/** * Send an email to feedback email address * * Expected fields: * - client_id * - client_secret * - name * - email * - subject * - comment * * @param Request $request * @param PDO $db * * @return void */ public function contact($request, $db) { // only trusted clients can contact us to save on spam $clientId = $request->getParameter('client_id'); $clientSecret = $request->getParameter('client_secret'); $this->oauthModel = $request->getOauthModel($db); if (!$this->oauthModel->isClientPermittedPasswordGrant($clientId, $clientSecret)) { throw new Exception("This client cannot perform this action", 403); } $fields = ['name', 'email', 'subject', 'comment']; $error = []; foreach ($fields as $name) { $value = $request->getParameter($name); if (empty($value)) { $error[] = "'{$name}'"; } $data[$name] = $value; } if (!empty($error)) { $message = 'The field'; $message .= count($error) == 1 ? ' ' : 's '; $message .= implode(', ', $error); $message .= count($error) == 1 ? ' is ' : ' are '; $message .= 'required.'; throw new Exception($message, 400); } // run it by akismet if we have it if (isset($this->config['akismet']['apiKey'], $this->config['akismet']['blog'])) { $spamCheckService = new SpamCheckService($this->config['akismet']['apiKey'], $this->config['akismet']['blog']); $isValid = $spamCheckService->isCommentAcceptable($data['comment'], $request->getClientIP(), $request->getClientUserAgent()); if (!$isValid) { throw new Exception("Comment failed spam check", 400); } } $emailService = new ContactEmailService($this->config); $emailService->sendEmail($data); header("Content-Length: 0", null, 202); exit; }
public function createComment($request, $db) { $comment = array(); $comment['event_id'] = $this->getItemId($request); if (empty($comment['event_id'])) { throw new Exception("POST expects a comment representation sent to a specific event URL", 400); } // no anonymous comments over the API if (!isset($request->user_id) || empty($request->user_id)) { throw new Exception('You must log in to comment'); } $user_mapper = new UserMapper($db, $request); $users = $user_mapper->getUserById($request->user_id); $thisUser = $users['users'][0]; $rating = $request->getParameter('rating', false); if (false === $rating) { throw new Exception('The field "rating" is required', 400); } elseif (false === is_numeric($rating) || $rating > 5) { throw new Exception('The field "rating" must be a number (1-5)', 400); } $commentText = $request->getParameter('comment'); if (empty($commentText)) { throw new Exception('The field "comment" is required', 400); } // Get the API key reference to save against the comment $oauth_model = $request->getOauthModel($db); $consumer_name = $oauth_model->getConsumerName($request->getAccessToken()); $comment['user_id'] = $request->user_id; $comment['comment'] = $commentText; $comment['rating'] = $rating; $comment['cname'] = $thisUser['full_name']; $comment['source'] = $consumer_name; // run it by akismet if we have it if (isset($this->config['akismet']['apiKey'], $this->config['akismet']['blog'])) { $spamCheckService = new SpamCheckService($this->config['akismet']['apiKey'], $this->config['akismet']['blog']); $isValid = $spamCheckService->isCommentAcceptable($comment, $request->getClientIP(), $request->getClientUserAgent()); if (!$isValid) { throw new Exception("Comment failed spam check", 400); } } $event_mapper = new EventMapper($db, $request); $comment_mapper = new EventCommentMapper($db, $request); // should rating be allowed? if ($comment_mapper->hasUserRatedThisEvent($comment['user_id'], $comment['event_id'])) { $comment['rating'] = 0; } if ($event_mapper->isUserAHostOn($comment['user_id'], $comment['event_id'])) { // event hosts cannot rate their own event $comment['rating'] = 0; } try { $new_id = $comment_mapper->save($comment); } catch (Exception $e) { // just throw this again but with a 400 status code throw new Exception($e->getMessage(), 400); } // Update the cache count for the number of event comments on this event $event_mapper->cacheCommentCount($comment['event_id']); $uri = $request->base . '/' . $request->version . '/event_comments/' . $new_id; header("Location: " . $uri, null, 201); exit; }
public function postAction($request, $db) { if (!isset($request->user_id)) { throw new Exception("You must be logged in to create data", 400); } $talk_id = $this->getItemId($request); if (isset($request->url_elements[4])) { switch ($request->url_elements[4]) { case "comments": $comment = $request->getParameter('comment'); if (empty($comment)) { throw new Exception('The field "comment" is required', 400); } $rating = $request->getParameter('rating'); if (empty($rating)) { throw new Exception('The field "rating" is required', 400); } $private = $request->getParameter('private') ? 1 : 0; // Get the API key reference to save against the comment $oauth_model = $request->getOauthModel($db); $consumer_name = $oauth_model->getConsumerName($request->getAccessToken()); $talk_mapper = new TalkMapper($db, $request); $comment_mapper = new TalkCommentMapper($db, $request); $data['user_id'] = $request->user_id; $data['talk_id'] = $talk_id; $data['comment'] = $comment; $data['rating'] = $rating; $data['private'] = $private; $data['source'] = $consumer_name; try { // run it by akismet if we have it if (isset($this->config['akismet']['apiKey'], $this->config['akismet']['blog'])) { $spamCheckService = new SpamCheckService($this->config['akismet']['apiKey'], $this->config['akismet']['blog']); $isValid = $spamCheckService->isCommentAcceptable($data, $request->getClientIP(), $request->getClientUserAgent()); if (!$isValid) { throw new Exception("Comment failed spam check", 400); } } // should rating be allowed? if ($comment_mapper->hasUserRatedThisTalk($data['user_id'], $data['talk_id'])) { $data['rating'] = 0; } if ($talk_mapper->isUserASpeakerOnTalk($data['talk_id'], $data['user_id'])) { // speakers cannot cannot rate their own talk $data['rating'] = 0; } $new_id = $comment_mapper->save($data); } catch (Exception $e) { // just throw this again but with a 400 status code throw new Exception($e->getMessage(), 400); } if ($new_id) { $comment = $comment_mapper->getCommentById($new_id); $talk = $talk_mapper->getTalkById($talk_id); $speakers = $talk_mapper->getSpeakerEmailsByTalkId($talk_id); $recipients = array(); foreach ($speakers as $person) { $recipients[] = $person['email']; } $emailService = new TalkCommentEmailService($this->config, $recipients, $talk, $comment); $emailService->sendEmail(); $uri = $request->base . '/' . $request->version . '/talk_comments/' . $new_id; header("Location: " . $uri, true, 201); exit; } else { throw new Exception("The comment could not be stored", 400); } break; case 'starred': // the body of this request is completely irrelevant // The logged in user *is* attending the talk. Use DELETE to unattend $talk_mapper = new TalkMapper($db, $request); $talk_mapper->setUserStarred($talk_id, $request->user_id); header("Location: " . $request->base . $request->path_info, null, 201); exit; default: throw new Exception("Operation not supported, sorry", 404); } } else { throw new Exception("method not supported - sorry"); } }