function _addOption() { $this->autoRender = false; $this->autoLayout = false; $response = array(); $option = $this->data['FieldOption']['text'] = Sanitize::getString($this->data, 'text'); $value = $this->data['FieldOption']['value'] = Sanitize::stripAll($this->data, 'text'); $fieldid = $this->data['FieldOption']['fieldid'] = Sanitize::getInt($this->data, 'field_id'); $fieldName = Sanitize::getString($this->data, 'name'); // Begin validation if ($value == '') { $validation = __t("The field is empty.", true); $response[] = "jQuery('#jr_fieldOption{$fieldid}').siblings('.jr_loadingSmall').after('<span class=\"jr_validation\"> " . $validation . "</span>');"; return $this->ajaxResponse($response); } // Save $result = $this->FieldOption->save($this->data); switch ($result) { case 'success': // Begin update display $option = $this->data['FieldOption']['text']; $value = $this->data['FieldOption']['value']; $response = "\n jQuery('#{$fieldName}').addOption('{$value}','" . addslashes($option) . "');\n jQuery('#jr_fieldOption{$fieldid}').val(''); \n jQuery('#submitButton{$fieldid}').removeAttr('disabled');\n "; return $this->ajaxResponse($response); case 'duplicate': $validation = sprintf(__t("%s already exists", true), $value); break; case 'db_error': $validation = s2Messages::submitErrorGeneric(); break; } $response[] = "jQuery('#{$fieldName}').selectOptions('" . addslashes($option) . "');"; $response[] = "jQuery('#jr_fieldOption{$fieldid}').siblings('.jr_loadingSmall').after('<span class=\"jr_validation\"> " . $validation . "</span>');"; return $this->ajaxResponse($response); }
function _save() { $this->autoRender = false; $this->autoLayout = false; $response = array(); # Validate form token $this->components = array('security'); $this->__initComponents(); if ($this->invalidToken) { return $this->ajaxError(s2messages::invalidToken()); } if ($this->Config->user_report) { $this->data['Report']['report_text'] = Sanitize::getString($this->data['Report'], 'report_text'); $listing_id = $this->data['Report']['listing_id'] = Sanitize::getInt($this->data['Report'], 'listing_id'); $review_id = $this->data['Report']['review_id'] = Sanitize::getInt($this->data['Report'], 'review_id'); $post_id = $this->data['Report']['post_id'] = Sanitize::getInt($this->data['Report'], 'post_id'); $extension = $this->data['Report']['extension'] = Sanitize::getString($this->data['Report'], 'extension'); if ($this->data['Report']['report_text'] != '') { $this->data['Report']['user_id'] = $this->_user->id; $this->data['Report']['ipaddress'] = $this->ipaddress; $this->data['Report']['created'] = date('Y-m-d H:i:s'); $this->data['Report']['approved'] = 0; if ($this->_user->id) { $this->data['Report']['name'] = $this->_user->name; $this->data['Report']['username'] = $this->_user->username; $this->data['Report']['email'] = $this->_user->email; } else { $this->data['Report']['name'] = 'Guest'; $this->data['Report']['username'] = '******'; } if ($this->Report->store($this->data)) { $update_text = __t("Your report was submitted, thank you.", true); $response[] = "jQuery('#jr_reportLink" . ($post_id > 0 ? $post_id : $review_id) . "').remove();"; return $this->ajaxUpdateDialog($update_text, $response); } return $this->ajaxError(s2Messages::submitErrorDb()); } # Validation failed if (isset($this->Security)) { $reponse[] = "jQuery('jr_reportToken').val('" . $this->Security->reissueToken() . "')"; } return $this->ajaxValidation(__t("The message is empty.", true), $response); } }
function _save() { $this->autoRender = false; $this->autoLayout = false; $this->components = array('security'); $this->__initComponents(); $listing_id = Sanitize::getInt($this->data['Claim'], 'listing_id'); $response = array(); # Validate form token if ($this->invalidToken) { return $this->ajaxError(s2Messages::invalidToken()); } if (!$listing_id) { return $this->ajaxError(s2Messages::accessDenied()); } if ($this->Config->claims_enable && $this->_user->id) { $this->data['Claim']['claim_text'] = Sanitize::getString($this->data['Claim'], 'claim_text'); if ($this->data['Claim']['claim_text'] != '') { // Check if this user already has a claim for this listing to update it $claim_id = $this->Claim->findOne(array('fields' => array('Claim.claim_id AS `Claim.claim_id`'), 'conditions' => array('Claim.user_id = ' . (int) $this->_user->id, 'Claim.listing_id = ' . $listing_id, 'Claim.approved <= 0'))); if ($claim_id > 0) { $this->data['Claim']['claim_id'] = $claim_id; } $this->data['Claim']['user_id'] = $this->_user->id; $this->data['Claim']['created'] = date('Y-m-d H:i:s'); $this->data['Claim']['approved'] = 0; if ($this->Claim->store($this->data)) { $update_text = __t("Your claim was submitted, thank you.", true); $response[] = "jQuery('#jr_claimImg{$listing_id}').remove();"; return $this->ajaxUpdateDialog($update_text, $response); } } else { # Validation failed if (isset($this->Security)) { $response[] = "jQuery('#jr_claimToken').val('" . $this->Security->reissueToken() . "');"; } return $this->ajaxValidation(__t("The message is empty.", true), $response); } } return $this->ajaxError(s2Messages::submitErrorDb()); }
function _save() { $response = array(); $this->data['Vote']['user_id'] = $this->_user->id; $this->data['Vote']['review_id'] = (int) $this->data['Vote']['review_id']; # Exact vote check to prevent form tampering. User can cheat the js and enter any interger, thus increasing the count $this->data['Vote']['vote_yes'] = Sanitize::getInt($this->data['Vote'], 'vote_yes') ? 1 : 0; $this->data['Vote']['vote_no'] = Sanitize::getInt($this->data['Vote'], 'vote_no') ? 1 : 0; $this->data['Vote']['created'] = gmdate('Y-m-d H:i:s'); $this->data['Vote']['ipaddress'] = $this->ipaddress; if (!$this->data['Vote']['review_id']) { return $this->ajaxError(s2Messages::submitErrorGeneric()); } // Find duplicates $duplicate = $this->Vote->findCount(array('conditions' => array('review_id = ' . $this->data['Vote']['review_id'], 'ipaddress = ' . $this->Vote->Quote($this->data['Vote']['ipaddress'])))); // It's a guest so we only care about checking the IP address if this feature is not disabled and // server is not localhost if (!$this->_user->id) { if (!$this->Config->vote_ipcheck_disable && $this->ipaddress != '127.0.0.1') { // Do the ip address check everywhere except in localhost $duplicate = $this->Vote->findCount(array('conditions' => array('review_id = ' . $this->data['Vote']['review_id'], 'ipaddress = ' . $this->Vote->Quote($this->ipaddress)))); } } else { $duplicate = $this->Vote->findCount(array('conditions' => array('review_id = ' . $this->data['Vote']['review_id'], "(user_id = {$this->_user->id}" . ($this->ipaddress != '127.0.0.1' && !