public function __construct()
{
$this->captchaHandler = XoopsCaptcha::getInstance();
$this->config = $this->loadConfig();
$this->plugin_List = $this->getPluginList();
$this->plugin_config = $this->loadConfigPlugin();
$this->xcaptcha_path_plugin = \XoopsBaseConfig::get('root-path') . '/modules/xcaptcha/plugins';
}
/**
* @covers Xoops\Form\Captcha::setConfig
*/
public function testSetConfig()
{
$value = $this->object->setConfig('dummy_name', 'dummy_value');
$this->assertTrue($value);
$handler = \XoopsCaptcha::getInstance();
$configs = $handler->config;
$this->assertTrue(is_array($configs));
$this->assertSame('dummy_value', $configs['dummy_name']);
}
/**
*
* @param string $caption Caption of the form element, default value is defined in captcha/language/
* @param string $name Name for the input box
* @param boolean $skipmember Skip CAPTCHA check for members
*/
function XoopsFormCaptcha($caption = '', $name = 'xoopscaptcha', $skipmember = true, $configs = array())
{
xoops_load('XoopsCaptcha');
$this->captchaHandler =& XoopsCaptcha::getInstance();
$configs['name'] = $name;
$configs['skipmember'] = $skipmember;
$this->captchaHandler->setConfigs($configs);
if (!$this->captchaHandler->isActive()) {
$this->setHidden();
} else {
$caption = !empty($caption) ? $caption : $this->captchaHandler->getCaption();
$this->setCaption($caption);
$this->setName($name);
}
}
/**
* __construct
*
* @param string $caption Caption of the form element, default value is defined in captcha/language/
* @param string $name Name for the input box
* @param boolean $skipmember Skip CAPTCHA check for members
* @param array $configs key/value pairs
*/
public function __construct($caption = '', $name = 'xoopscaptcha', $skipmember = true, $configs = array())
{
$this->captchaHandler = \XoopsCaptcha::getInstance();
$configs['name'] = $name;
$configs['skipmember'] = $skipmember;
$configs = $this->captchaHandler->loadConfig();
$this->captchaHandler->setConfigs($configs);
if (!$this->captchaHandler->isActive()) {
$this->setHidden();
} else {
$caption = !empty($caption) ? $caption : $this->captchaHandler->getCaption();
$this->setCaption($caption);
$this->setName($name);
}
}
/**
* __construct
*
* @param string|array $caption Caption (default defined in captcha/language/) or array of all attributes
* @param string $name Name for the input box
* @param boolean $skipmember Skip CAPTCHA check for members
* @param array $configs key/value pairs
*/
public function __construct($caption = '', $name = 'xoopscaptcha', $skipmember = true, $configs = array())
{
$this->captchaHandler = \XoopsCaptcha::getInstance();
if (is_array($caption)) {
parent::__construct($caption);
} else {
parent::__construct([]);
$this->setIfNotEmpty('caption', $caption);
$this->setIfNotEmpty('name', $name);
$this->setIfNotSet(':skipmember', $skipmember);
$this->setIfNotEmpty(':configs', $configs);
}
$this->setIfNotSet('caption', $this->captchaHandler->getCaption());
$this->setIfNotSet('name', 'xoopscaptcha');
$configs = $this->get(':configs', []);
$configs['name'] = $this->get('name');
$configs['skipmember'] = $this->get(':skipmember', true);
$configs = $this->captchaHandler->loadConfig();
$this->captchaHandler->setConfigs($configs);
if (!$this->captchaHandler->isActive()) {
$this->setHidden();
}
}
/**
* XoopsCaptchaRecaptcha2::verify()
*
* @param string|null $sessionName unused for recaptcha
*
* @return bool
*/
public function verify($sessionName = null)
{
$isValid = false;
$recaptchaResponse = Request::getString('g-recaptcha-response', '');
$recaptchaVerifyURL = 'https://www.google.com/recaptcha/api/siteverify?secret=' . $this->config['secret_key'] . '&response=' . $recaptchaResponse . '&remoteip=' . IPAddress::fromRequest()->asReadable();
$usedCurl = false;
if (function_exists('curl_init') && false !== ($curlHandle = curl_init())) {
curl_setopt($curlHandle, CURLOPT_URL, $recaptchaVerifyURL);
curl_setopt($curlHandle, CURLOPT_FAILONERROR, true);
curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curlHandle, CURLOPT_CONNECTTIMEOUT, 5);
$curlReturn = curl_exec($curlHandle);
if (false === $curlReturn) {
trigger_error(curl_error($curlHandle));
} else {
$usedCurl = true;
$recaptchaCheck = json_decode($curlReturn, true);
}
curl_close($curlHandle);
}
