Пример #1
0
 function executeCmd()
 {
     global $mainframe;
     $cmd = strtolower(JCommentsInput::getVar('cmd', ''));
     $hash = JCommentsInput::getVar('hash', '');
     $id = (int) JCommentsInput::getVar('id', 0);
     $error = '';
     $link = $mainframe->getCfg('live_site') . '/index.php';
     $checkHash = JCommentsFactory::getCmdHash($cmd, $id);
     if ($hash == $checkHash) {
         $config =& JCommentsFactory::getConfig();
         if ($config->getInt('enable_quick_moderation') == 1) {
             $dbo =& JCommentsFactory::getDBO();
             $comment = new JCommentsDB($dbo);
             if ($comment->load($id)) {
                 $link = JCommentsObjectHelper::getLink($comment->object_id, $comment->object_group);
                 $link = str_replace('&', '&', $link);
                 switch ($cmd) {
                     case 'publish':
                         $comment->published = 1;
                         $comment->store();
                         $link .= '#comment-' . $comment->id;
                         break;
                     case 'unpublish':
                         $comment->published = 0;
                         $comment->store();
                         $acl =& JCommentsFactory::getACL();
                         if ($acl->canPublish()) {
                             $link .= '#comment-' . $comment->id;
                         } else {
                             $link .= '#comments';
                         }
                         break;
                     case 'delete':
                         $comment->delete();
                         $link .= '#comments';
                         break;
                 }
             }
         } else {
             $error = JText::_('Quick moderation function is disabled by administrator!');
         }
     } else {
         $error = JText::_('Incorrect hash for this operation!');
     }
     JCommentsRedirect($link, $error);
 }
Пример #2
0
 function reportComment()
 {
     if (JCommentsSecurity::badRequest() == 1) {
         JCommentsSecurity::notAuth();
     }
     $acl =& JCommentsFactory::getACL();
     $db =& JCommentsFactory::getDBO();
     $config =& JCommentsFactory::getConfig();
     $response =& JCommentsFactory::getAjaxResponse();
     $values = JCommentsAJAX::prepareValues($_POST);
     $id = (int) $values['commentid'];
     $reason = trim(strip_tags($values['reason']));
     $name = trim(strip_tags($values['name']));
     $ip = $acl->getUserIP();
     if ($reason == '') {
         JCommentsAJAX::showErrorMessage(JText::_('Please enter the reason for your report!'), '', 'comments-report-form');
         return $response;
     }
     $query = 'SELECT COUNT(*) FROM `#__jcomments_reports` WHERE commentid = ' . $id;
     if ($acl->getUserId()) {
         $query .= ' AND userid = ' . $acl->getUserId();
     } else {
         $query .= ' AND ip = "' . $ip . '"';
     }
     $db->setQuery($query);
     $reported = $db->loadResult();
     if (!$reported) {
         $query = 'SELECT COUNT(*) FROM `#__jcomments_reports` WHERE commentid = ' . $id;
         $db->setQuery($query);
         $reported = $db->loadResult();
         if (!$reported) {
             $comment = new JCommentsDB($db);
             if ($comment->load($id)) {
                 if ($acl->canReport($comment)) {
                     $allowed = true;
                     if ($config->getInt('enable_mambots') == 1) {
                         require_once JCOMMENTS_HELPERS . DS . 'plugin.php';
                         JCommentsPluginHelper::importPlugin('jcomments');
                         JCommentsPluginHelper::trigger('onReportComment', array(&$comment, &$response, &$allowed, &$value));
                     }
                     if ($allowed !== false) {
                         if ($acl->getUserId()) {
                             $user = JCommentsFactory::getUser();
                             $name = $user->name;
                         } else {
                             if ($name == '') {
                                 $name = JText::_('Guest');
                             }
                         }