$this->Config->vote_ipcheck_disable ? " OR ipaddress = " . $this->Vote->Quote($this->ipaddress) . ") " : ')')))); } if ($duplicate > 0) { # Hides vote buttons and shows message alert $response[] = "jQuery('#jr_reviewVote{$this->data['Vote']['review_id']}').fadeOut('medium',function(){\n jQuery(this).html('" . __t("You already voted.", true, true) . "').fadeIn();\n });"; return $this->ajaxResponse($response); } if ($this->Vote->store($this->data)) { # Hides vote buttons and shows message alert $response[] = "jQuery('#jr_reviewVote{$this->data['Vote']['review_id']}').fadeOut('medium',function(){\n jQuery(this).html('" . __t("Thank you for your vote.", true, true) . "').fadeIn();\n });"; # Facebook wall integration only for positive votes $facebook_integration = Sanitize::getBool($this->Config, 'facebook_enable') && Sanitize::getBool($this->Config, 'facebook_votes'); $token = cmsFramework::getCustomToken($this->data['Vote']['review_id']); $facebook_integration and $this->data['Vote']['vote_yes'] and $response[] = "\n jQuery.ajax({url:s2AjaxUri+jreviews.ajax_params()+'&url=facebook/_postVote/id:{$this->data['Vote']['review_id']}&{$token}=1',dataType:'script'});\n "; return $this->ajaxResponse($response); } return $this->ajaxError(s2Messages::submitErrorDb()); }
function _save() { $this->autoRender = false; $this->autoLayout = false; $this->Discussion->isNew = true; $response = array(); $parent_id = Sanitize::getInt($this->data['Discussion'], 'parent_post_id'); $isNew = Sanitize::getBool($this->data['Discussion'], 'discussion_id'); # Load the notifications observer model component and initialize it. # Done here so it only loads on save and not for all controlller actions. $this->components = array('security'); $this->__initComponents(); # Validate form token if ($this->invalidToken) { return $this->ajaxError(s2Messages::invalidToken()); } if (!$this->Config->review_discussions || !$this->Access->canAddPost()) { // Server side validation return $this->ajaxError(__t("You are not allowed to submit comments.", true, true)); } # Validate input fields $this->Discussion->validateInput(Sanitize::getString($this->data['Discussion'], 'name'), "name", "text", __t("You must fill in your name.", true), !$this->_user->id && ($this->Config->discussform_name == 'required' ? true : false)); $this->Discussion->validateInput(Sanitize::getString($this->data['Discussion'], 'email'), "email", "email", __t("You must fill in a valid email address.", true), ($this->Config->discussform_email == 'required' ? true : false) && !$this->_user->id && $isNew); $this->Discussion->validateInput($this->data['Discussion']['text'], "text", "text", __t("You must fill in your comment.", true), true); # Validate security code if ($this->Access->showCaptcha()) { if (!isset($this->data['Captcha']['code'])) { $this->Discussion->validateSetError("code", __t("The security code you entered was invalid.", true)); } elseif ($this->data['Captcha']['code'] == '') { $this->Discussion->validateInput($this->data['Captcha']['code'], "code", "text", __t("You must fill in the security code.", true), 1); } else { if (!$this->Captcha->checkCode($this->data['Captcha']['code'], $this->ipaddress)) { $this->Discussion->validateSetError("code", __t("The security code you entered was invalid.", true)); } } } $validation_text = implode('<br />', $this->Discussion->validateGetErrorArray()); if ($validation_text != '') { $response[] = "jQuery('#jr_postCommentSubmit{$parent_id}').removeAttr('disabled');"; $response[] = "jQuery('#jr_postCommentCancel{$parent_id}').removeAttr('disabled');"; // Replace captcha with new instance $captcha = $this->Captcha->displayCode(); $response[] = "jQuery('.jr_captcha').find('img').attr('src','{$captcha['src']}');"; $response[] = "jQuery('.jr_captcha_code').val('');"; return $this->ajaxValidation($validation_text, $response); } $this->data['Discussion']['user_id'] = $this->_user->id; $this->data['Discussion']['ipaddress'] = $this->ipaddress; if ($this->_user->id) { $this->data['Discussion']['name'] = $this->_user->name; $this->data['Discussion']['username'] = $this->_user->username; $this->data['Discussion']['email'] = $this->_user->email; } else { $this->data['Discussion']['username'] = $this->data['Discussion']['name']; } $this->data['Discussion']['created'] = date('Y-m-d H:i:s'); $this->data['Discussion']['approved'] = (int) (!$this->Access->moderatePost()); if ($this->Discussion->store($this->data)) { if (!$this->data['Discussion']['approved']) { $submit_text = __t("Thank you for your submission. It will be published once it is verified.", true, true); return $this->ajaxUpdatePage('jr_postCommentForm' . $parent_id, $submit_text); } // Query post to get full info for instant refresh $discussion = $this->Discussion->findRow(array('conditions' => array('Discussion.type = "review"', 'Discussion.discussion_id = ' . $this->data['Discussion']['discussion_id']))); $this->set(array('Access' => $this->Access, 'User' => $this->_user, 'post' => $discussion)); $update_text = __t("Thank you for your submission.", true, true); $update_html = $this->render('discussions', 'post'); $target_id_after = 'jr_post' . $parent_id; $response[] = 'jreviews.discussion.parentCommentPopOver();'; return $this->ajaxUpdatePage('jr_postCommentFormOuter' . $parent_id, $update_text, $update_html, compact('target_id_after', 'response')); } }
function _save() { $response = array(); $formToken = cmsFramework::getCustomToken($this->review_id); if ($this->denyAccess == true || !$this->__validateToken($formToken)) { return $this->ajaxError(s2Messages::accessDenied()); } # Validate form token $this->components = array('security'); $this->__initComponents(); if ($this->invalidToken) { return $this->ajaxError(s2messages::invalidToken()); } // Check if an owner reply already exists $this->OwnerReply->fields = array(); if ($reply = $this->OwnerReply->findRow(array('fields' => array('OwnerReply.owner_reply_text', 'OwnerReply.owner_reply_approved'), 'conditions' => array('OwnerReply.id = ' . $this->review_id)))) { if ($reply['OwnerReply']['owner_reply_approved'] == 1) { $error_text = __t("A reply for this review already exists.", true); $response[] = "jQuery('#jr_ownerReplyLink{$this->review_id}').remove();"; return $this->ajaxError($error_text, $response); } } if ($this->Config->owner_replies) { if ($this->data['OwnerReply']['owner_reply_text'] != '' && $this->data['OwnerReply']['id'] > 0) { $this->data['OwnerReply']['owner_reply_created'] = date('Y-m-d H:i:s'); $this->data['OwnerReply']['owner_reply_approved'] = (int) (!$this->Access->moderateOwnerReply()); // Replies will be moderated by default if ($this->OwnerReply->store($this->data)) { $update_text = $this->data['OwnerReply']['owner_reply_approved'] ? __t("Your reply was submitted and has been approved.", true) : __t("Your reply was submitted and will be published once it is verified.", true); $response[] = "jQuery('#jr_ownerReplyLink{$this->review_id}').remove();"; return $this->ajaxUpdateDialog($update_text, $response); } return $this->ajaxError(s2Messages::submitErrorDb()); } # Validation failed return $this->ajaxValidation(__t("The reply is empty.", true), $response); } }
