['email'])) { $this->setError(JText::_('K2_INVALID_EMAIL_ADDRESS')); return false; } // Check for spoofing $model = K2Model::getInstance('Users'); $spoofing = $model->checkSpoofing(trim($data['name']), $data['email']); if ($spoofing > 0) { $this->setError(JText::_('K2_THE_NAME_OR_EMAIL_ADDRESS_YOU_TYPED_IS_ALREADY_IN_USE')); return false; } // Enforce some data for guests $data['userId'] = 0; } else { // Enforce some data for authenticated users $data['userId'] = $user->id; $data['name'] = $user->name; $data['email'] = $user->email; } // Check captcha depending on settings require_once JPATH_SITE . '/components/com_k2/helpers/captcha.php'; if (!($result = K2HelperCaptcha::check($data, $this))) { return false; } // Everything seems fine, lets enforce the common variables $data['ip'] = $_SERVER['REMOTE_ADDR']; $data['hostname'] = gethostbyaddr($_SERVER['REMOTE_ADDR']); $data['date'] = JFactory::getDate()->toSql(); $data['state'] = $params->get('commentsPublishing') ? 1 : 0; // Set a variable to indicate that this was a new comment $this->setState('isNew', true); } else { // Check permissions $canEditAnyComment = $user->authorise('k2.comment.edit', 'com_k2'); if (!$canEditAnyComment) { $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION')); return false; } // Edit is only allowed for comment text and state. The rest fields should not be edited. $data['id'] = $table->id; $data['itemId'] = $table->itemId; $data['userId'] = $table->userId; $data['name'] = $table->name; $data['date'] = $table->date; $data['email'] = $table->email; $data['url'] = $table->url; $data['ip'] = $table->ip; $data['hostname'] = $table->hostname; } return true; }
public function report() { // Check for token JSession::checkToken() or K2Response::throwError(JText::_('JINVALID_TOKEN')); // Get application $application = JFactory::getApplication(); // Get configuration $configuration = JFactory::getConfig(); // Get input $id = $application->input->get('id', 0, 'int'); $reportName = $application->input->get('reportName', '', 'string'); $reportReason = $application->input->get('reportReason', '', 'string'); // Get params $params = JComponentHelper::getParams('com_k2'); // Get user $user = JFactory::getUser(); // Check if user can report if (!$params->get('comments') || !$params->get('commentsReporting') || $params->get('commentsReporting') == '2' && $user->guest) { K2Response::throwError(JText::_('K2_ALERTNOTAUTH'), 403); } // Get comment $comment = K2Comments::getInstance($id); // Check comment is published if (!$comment->state) { K2Response::throwError(JText::_('K2_COMMENT_NOT_FOUND')); } // Get item $item = K2Items::getInstance($comment->itemId); // Check access to the item $item->checkSiteAccess(); // Check input if (trim($reportName) == '') { K2Response::throwError(JText::_('K2_PLEASE_TYPE_YOUR_NAME')); } if (trim($reportReason) == '') { K2Response::throwError(JText::_('K2_PLEASE_TYPE_THE_REPORT_REASON')); } // Check captcha depending on settings require_once JPATH_SITE . '/components/com_k2/helpers/captcha.php'; $data = $this->getInputData(); if (!($result = K2HelperCaptcha::check($data, $this))) { K2Response::throwError($this->getError()); } $mailer = JFactory::getMailer(); $senderEmail = $configuration->get('mailfrom'); $senderName = $configuration->get('fromname'); $mailer->setSender(array($senderEmail, $senderName)); $mailer->setSubject(JText::_('K2_COMMENT_REPORT')); $mailer->IsHTML(true); $body = "\n <strong>" . JText::_('K2_NAME') . "</strong>: " . $reportName . " <br/>\n <strong>" . JText::_('K2_REPORT_REASON') . "</strong>: " . $reportReason . " <br/>\n <strong>" . JText::_('K2_COMMENT') . "</strong>: " . nl2br($comment->text) . " <br/>\n "; $mailer->setBody($body); $mailer->ClearAddresses(); $mailer->AddAddress($params->get('commentsReportRecipient', $configuration->get('mailfrom'))); $mailer->Send(); $application->enqueueMessage(JText::_('K2_REPORT_SUBMITTED')); echo json_encode(K2Response::render()); return $this; }