                         $query = "INSERT INTO `#__jcomments_reports`(`commentid`,`userid`, `name`,`ip`,`date`,`reason`)" . "VALUES('" . $comment->id . "', '" . $acl->getUserId() . "', '" . $db->getEscaped($name) . "', '" . $db->getEscaped($ip) . "', now(), '" . $db->getEscaped($reason) . "')";
                         $db->setQuery($query);
                         $db->query();
                         if ($config->getInt('enable_notification') == 1) {
                             if ($config->check('notification_type', 2)) {
                                 $comment->datetime = $comment->date;
                                 if (is_string($comment->datetime)) {
                                     $comment->datetime = strtotime($comment->datetime);
                                 }
                                 JComments::sendReport($comment, $name, $reason);
                             }
                         }
                         $html = JText::_('Report successfully sent!');
                         $html = str_replace("\n", '\\n', $html);
                         $html = str_replace('\\n', '<br />', $html);
                         $html = JCommentsText::jsEscape($html);
                         $response->addScript("jcomments.closeReport('{$html}');");
                     }
                 } else {
                     JCommentsAJAX::showErrorMessage(JText::_('You have no rights to report comment!'), '', 'comments-report-form');
                 }
             } else {
                 $response->addAlert(JText::_('ERROR_NOT_FOUND'));
             }
             unset($comment);
         } else {
             JCommentsAJAX::showErrorMessage(JText::_('Comment already reported to the site administrator'), '', 'comments-report-form');
         }
     } else {
         JCommentsAJAX::showErrorMessage(JText::_('You can\'t report the same comment more than once!'), '', 'comments-report-form');
     }
     return $response;
 }
Пример #3
0
 function save()
 {
     $task = JCommentsInput::getVar('task');
     $id = (int) JCommentsInput::getVar('id', 0);
     $bbcode =& JCommentsFactory::getBBCode();
     $db =& JCommentsFactory::getDBO();
     $row = new JCommentsDB($db);
     if ($row->load($id)) {
         $row->homepage = trim(strip_tags(JCommentsInput::getVar('homepage')));
         $row->email = trim(strip_tags(JCommentsInput::getVar('email')));
         $row->title = trim(strip_tags(JCommentsInput::getVar('title')));
         $row->comment = JCommentsInput::getVar('comment');
         $row->published = (int) JCommentsInput::getVar('published');
         if ($row->userid == 0) {
             $row->name = strip_tags(JCommentsInput::getVar('name'));
             $row->name = preg_replace("/[\\'\"\\>\\<\\(\\)\\[\\]]?+/i", '', $row->name);
             if ($row->username != $row->name) {
                 $row->username = $row->name;
             }
             $row->username = preg_replace("/[\\'\"\\>\\<\\(\\)\\[\\]]?+/i", '', $row->username);
         } else {
             if ($row->name == '' || $row->username == '' || $row->email == '') {
                 $user = JCommentsFactory::getUser($row->userid);
                 $row->name = $row->name == '' ? $user->name : $row->name;
                 $row->username = $row->username == '' ? $user->username : $row->username;
                 $row->email = $row->email == '' ? $user->email : $row->email;
             }
         }
         // handle magic quotes compatibility
         if (get_magic_quotes_gpc() == 1) {
             $row->title = stripslashes($row->title);
             $row->comment = stripslashes($row->comment);
         }
         $row->comment = JCommentsText::nl2br($row->comment);
         $row->comment = $bbcode->filter($row->comment);
         $row->store();
         $row->checkin();
         JCommentsCache::cleanCache('com_jcomments');
         JCommentsCache::cleanCache($row->object_group);
     }
     switch ($task) {
         case 'apply':
             JCommentsRedirect(JCOMMENTS_INDEX . '?option=com_jcomments&task=edit&hidemainmenu=1&cid[]=' . $row->id);
             break;
         case 'save':
         default:
             JCommentsRedirect(JCOMMENTS_INDEX . '?option=com_jcomments&task=comments');
             break;
     }
 }