function _save() { $this->autoRender = false; $this->autoLayout = false; $response = array(); # Done here so it only loads on save and not for all controlller actions. $this->components = array('security', 'notifications'); $this->__initComponents(); # Validate form token if ($this->invalidToken) { return $this->ajaxError(s2Messages::invalidToken()); } $selected = ''; $msg = ''; $msgAlert = ''; $msgTags = array(); # Clean formValues $review_id = Sanitize::getInt($this->data['Review'], 'id', 0); $this->data['Review']['pid'] = $pid = Sanitize::getInt($this->data['Review'], 'pid', 0); if ($review_id == 0) { $isNew = $this->Review->isNew = true; } else { $isNew = $this->Review->isNew = false; $this->action = '_edit'; } $this->data['Criteria']['id'] = Sanitize::getInt($this->data['Criteria'], 'id', 0); $this->data['Criteria']['state'] = Sanitize::getInt($this->data['Criteria'], 'state', 0); $this->data['Review']['pid'] = Sanitize::getInt($this->data['Review'], 'pid'); $this->data['Review']['email'] = Sanitize::html($this->data['Review'], 'email', '', true); $this->data['Review']['title'] = Sanitize::html($this->data['Review'], 'title', '', true); $this->data['Review']['comments'] = Sanitize::html($this->data['Review'], 'comments', '', true); $this->data['Review']['mode'] = Sanitize::html($this->data['Review'], 'mode', 'com_content', true); # Override configuration $listing_type = $this->Criteria->findRow(array('conditions' => array('Criteria.id = ' . $this->data['Criteria']['id']))); isset($listing_type['ListingType']) and $this->Config->override($listing_type['ListingType']['config']); if ($isNew || !$isNew && !$this->Access->isManager()) { $this->data['Review']['name'] = $this->data['Review']['username'] = Sanitize::html($this->data['Review'], 'name', '', true); } // Check if user allowed to post new review if ($isNew) { if (method_exists($this->Listing, 'getListingOwner')) { $owner = $this->Listing->getListingOwner($this->data['Review']['pid']); if (!$this->Access->canAddReview($owner['user_id'])) { return $this->ajaxUpdatePage('jr_review0Form', __t("You are not allowed to review your own listing.", true)); } } // Get reviewer type, for now editor reviews don't work in Everywhere components $this->data['Review']['author'] = $this->data['Review']['mode'] != 'com_content' ? 0 : (int) $this->Access->isJreviewsEditor($this->_user->id); } else { $currentReview = $this->Review->findRow(array('conditions' => array('Review.id = ' . $review_id)), array()); # Stop form data tampering $formData = $this->data['Review'] + array('criteria_id' => Sanitize::getInt($this->data['Criteria'], 'id')); $formToken = cmsFramework::formIntegrityToken($formData, array_keys($this->formTokenKeys), false); if (!$this->Access->canEditReview($currentReview['User']['user_id']) || !$this->__validateToken($formToken)) { return $this->ajaxError(s2Messages::accessDenied()); } $this->data['Review']['author'] = $currentReview['Review']['editor']; } # If we are in multiple editor review mode, and this editor has already posted an editor review, # he is not allowed to post any kind of review. # if we are in single-editor-review mode, his review will become a user review. if ($isNew && $this->data['Review']['mode'] == 'com_content' && $this->data['Review']['author']) { if ($this->Review->findCount(array('conditions' => array('Review.pid = ' . $this->data['Review']['pid'], 'Review.author = 1', "Review.mode = '" . $this->data['Review']['mode'] . "'", $this->Config->author_review == 2 ? 'Review.userid = ' . $this->_user->id : '1 = 1')))) { if ($this->Config->author_review == 2) { return $this->ajaxUpdatePage('jr_review0Form', __t("You already submitted a review.", true)); } else { $this->data['Review']['author'] = 0; } } } # check for duplicate reviews $is_jr_editor = $this->Access->isJreviewsEditor($this->_user->id); $is_duplicate = false; // It's a guest so we only care about checking the IP address if this feature is not disabled and // server is not localhost if (!$this->_user->id) { if (!$this->Config->review_ipcheck_disable && $this->ipaddress != '127.0.0.1') { // Do the ip address check everywhere except in localhost $is_duplicate = (bool) $this->Review->findCount(array('conditions' => array('Review.pid = ' . $this->data['Review']['pid'], "Review.ipaddress = '{$this->ipaddress}'", "Review.mode = '{$this->data['Review']['mode']}'", "Review.published >= 0"))); } } elseif (!$is_jr_editor && !$this->Config->user_multiple_reviews || $is_jr_editor && $this->Config->author_review == 2) { $is_duplicate = (bool) $this->Review->findCount(array('conditions' => array('Review.pid = ' . $this->data['Review']['pid'], "(Review.userid = {$this->_user->id}" . ($this->ipaddress != '127.0.0.1' && !$this->Config->review_ipcheck_disable && !$is_jr_editor ? " OR Review.ipaddress = '{$this->ipaddress}') " : ')'), "Review.mode = '{$this->data['Review']['mode']}'", "Review.published >= 0"))); } if ($isNew && $is_duplicate) { return $this->ajaxUpdatePage('jr_review0Form', __t("You already submitted a review.", true)); } # Validate standard fields $this->Review->validateInput($this->data['Review']['name'], "name", "text", __t("You must fill in your name.", true), !$this->_user->id && ($this->Config->reviewform_name == 'required' ? true : false)); $this->Review->validateInput($this->data['Review']['email'], "email", "email", __t("You must fill in a valid email address.", true), ($this->Config->reviewform_email == 'required' ? true : false) && !$this->_user->id && $isNew); $this->Review->validateInput($this->data['Review']['title'], "title", "text", __t("You must fill in a title for the review.", true), $this->Config->reviewform_title == 'required' ? true : false); if ($listing_type['Criteria']['state'] == 1) { # Validate rating fields $criteria_qty = $listing_type['Criteria']['quantity']; $ratingErr = 0; if (!isset($this->data['Rating'])) { $ratingErr = $criteria_qty; } else { for ($i = 0; $i < $criteria_qty; $i++) { if (!isset($this->data['Rating']['ratings'][$i]) || (empty($this->data['Rating']['ratings'][$i]) || $this->data['Rating']['ratings'][$i] == 'undefined' || (double) $this->data['Rating']['ratings'][$i] > $this->Config->rating_scale)) { $ratingErr++; } } } $this->Review->validateInput('', "rating", "text", sprintf(__t("You are missing a rating in %s criteria.", true), $ratingErr), $ratingErr); } # Validate custom fields $review_valid_fields = $this->Field->validate($this->data, 'review', $this->Access); $this->Review->validateErrors = array_merge($this->Review->validateErrors, $this->Field->validateErrors); $this->Review->validateInput($this->data['Review']['comments'], "comments", "text", __t("You must fill in your comment.", true), $this->Config->reviewform_comment == 'required' ? true : false); # Validate security code if ($isNew && $this->Access->showCaptcha()) { if (!isset($this->data['Captcha']['code'])) { $this->Review->validateSetError("code", __t("The security code you entered was invalid.", true)); } elseif ($this->data['Captcha']['code'] == '') { $this->Review->validateInput($this->data['Captcha']['code'], "code", "text", __t("You must fill in the security code.", true), 1); } else { if (!