if (false === $usedCurl) {
$recaptchaCheck = file_get_contents($recaptchaVerifyURL);
$recaptchaCheck = json_decode($recaptchaCheck, true);
}
if (isset($recaptchaCheck['success']) && $recaptchaCheck['success'] === true) {
$isValid = true;
} else {
/** @var \XoopsCaptcha $captchaInstance */
$captchaInstance = \XoopsCaptcha::getInstance();
/** @var array $recaptchaCheck */
foreach ($recaptchaCheck['error-codes'] as $msg) {
$captchaInstance->message[] = $msg;
}
}
return $isValid;
}
echo "<input type='hidden' name='user_viewemail' value='" . $user_viewemail . "' />\n <input type='hidden' name='timezone_offset' value='" . (double) $timezone_offset . "' />\n <input type='hidden' name='url' value='" . $myts->htmlSpecialChars($url) . "' />\n <input type='hidden' name='pass' value='" . $myts->htmlSpecialChars($pass) . "' />\n <input type='hidden' name='vpass' value='" . $myts->htmlSpecialChars($vpass) . "' />\n <input type='hidden' name='user_mailok' value='" . $user_mailok . "' />\n <br /><br /><input type='hidden' name='op' value='finish' />" . $GLOBALS['xoopsSecurity']->getTokenHTML() . "<input type='submit' value='" . _US_FINISH . "' /></form>";
} else {
echo "<span style='color:#ff0000;'>{$stop}</span>";
include 'include/registerform.php';
$reg_form->display();
}
include 'footer.php';
break;
case 'finish':
include 'header.php';
$stop = XoopsUserUtility::validate($uname, $email, $pass, $vpass);
if (!$GLOBALS['xoopsSecurity']->check()) {
$stop .= implode('<br />', $GLOBALS['xoopsSecurity']->getErrors()) . "<br />";
}
xoops_load("captcha");
$xoopsCaptcha = XoopsCaptcha::getInstance();
if (!$xoopsCaptcha->verify()) {
$stop .= $xoopsCaptcha->getMessage() . "<br />";
}
if (empty($stop)) {
$member_handler =& xoops_gethandler('member');
$newuser =& $member_handler->createUser();
$newuser->setVar('user_viewemail', $user_viewemail, true);
$newuser->setVar('uname', $uname, true);
$newuser->setVar('email', $email, true);
if ($url != '') {
$newuser->setVar('url', formatURL($url), true);
}
$newuser->setVar('user_avatar', 'blank.gif', true);
$actkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8);
$newuser->setVar('actkey', $actkey, true);
public function displayPost()
{
$xoops = Xoops::getInstance();
if (Request::getMethod() !== 'POST') {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
$id = Request::getInt('com_id');
$modid = Request::getInt('com_modid');
if (empty($modid)) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
/* @var $comment CommentsComment */
$comment = $this->getHandlerComment()->get($id);
if (!is_object($comment)) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
if (!$comment->isNew()) {
$modid = $comment->getVar('modid');
} else {
$comment->setVar('modid', $modid);
}
$module = $xoops->getModuleById($modid);
if (!is_object($module)) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
$moddir = $module->getVar('dirname');
if ($xoops->isAdminSide) {
if (empty($id)) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
$redirect_page = $this->url('admin/main.php?com_modid=' . $modid . '&com_itemid');
} else {
if (COMMENTS_APPROVENONE == $xoops->getModuleConfig('com_rule', $module->getVar('dirname'))) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
$redirect_page = '';
}
/* @var $plugin CommentsPluginInterface */
if ($plugin = \Xoops\Module\Plugin::getPlugin($moddir, 'comments')) {
if (!$xoops->isAdminSide) {
$redirect_page = $xoops->url('modules/' . $moddir . '/' . $plugin->pageName() . '?');
if (is_array($extraParams = $plugin->extraParams())) {
$extra_params = '';
foreach ($extraParams as $extra_param) {
$extra_params .= isset($_POST[$extra_param]) ? $extra_param . '=' . htmlspecialchars($_POST[$extra_param]) . '&' : $extra_param . '=amp;';
}
$redirect_page .= $extra_params;
}
$redirect_page .= $plugin->itemName();
}
$comment_url = $redirect_page;
$op = Request::getBool('com_dopost') ? 'post' : '';
$op = Request::getBool('com_dopreview') ? 'preview' : $op;
$op = Request::getBool('com_dodelete') ? 'delete' : $op;
if ($op === 'preview' || $op === 'post') {
if (!$xoops->security()->check()) {
$op = '';
}
}
if ($op === 'post' && !$xoops->isUser()) {
$xoopsCaptcha = XoopsCaptcha::getInstance();
if (!$xoopsCaptcha->verify()) {
$captcha_message = $xoopsCaptcha->getMessage();