$this->Captcha->checkCode($this->data['Captcha']['code'], $this->ipaddress)) { $this->Review->validateSetError("code", __t("The security code you entered was invalid.", true)); } } } # Process validation errors $validation = $this->Review->validateGetErrorArray(); if (!empty($validation)) { if ($isNew && $this->Access->showCaptcha()) { // Replace captcha with new instance $captcha = $this->Captcha->displayCode(); $response[] = "jQuery('.jr_captcha').find('img').attr('src','{$captcha['src']}');"; $response[] = "jQuery('.jr_captcha_code').val('');"; } return $this->ajaxValidation(implode('<br />', $validation), $response); } $savedReview = $this->Review->save($this->data, $this->Access, $review_valid_fields); $review_id = $this->data['Review']['id']; // Error on review save if (Sanitize::getString($savedReview, 'err')) { return $this->ajaxError($savedReview['err']); } // Process moderated actions if ($isNew && $this->Access->moderateReview() && !$this->data['Review']['author'] || !$isNew && ($this->Config->moderation_review_edit && $this->Access->moderateReview()) && !$this->data['Review']['author'] || $isNew && $this->Config->moderation_editor_reviews && $this->data['Review']['author'] || !$isNew && ($this->Config->moderation_editor_review_edit && $this->Config->moderation_editor_reviews && $this->Access->moderateReview()) && $this->data['Review']['author']) { $target_id = $isNew ? 'jr_review0Form' : 'jr_review_' . $review_id; $update_text = __t("Thank you for your submission. It will be published once it is verified.", true); return $this->ajaxUpdatePage($target_id, $update_text, ''); } // Get updated review info for non-moderated actions and plugin callback $fields = array('Criteria.id AS `Criteria.criteria_id`', 'Criteria.criteria AS `Criteria.criteria`', 'Criteria.state AS `Criteria.state`', 'Criteria.tooltips AS `Criteria.tooltips`', 'Criteria.weights AS `Criteria.weights`'); $joins = $this->Listing->joinsReviews; // Triggers the afterFind in the Observer Model $this->EverywhereAfterFind = true; if (isset($this->viewVars['reviews'])) { $review = current($this->viewVars['reviews']); } else { $this->Review->runProcessRatings = true; $review = $this->Review->findRow(array('fields' => $fields, 'conditions' => 'Review.id = ' . $this->data['Review']['id'], 'joins' => $joins), array('afterFind')); } $this->set(array('reviewType' => 'user', 'User' => $this->_user, 'Access' => $this->Access, 'reviews' => array($review['Review']['review_id'] => $review))); $response = array(); $fb_checkbox = Sanitize::getBool($this->data, 'fb_publish'); $facebook_integration = Sanitize::getBool($this->Config, 'facebook_enable') && Sanitize::getBool($this->Config, 'facebook_reviews') && $fb_checkbox; // Process non moderated actions # New user review if ($isNew && !$this->data['Review']['author']) { $remove_class = true; $target_id = 'jr_user_reviews'; $update_text = __t("Thank you for your submission.", true); $update_html = $this->render('reviews', 'reviews'); # Facebook wall integration $token = cmsFramework::getCustomToken($review['Review']['review_id']); $facebook_integration and $response[] = "\n jQuery.get(s2AjaxUri+jreviews.ajax_params()+'&url=facebook/_postReview/id:{$review['Review']['review_id']}&{$token}=1');\n "; return $this->ajaxUpdatePage($target_id, $update_text, $update_html, compact('response', 'remove_class')); } # Edited user review if (!$isNew && !$this->data['Review']['author']) { // Setup vars for post submit effects $target_id = 'jr_review_' . $review_id; $update_text = __t("Your changes were saved.", true); $update_html = $this->render('reviews', 'reviews'); return $this->ajaxUpdatePage($target_id, $update_text, $update_html); } # New editor review if ($isNew && $this->data['Review']['author']) { $target_id = 'jr_review_' . $review_id; $update_text = Sanitize::getInt($review['Criteria'], 'state') != 2 ? __t("Thank you for your submission. Refresh the page to see your review.", true) : __t("Thank you for your submission. Refresh the page to see your comment.", true); # Facebook wall integration $token = cmsFramework::getCustomToken($review['Review']['review_id']); $facebook_integration and $response[] = "\n jQuery.get(s2AjaxUri+jreviews.ajax_params()+'&url=facebook/_postReview/id:{$review['Review']['review_id']}&{$token}=1');\n "; return $this->ajaxUpdatePage($target_id, $update_text, '', compact('response')); } # Edited editor review if (!$isNew && $this->data['Review']['author']) { $target_id = 'jr_review_' . $review_id; $update_text = __t("Your changes were saved, refresh the page to see them.", true); return $this->ajaxUpdatePage($target_id, $update_text); } }
function _save() { /******************************************************************* * This method is processed inside an iframe * To access any of the DOM elements via jQuery it's necessary to prepend * all jQuery calls with $parentFrame (i.e. $parentFrame.jQuery) ********************************************************************/ $this->autoRender = false; $this->autoLayout = false; $response = array(); $parentFrame = 'window.parent'; $validation = ''; $listing_id = Sanitize::getInt($this->data['Listing'], 'id', 0); $isNew = $this->Listing->isNew = $listing_id == 0 ? true : false; $this->data['email'] = Sanitize::getString($this->data, 'email'); $this->data['name'] = Sanitize::getString($this->data, 'name'); $this->data['categoryid_hidden'] = Sanitize::getInt($this->data['Listing'], 'categoryid_hidden'); $cat_id = Sanitize::getVar($this->data['Listing'], 'catid'); $this->data['Listing']['catid'] = is_array($cat_id) ? (int) array_pop(array_filter($cat_id)) : (int) $cat_id; /*J16*/ $this->data['Listing']['title'] = Sanitize::getString($this->data['Listing'], 'title', ''); $this->data['Listing']['created_by_alias'] = Sanitize::getString($this->data, 'name', ''); if ($this->cmsVersion == CMS_JOOMLA15) { $this->data['sectionid_hidden'] = Sanitize::getInt($this->data['Listing'], 'sectionid_hidden'); $this->data['Listing']['sectionid'] = Sanitize::getInt($this->data['Listing'], 'sectionid'); } else { $this->data['Listing']['language'] = '*'; $this->data['Listing']['access'] = 1; } $category_id = $this->data['Listing']['catid'] ? $this->data['Listing']['catid'] : $this->data['categoryid_hidden']; # Get criteria info $criteria = $this->Criteria->findRow(array('conditions' => array('Criteria.id = (SELECT criteriaid FROM #__jreviews_categories WHERE id = ' . (int) $category_id . ' AND `option` = "com_content") '))); if (!$criteria) { $validation = __t("The category selected is invalid.", true, true); $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');"; $response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');"; $response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();"; return $this->makeJS($response); } $this->data['Criteria']['id'] = $criteria['Criteria']['criteria_id']; # Override global configuration isset($criteria['ListingType']) and $this->Config->override($criteria['ListingType']['config']); # Perform access checks if ($isNew && !$this->Access->canAddListing()) { return $this->makeJS("{$parentFrame}.s2Alert('" . __t("You are not allowed to submit listings in this category.", true, true) . "')"); } elseif (!$isNew) { $query = "SELECT created_by FROM #__content WHERE id = " . $listing_id; $this->_db->setQuery($query); $listing_owner = $this->_db->loadResult(); if (!$this->Access->canEditListing($listing_owner)) { return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::accessDenied() . "')"); } } # Load the notifications observer model component and initialize it. # Done here so it only loads on save and not for all controlller actions. $this->components = array('security', 'notifications'); $this->__initComponents(); if ($this->invalidToken == true) { return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::invalidToken() . "')"); } # Override configuration $category = $this->Category->findRow(array('conditions' => array('Category.id = ' . $this->data['Listing']['catid']))); $this->Config->override($category['ListingType']['config']); if ($this->Access->loadWysiwygEditor()) { $this->data['Listing']['introtext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'introtext'))); $this->data['Listing']['fulltext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'fulltext'))); $this->data['Listing']['introtext'] = html_entity_decode($this->data['Listing']['introtext'], ENT_QUOTES, cmsFramework::getCharset()); $this->data['Listing']['fulltext'] = html_entity_decode($this->data['Listing']['fulltext'], ENT_QUOTES, cmsFramework::getCharset()); } else { $this->data['Listing']['introtext'] = Sanitize::stripAll($this->data['Listing'], 'introtext', ''); if (isset($this->data['Listing']['fulltext'])) { $this->data['Listing']['fulltext'] = Sanitize::stripAll($this->data['Listing'], 'fulltext', ''); } else { $this->data['Listing']['fulltext'] = ''; } } $this->data['Listing']['introtext'] = str_replace('<br>', '<br />', $this->data['Listing']['introtext']); $this->data['Listing']['fulltext'] = str_replace('<br>', '<br />', $this->data['Listing']['fulltext']); if ($this->Access->canAddMeta()) { $this->data['Listing']['metadesc'] = Sanitize::getString($this->data['Listing'], 'metadesc'); $this->data['Listing']['metakey'] = Sanitize::getString($this->data['Listing'], 'metakey'); } // Title alias handling $slug = ''; $alias = Sanitize::getString($this->data['Listing'], 'alias'); if ($isNew && $alias == '') { $slug = S2Router::sefUrlEncode($this->data['Listing']['title']); if (trim(str_replace('-', '', $slug)) == '') { $slug = date("Y-m-d-H-i-s"); } } elseif ($alias != '') { // Alias filled in so we convert it to a valid alias $slug = S2Router::sefUrlEncode($alias); if (trim(str_replace('-', '', $slug)) == '') { $slug = date("Y-m-d-H-i-s"); } } $slug != '' and $this->data['Listing']['alias'] = $slug; # Check for duplicates switch ($this->Config->content_title_duplicates) { case 'category': // Checks for duplicates in the same category $query = "\r\n SELECT \r\n count(*) \r\n FROM \r\n #__content AS Listing WHERE Listing.title = " . $this->_db->Quote($this->data['Listing']['title']) . "\r\n AND Listing.state >= 0 \r\n AND Listing.catid = " . $this->data['Listing']['catid'] . (!$isNew ? " AND Listing.id <> " . $listing_id : ''); $this->_db->setQuery($query); $titleExists = $this->_db->loadResult(); break; case 'no': // Checks for duplicates all over the place $query = "\r\n SELECT \r\n count(*) \r\n FROM \r\n #__content AS Listing\r\n WHERE \r\n Listing.title = " . $this->_db->Quote($this->data['Listing']['title']) . "\r\n AND Listing.state >= 0\r\n " . (!$isNew ? " AND Listing.id <> " . $listing_id : ''); $this->_db->setQuery($query); $titleExists = $this->_db->loadResult(); break; case 'yes': // Duplicates are allowed, no checking necessary $titleExists = false; break; } if ($titleExists && $this->data['Listing']['title'] != '') { // if listing exists $validation = '<span>' . __t("A listing with that title already exists.", true, true) . "</span>"; $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');"; $response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');"; $response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();"; return $this->makeJS($response); } // Review form display check logic used several times below $revFormSetting = $this->Config->content_show_reviewform; if ($revFormSetting == 'noteditors' && !$this->Config->author_review) { $revFormSetting = 'all'; } $revFormEnabled = !isset($this->data['review_optional']) && $this->Access->canAddReview() && $isNew && ($revFormSetting == 'all' && ($this->Config->author_review || $this->Config->user_reviews) || $revFormSetting == 'authors' && $this->Access->isJreviewsEditor($this->_user->id) || $revFormSetting == 'noteditors' && !$this->Access->isJreviewsEditor($this->_user->id)); // Validation of content default input fields if ($this->cmsVersion == CMS_JOOMLA15) { if (!$this->data['Listing']['catid'] || !$this->data['Listing']['sectionid']) { $this->Listing->validateSetError("sec_cat", __t("You need to select both a section and a category.", true)); } } else { !$this->data['Listing']['catid'] and $this->Listing->validateSetError("sec_cat", __t("You need to select a category.", true)); } // Validate only if it's a new listing if ($isNew) { if (!$this->_user->id) { $this->Listing->validateInput($this->data['name'], "name", "text", __t("You must fill in your name.", true), $this->Config->content_name == "required" ? 1 : 0); $this->Listing->validateInput($this->data['email'], "email", "email", __t("You must fill in a valid email address.", true), $this->Config->content_email == "required" ? 