$op = 'preview';
}
}
$title = XoopsLocale::trim(Request::getString('com_title'));
$text = XoopsLocale::trim(Request::getString('com_text'));
$mode = XoopsLocale::trim(Request::getString('com_mode', 'flat'));
$order = XoopsLocale::trim(Request::getString('com_order', COMMENTS_OLD1ST));
$itemid = Request::getInt('com_itemid');
$pid = Request::getInt('com_pid');
$rootid = Request::getInt('com_rootid');
$status = Request::getInt('com_status');
$dosmiley = Request::getBool('com_dosmiley');
$doxcode = Request::getBool('com_doxcode');
$dobr = Request::getBool('com_dobr');
$dohtml = Request::getBool('com_html');
$doimage = Request::getBool('com_doimage');
$icon = XoopsLocale::trim(Request::getString('com_icon'));
$comment->setVar('title', $title);
$comment->setVar('text', $text);
$comment->setVar('itemid', $itemid);
$comment->setVar('pid', $pid);
$comment->setVar('rootid', $rootid);
$comment->setVar('status', $status);
$comment->setVar('dosmiley', $dosmiley);
$comment->setVar('doxcode', $doxcode);
$comment->setVar('dobr', $dobr);
$comment->setVar('dohtml', $dohtml);
$comment->setVar('doimage', $doimage);
$comment->setVar('icon', $icon);
switch ($op) {
case "delete":
$this->displayDelete();
break;
case "preview":
$comment->setVar('doimage', 1);
if ($comment->getVar('dohtml') != 0) {
if ($xoops->isUser()) {
if (!$xoops->user->isAdmin($comment->getVar('modid'))) {
$comment->setVar('dohtml', 0);
}
} else {
$comment->setVar('dohtml', 0);
}
}
$xoops->header();
if (!$xoops->isAdminSide && !empty($captcha_message)) {
echo $xoops->alert('error', $captcha_message);
}
echo $this->renderHeader($comment->getVar('title', 'p'), $comment->getVar('text', 'p'), false, time());
$this->displayCommentForm($comment);
$xoops->footer();
break;
case "post":
$comment->setVar('doimage', 1);
$comment_handler = $this->getHandlerComment();
$add_userpost = false;
$call_approvefunc = false;
$call_updatefunc = false;
// RMV-NOTIFY - this can be set to 'comment' or 'comment_submit'
$notify_event = false;
if (!empty($id)) {
$accesserror = false;
if ($xoops->isUser()) {
if ($xoops->user->isAdmin($comment->getVar('modid'))) {
if (!empty($status) && $status != COMMENTS_PENDING) {
$old_status = $comment->getVar('status');
$comment->setVar('status', $status);
// if changing status from pending state, increment user post
if (COMMENTS_PENDING == $old_status) {
$add_userpost = true;
if (COMMENTS_ACTIVE == $status) {
$call_updatefunc = true;
$call_approvefunc = true;
// RMV-NOTIFY
$notify_event = 'comment';
}
} else {
if (COMMENTS_HIDDEN == $old_status && COMMENTS_ACTIVE == $status) {
$call_updatefunc = true;
// Comments can not be directly posted hidden,
// no need to send notification here
} else {
if (COMMENTS_ACTIVE == $old_status && COMMENTS_HIDDEN == $status) {
$call_updatefunc = true;
}
}
}
}
} else {
$comment->setVar('dohtml', 0);
if ($comment->getVar('uid') != $xoops->user->getVar('uid')) {
$accesserror = true;
}
}
} else {
$comment->setVar('dohtml', 0);
$accesserror = true;
}
if (false != $accesserror) {
$xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_mode=' . $mode . '&com_order=' . $order, 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
} else {
$comment->setVar('created', time());
$comment->setVar('ip', $xoops->getEnv('REMOTE_ADDR'));
if ($xoops->isUser()) {
if ($xoops->user->isAdmin($comment->getVar('modid'))) {
$comment->setVar('status', COMMENTS_ACTIVE);
$add_userpost = true;
$call_approvefunc = true;
$call_updatefunc = true;
// RMV-NOTIFY
$notify_event = 'comment';
} else {
$comment->setVar('dohtml', 0);
switch ($xoops->getModuleConfig('com_rule')) {
case COMMENTS_APPROVEALL:
case COMMENTS_APPROVEUSER:
$comment->setVar('status', COMMENTS_ACTIVE);
$add_userpost = true;
$call_approvefunc = true;
$call_updatefunc = true;
// RMV-NOTIFY
$notify_event = 'comment';
break;
case COMMENTS_APPROVEADMIN:
default:
$comment->setVar('status', COMMENTS_PENDING);
$notify_event = 'comment_submit';
break;
}
}
if ($xoops->getModuleConfig('com_anonpost', $module->getVar('dirname')) && $comment->getVar('noname')) {
$comment->setVar('uid', 0);
} else {
$comment->setVar('uid', $xoops->user->getVar('uid'));
}
} else {
$comment->setVar('dohtml', 0);
$comment->setVar('uid', 0);