1 : 0); $this->data['name'] = Sanitize::getString($this->data, 'name', ''); $this->data['email'] = Sanitize::getString($this->data, 'email', ''); } else { $this->data['name'] = $this->_user->name; $this->data['email'] = $this->_user->email; } } $this->Listing->validateInput($this->data['Listing']['title'], "title", "text", __t("You must fill in a title for the new listing.", true, true), 1); # Validate listing custom fields $listing_valid_fields =& $this->Field->validate($this->data, 'listing', $this->Access); $this->Listing->validateErrors = array_merge($this->Listing->validateErrors, $this->Field->validateErrors); $this->Listing->validateInput($this->data['Listing']['introtext'], "introtext", "text", __t("You must fill in a summary for the new listing.", true, true), $this->Config->content_summary == "required" ? 1 : 0); $this->Listing->validateInput($this->data['Listing']['fulltext'], "fulltext", "text", __t("You must fill in a description for the new listing.", true, true), $this->Config->content_description == "required" ? 1 : 0); # Validate review custom fields if ($revFormEnabled && $criteria['Criteria']['state']) { // Review inputs $this->data['Review']['userid'] = $this->_user->id; $this->data['Review']['email'] = $this->data['email']; $this->data['Review']['name'] = $this->data['name']; $this->data['Review']['username'] = Sanitize::getString($this->data, 'name', ''); $this->data['Review']['title'] = Sanitize::getString($this->data['Review'], 'title'); $this->data['Review']['location'] = Sanitize::getString($this->data['Review'], 'location'); // deprecated $this->data['Review']['comments'] = Sanitize::getString($this->data['Review'], 'comments'); // Review standard fields $this->Listing->validateInput($this->data['Review']['title'], "rev_title", "text", __t("You must fill in a title for the review.", true, true), $this->Config->reviewform_title == 'required' ? true : false); if ($criteria['Criteria']['state'] == 1) { $criteria_qty = $criteria['Criteria']['quantity']; $ratingErr = 0; if (!isset($this->data['Rating'])) { $ratingErr = $criteria_qty; } else { for ($i = 0; $i < $criteria_qty; $i++) { if (!isset($this->data['Rating']['ratings'][$i]) || (empty($this->data['Rating']['ratings'][$i]) || $this->data['Rating']['ratings'][$i] == 'undefined' || (double) $this->data['Rating']['ratings'][$i] > $this->Config->rating_scale)) { $ratingErr++; } } } $this->Listing->validateInput('', "rating", "text", sprintf(__t("You are missing a rating in %s criteria.", true, true), $ratingErr), $ratingErr); } // Review custom fields $this->Field->validateErrors = array(); // Clear any previous validation errors $review_valid_fields = $this->Field->validate($this->data, 'review', $this->Access); $this->Listing->validateErrors = array_merge($this->Listing->validateErrors, $this->Field->validateErrors); $this->Listing->validateInput($this->data['Review']['comments'], "comments", "text", __t("You must fill in your comment.", true, true), $this->Config->reviewform_comment == 'required' ? true : false); } // if ($revFormEnabled && $criteria['Criteria']['state']) # Validate image fields $this->Uploads->validateImages(); # Validate Captcha security code if ($isNew && $this->Access->showCaptcha()) { if (!isset($this->data['Captcha']['code'])) { $this->Listing->validateSetError("code", __t("The security code you entered was invalid.", true, true)); } elseif ($this->data['Captcha']['code'] == '') { $this->Listing->validateInput($this->data['Captcha']['code'], "code", "text", __t("You must fill in the security code.", true), 1); } else { if (!$this->Captcha->checkCode($this->data['Captcha']['code'], $this->ipaddress)) { $this->Listing->validateSetError("code", __t("The security code you entered was invalid.", true, true)); } } } # Get all validation messages $validation = $this->Listing->validateGetError() . $this->Uploads->getMsg(); # Validation failed if ($validation != '') { $response[] = "var parentForm = {$parentFrame}.jQuery('#jr_listingForm');"; $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');"; $response[] = "parentForm.find('.button').removeAttr('disabled');"; // Transform textareas into wysiwyg editors if ($this->Access->loadWysiwygEditor()) { App::import('Helper', 'Editor', 'jreviews'); $Editor = new EditorHelper(); $response[] = $parentFrame . '.' . $Editor->transform(true); } // Replace captcha with new instance if ($this->Access->in_groups($this->Config->security_image)) { $captcha = $this->Captcha->displayCode(); $response[] = "{$parentFrame}.jQuery('#captcha').attr('src','{$captcha['src']}');"; $response[] = "{$parentFrame}.jQuery('#jr_captchaCode').val('');"; } $response[] = "parentForm.find('.jr_loadingSmall').hide();"; return $this->makeJS($response); // Can't use ajaxResponse b/c we are in an iframe } # Validation passed, continue... if ($isNew) { $this->data['Listing']['created'] = _CURRENT_SERVER_TIME; //gmdate('Y-m-d H:i:s'); $this->data['Listing']['publish_up'] = _CURRENT_SERVER_TIME; //gmdate('Y-m-d H:i:s'); $this->data['Listing']['created_by'] = $this->_user->id; $this->data['Listing']['publish_down'] = NULL_DATE; $this->data['Field']['Listing']['email'] = $this->data['email']; // If visitor, assign name field to content Alias if (!$this->_user->id) { $this->data['Listing']['created_by_alias'] = $this->data['name']; } // Check moderation settings $this->data['Listing']['state'] = (int) (!$this->Access->moderateListing()); // If listing moderation is enabled, then the review is also moderated if (!$this->data['Listing']['state']) { $this->Config->moderation_reviews = $this->Config->moderation_editor_reviews = $this->Config->moderation_item; } } else { if ($this->Config->moderation_item_edit) { $this->data['Listing']['state'] = (int) (!$this->Access->moderateListing()); } $this->data['Listing']['modified'] = _CURRENT_SERVER_TIME; //gmdate('Y-m-d H:i:s'); $this->data['Listing']['modified_by'] = $this->_user->id; $query = 'SELECT images FROM #__content WHERE id = ' . $this->data['Listing']['id']; $this->_db->setQuery($query); $this->data['Listing']['images'] = $this->_db->loadResult(); // Check total number of images if (!$this->Uploads->checkImageCount($this->data['Listing']['images'])) { $validation .= '<span>' . sprintf(__t("The total number of images is limited to %s", true, true), $this->Config->content_images) . '</span><br />'; $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');"; $response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');"; $response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();"; return $this->makeJS($response); } } // Process images and update data array if ($this->Uploads->success) { $imageUploadPath = PATH_ROOT . _JR_PATH_IMAGES . 'jreviews' . DS; $this->Uploads->uploadImages($this->data['Listing']['id'], $imageUploadPath); if ($isNew) { // New item $currImages = $this->Uploads->images; } elseif ($this->data['Listing']['images'] != '') { // Editing and there are existing images $currImages = array_merge(explode("\n", $this->data['Listing']['images']), $this->Uploads->images); } else { // Editing and there are no existing images $currImages = $this->Uploads->images; } $this->data['Listing']['images'] = implode("\n", $currImages); } # Save listing $savedListing = $this->Listing->store($this->data); $listing_id = $this->data['Listing']['id']; if (!$savedListing) { $validation .= __t("The was a problem saving the listing", true, true); } // Error on listing save if ($validation != '') { $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');"; $response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');"; $response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();"; return $this->makeJS($response); } # Save listing custom fields $this->data['Field']['Listing']['contentid'] = $this->data['Listing']['id']; $this->Field->save($this->data, 'listing', $isNew, $listing_valid_fields); # Begin insert review in table if ($revFormEnabled && $criteria['Criteria']['state']) { // Get reviewer type, for now editor reviews don't work in Everywhere components $this->data['Review']['author'] = (int) $this->Access->isJreviewsEditor($this->_user->id); $this->data['Review']['mode'] = 'com_content'; $this->data['Review']['pid'] = (int) $this->data['Listing']['id']; // Force plugin loading on Review model $this->_initPlugins('Review'); $this->Review->isNew = true; $savedReview = $this->Review->save($this->data, $this->Access, $review_valid_fields); } # Before render callback if ($isNew && isset($this->Listing->plgBeforeRenderListingSaveTrigger)) { $plgBeforeRenderListingSave = $this->Listing->plgBeforeRenderListingSave(); switch ($plgBeforeRenderListingSave) { case '0': $this->data['Listing']['state'] = 1; break; case '1': $this->data['Listing']['state'] = 0; break; case '': break; default: return $plgBeforeRenderListingSave; break; } } # Moderation disabled if (!isset($this->data['Listing']['state']) || $this->data['Listing']['state']) { $fields = array('Criteria.criteria AS `Criteria.criteria`', 'Criteria.tooltips AS `Criteria.tooltips`'); $listing = $this->Listing->findRow(array('fields' => $fields, 'conditions' => array('Listing.id = ' . $listing_id)), array('afterFind')); # Facebook wall integration $fb_checkbox = Sanitize::getBool($this->data, 'fb_publish'); $facebook_integration = Sanitize::getBool($this->Config, 'facebook_enable') && Sanitize::getBool($this->Config, 'facebook_listings') && $fb_checkbox; $token = cmsFramework::getCustomToken($listing_id); $facebook_integration and $response[] = $parentFrame . '.jQuery.get(' . $parentFrame . '.s2AjaxUri+' . $parentFrame . '.jreviews.ajax_params()+\'&url=facebook/_postListing/id:' . $listing_id . '&' . $token . '=1\'); '; $url = cmsFramework::route($listing['Listing']['url']); $update_text = $isNew ? __t("Thank you for your submission.", true, true) : __t("The listing was successfully saved.", true, true); //JOEYG CODE //THE FOLLOWING GETS THE LISTING TYPE FROM THE DB FOR THE NEWLY SAVED LISTING //IF THE TYPE IS BUSINESS PROFILE OR PROJECT LISTING THEN DISPLAY THE after_submit.thtml file //ELSE DISPLAY NORMAL MESSAGE //IF WE ONLY WANT TO ADD THE after_submit.thtml if the listing is new then add if ($isNew) { $query = "SELECT `listing_type` FROM `jos_vpbd_content_criteria` WHERE `jos_vpbd_content_criteria`.`listing_id` = " . $this->data['Listing']['id']; $this->_db->setQuery($query); $jg_listing_type = $this->_db->loadResult(); if ($jg_listing_type == 2 || $jg_listing_type == 7) { $update_html = $this->render('listings', 'after_submit'); } else { $update_html = "<a href=\"{$url}\">" . __t("Click here to view your listing", true) . "</a>"; } //ends if/else } else { //not new $update_html = "<a href=\"{$url}\">" . __t("Click here to view your listing", true) . "</a>"; } //ends if($isNew) //ENDS JOEYG ALTER CODE $jsonObject = json_encode(compact('target_id', 'update_text', 'update_html')); $response[] = ' var $parentForm = ' . $parentFrame . '.jQuery(\'#jr_listingForm\'); $parentForm.scrollTo({duration:400,offset:-100}); $parentForm.s2ShowUpdate(' . $jsonObject . '); '; return $this->makeJS($response); } # Moderation enabled $update_text = __t("Thank you for your submission. It will be published once it is verified.", true); $update_html = '<div id=\\"s2Msgjr_listingForm\\" class=\\"jr_postUpdate\\">' . $update_text . '</div>'; $response[] = ' var $parentForm = ' . $parentFrame . '.jQuery(\'#jr_listingForm\'); $parentForm.scrollTo({duration:400,offset:-100},function(){ $parentForm.fadeOut(250,function(){$parentForm.html("' . $update_html . '").show();}); }); '; return $this->makeJS($response); }
function _send() { $recipient = ''; $error = array(); $response = array(); $this->components = array('security'); $this->__initComponents(); if ($this->invalidToken) { $error[] = 'jQuery("#jr_inquiryTokenValidation").show();'; return json_encode(array('error' => $this->makeJS($error))); } $listing_id = Sanitize::getInt($this->data['Inquiry'], 'listing_id'); $overrides = $this->Criteria->getListingTypeOverridesByListingId($listing_id); if (!$listing_id || !$this->Config->getOverride('inquiry_enable', $overrides)) { return $this->ajaxError(s2Messages::accessDenied()); } // Required fields $fields = array('name', 'email', 'text'); // $fields = array('name','email','phone','text'); foreach ($fields as $id) { $input_id = '#jr_inquiry' . Inflector::camelize($id) . 'Validation'; if ($this->data['Inquiry'][$id] == '') { $error[] = 'jQuery("' . $input_id . '").show();'; } else { $reponse[] = 'jQuery("' . $input_id . '").hide();'; } } # Validate user's email $this->Listing->validateInput($this->data['Inquiry']['email'], "email", "email", __t("You must fill in a valid email address.", true), 1); # Validate security code if ($this->Access->showCaptcha()) { if (!isset($this->data['Captcha']['code'])) { $this->Listing->validateSetError("code", __t("The security code you entered was invalid.", true)); } elseif ($this->data['Captcha']['code'] == '') { $this->Listing->validateSetError("code", __t("You must fill in the security code.", true)); } else { if (!