if ($xoops->getModuleConfig('com_anonpost', $module->getVar('dirname')) != 1) {
$xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_mode=' . $mode . '&com_order=' . $order, 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
}
if ($comment->getVar('uid') == 0) {
switch ($xoops->getModuleConfig('com_rule')) {
case COMMENTS_APPROVEALL:
$comment->setVar('status', COMMENTS_ACTIVE);
$add_userpost = true;
$call_approvefunc = true;
$call_updatefunc = true;
// RMV-NOTIFY
$notify_event = 'comment';
break;
case COMMENTS_APPROVEADMIN:
case COMMENTS_APPROVEUSER:
default:
$comment->setVar('status', COMMENTS_PENDING);
// RMV-NOTIFY
$notify_event = 'comment_submit';
break;
}
}
}
if ($comment->getVar('title') == '') {
$comment->setVar('title', XoopsLocale::NO_TITLE);
}
$comment->setVar('modified', time());
if (isset($extra_params)) {
$comment->setVar('exparams', $extra_params);
}
if (false != $comment_handler->insert($comment)) {
$newcid = $comment->getVar('id');
// set own id as root id if this is a top comment
if ($comment->getVar('rootid') == 0) {
$comment->setVar('rootid', $newcid);
if (!$comment_handler->updateByField($comment, 'rootid', $comment->getVar('rootid'))) {
$comment_handler->delete($comment);
$xoops->header();
echo $xoops->alert('error', $comment->getHtmlErrors());
$xoops->footer();
}
}
// call custom approve function if any
if (false != $call_approvefunc) {
$plugin->approve($comment);
}
if (false != $call_updatefunc) {
$criteria = new CriteriaCompo(new Criteria('modid', $comment->getVar('modid')));
$criteria->add(new Criteria('itemid', $comment->getVar('itemid')));
$criteria->add(new Criteria('status', COMMENTS_ACTIVE));
$comment_count = $comment_handler->getCount($criteria);
$plugin->update($comment->getVar('itemid'), $comment_count);
}
// increment user post if needed
$uid = $comment->getVar('uid');
if ($uid > 0 && false != $add_userpost) {
$member_handler = $xoops->getHandlerMember();
$poster = $member_handler->getUser($uid);
if ($poster instanceof XoopsUser) {
$member_handler->updateUserByField($poster, 'posts', $poster->getVar('posts') + 1);
}
}
// RMV-NOTIFY
// trigger notification event if necessary
if ($notify_event && $xoops->isActiveModule('notifications')) {
$notifications = Notifications::getInstance();
$not_modid = $comment->getVar('modid');
$not_catinfo = $notifications->getCommentsCategory($module->getVar('dirname'));
$not_category = $not_catinfo['name'];
$not_itemid = $comment->getVar('itemid');
$not_event = $notify_event;
// Build an ABSOLUTE URL to view the comment. Make sure we
// point to a viewable page (i.e. not the system administration
// module).
$comment_tags = array();
$comment_tags['X_COMMENT_URL'] = $comment_url . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_rootid=' . $comment->getVar('rootid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id');
if ($xoops->isActiveModule('notifications')) {
Notifications::getInstance()->getHandlerNotification()->triggerEvent($not_category, $not_itemid, $not_event, $comment_tags, false, $not_modid);
}
}
if (!isset($comment_post_results)) {
// if the comment is active, redirect to posted comment
if ($comment->getVar('status') == COMMENTS_ACTIVE) {
$xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_rootid=' . $comment->getVar('rootid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id'), 1, _MD_COMMENTS_THANKSPOST);
} else {
// not active, so redirect to top comment page
$xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id'), 1, _MD_COMMENTS_THANKSPOST);
}
}
} else {
if (!isset($purge_comment_post_results)) {
$xoops->header();
echo $xoops->alert('error', $comment->getHtmlErrors());
$xoops->footer();
} else {
$comment_post_results = $comment->getErrors();
}
}
break;
default:
$xoops->redirect(\XoopsBaseConfig::get('url') . '/', 1, implode('<br />', $xoops->security()->getErrors()));
break;
}
}
}
function __construct()
{
xoops_load('XoopsCaptcha');
$this->captcha_handler = XoopsCaptcha::getInstance();
$this->config = $this->captcha_handler->loadConfig("image");
}
/**
* Constructor
*/
public function __construct()
{
$this->captcha_handler = XoopsCaptcha::getInstance();
$this->config = $this->captcha_handler->loadConfig("image");
$this->xoops_root_path = \XoopsBaseConfig::get('root-path');
}