$this->Captcha->checkCode($this->data['Captcha']['code'], $this->ipaddress)) { $this->Listing->validateSetError("code", __t("The security code you entered was invalid.", true)); } } } # Process validation errors $validation = $this->Listing->validateGetErrorArray(); $validation = is_array($validation) ? implode("<br />", $validation) : ''; if (!empty($error) || $validation != '') { if ($this->Access->showCaptcha()) { // Replace captcha with new instance $captcha = $this->Captcha->displayCode(); $error[] = "jQuery('.jr_captcha').find('img').attr('src','{$captcha['src']}');"; $error[] = "jQuery('.jr_captcha_code').val('');"; } if ($validation != '') { $error[] = "jQuery('#jr_inquiryCodeValidation').html('{$validation}').show();"; } return json_encode(array('error' => $this->makeJS($error))); } // Now we can send the email # Read cms mail config settings $configSendmailPath = cmsFramework::getConfig('sendmail'); $configSmtpAuth = cmsFramework::getConfig('smtpauth'); $configSmtpUser = cmsFramework::getConfig('smtpuser'); $configSmtpPass = cmsFramework::getConfig('smtppass'); $configSmtpHost = cmsFramework::getConfig('smtphost'); $configSmtpSecure = cmsFramework::getConfig('smtpsecure'); $configSmtpPort = cmsFramework::getConfig('smtpport'); $configMailFrom = cmsFramework::getConfig('mailfrom'); $configFromName = cmsFramework::getConfig('fromname'); $configMailer = cmsFramework::getConfig('mailer'); # Get the recipient email Configure::write('Cache.query', false); $listing = $this->Listing->findRow(array('fields' => array('User.email AS `Listing.email`'), 'conditions' => array('Listing.id = ' . (int) $this->data['Inquiry']['listing_id']))); $url = cmsFramework::makeAbsUrl($listing['Listing']['url'], array('sef' => true)); $link = '<a href="' . $url . '">' . $listing['Listing']['title'] . '</a>'; switch ($this->Config->inquiry_recipient) { case 'owner': $recipient = Sanitize::getString($listing['Listing'], 'email'); break; case 'admin': $recipient = $configMailFrom; break; case 'field': if (isset($listing['Field']['pairs'][$this->Config->inquiry_field])) { $recipient = $listing['Field']['pairs'][$this->Config->inquiry_field]['value'][0]; } break; } if ($recipient == '') { $recipient = $configMailFrom; } if (!class_exists('PHPMailer')) { App::import('Vendor', 'phpmailer' . DS . 'class.phpmailer'); } $mail = new PHPMailer(); $mail->CharSet = cmsFramework::getCharset(); $mail->SetLanguage('en', S2_VENDORS . 'phpmailer' . DS . 'language' . DS); $mail->Mailer = $configMailer; // Mailer used mail,sendmail,smtp switch ($configMailer) { case 'smtp': $mail->Host = $configSmtpHost; $mail->SMTPAuth = $configSmtpAuth; $mail->Username = $configSmtpUser; $mail->Password = $configSmtpPass; $mail->SMTPSecure = $configSmtpSecure != '' ? $configSmtpSecure : ''; $mail->Port = $configSmtpPort; break; case 'sendmail': $mail->Sendmail = $configSendmailPath; break; default: break; } $mail->isHTML(true); $mail->From = $configMailFrom; $mail->FromName = $configFromName; $mail->addReplyTo(Sanitize::getString($this->data['Inquiry'], 'email')); $mail->AddAddress($recipient); $mail->Subject = sprintf(__t("New inquiry for: %s", true), $listing['Listing']['title']); $mail->Body = sprintf(__t("From: %s", true), Sanitize::getString($this->data['Inquiry'], 'name')) . "<br />"; $mail->Body .= sprintf(__t("Email: %s", true), Sanitize::getString($this->data['Inquiry'], 'email')) . "<br />"; // $mail->Body .= sprintf(__t("Phone number: %s",true),Sanitize::getString($this->data['Inquiry'],'phone')) . "<br />"; $mail->Body .= sprintf(__t("Listing: %s", true), $listing['Listing']['title']) . "<br />"; $mail->Body .= sprintf(__t("Listing link: %s", true), $link) . "<br />"; $mail->Body .= $this->data['Inquiry']['text']; if (!$mail->Send()) { unset($mail); $error[] = 'jQuery("#jr_inquiryTokenValidation").show();'; return json_encode(array('error' => $this->makeJS($error))); } $mail->ClearAddresses(); $bccAdmin = $this->Config->inquiry_bcc; if ($bccAdmin != '' && $bccAdmin != $recipient) { $mail->AddAddress($bccAdmin); $mail->Send(); } unset($mail); return json_encode(array('error' => $this->makeJS($response), 'html' => true)); }
function _postVote() { # Check if FB integration for reviews is enabled $facebook_integration = Sanitize::getBool($this->Config, 'facebook_enable') && Sanitize::getBool($this->Config, 'facebook_reviews'); if (!$facebook_integration) { return; } $review_id = Sanitize::getInt($this->params, 'id'); # First check - review id if (!$review_id) { return; } # Stop form data tampering $formToken = cmsFramework::getCustomToken($review_id); if (!cmsFramework::isAdmin() && !$this->__validateToken($formToken)) { return s2Messages::accessDenied(); } $facebook = $this->_getFBClass(); # Second check - FB session if ($fbsession = $facebook->getSession()) { try { //get user id $uid = $facebook->getUser(); $user = $facebook->api('/me'); $fql = "SELECT publish_stream FROM permissions WHERE uid = " . $uid; $param = array('method' => 'fql.query', 'query' => $fql, 'callback' => ''); $fqlResult = $facebook->api($param); if (!$fqlResult[0]['publish_stream']) { return false; } else { $review = $this->Review->findRow(array('conditions' => array('Review.id = ' . $review_id)), array()); $this->Everywhere->loadListingModel($this, $review['Review']['extension']); $listing = $this->Listing->findRow(array('conditions' => array('Listing.' . $this->Listing->realKey . ' = ' . $review['Review']['listing_id'])), array('afterFind')); $listing_url = $this->makeUrl($listing['Listing']['url']); $review['Review']['comments'] = strip_tags($review['Review']['comments']); if ($this->Config->facebook_posts_trim >= 0) { App::import('Helper', 'text', 'jreviews'); $Text = ClassRegistry::getClass('TextHelper'); $review['Review']['comments'] = $Text->truncateWords($review['Review']['comments'], $this->Config->facebook_posts_trim); } # Publish stream permission granted so we can post on the user's wall! # Begin building the stream $fbArray $fbArray = array(); $fbArray['method'] = 'stream.publish'; $fbArray['message'] = sprintf($this->activities['vote helpful'], $listing['Listing']['title']); $fbArray['attachment'] = array('name' => $listing['Listing']['title'], 'href' => $listing_url, 'description' => $review['Review']['comments']); $fbArray['attachment']['properties'][__t("Website", true)] = array('text' => cmsFramework::getConfig('sitename'), 'href' => WWW_ROOT); $review['Rating']['average_rating'] > 0 and $fbArray['attachment']['properties'][__t("Rating", true)] = sprintf(__t("%s stars", true), round($review['Rating']['average_rating'], 1)); isset($listing['Listing']['images'][0]) and $fbArray['attachment']['media'] = array(array('type' => 'image', 'src' => WWW_ROOT . _JR_WWW_IMAGES . $listing['Listing']['images'][0]['path'], 'href' => $listing_url)); $fbArray['attachment'] = json_encode($fbArray['attachment']); $fbArray['action_links'] = json_encode(array(array('text' => __t("Read review", true), 'href' => $listing_url))); $fbArray['comments_xid'] = $listing['Listing']['listing_id']; if ($this->Config->facebook_optout) { return "FB.ui(" . json_encode($fbArray) . ")"; } $fb_update = $facebook->api($fbArray); return true; } } catch (Exception $o) { // Error reading permissions return false; } } return false; }