}
}
if ($values->title != '') {
if ($sep == 1) {
$gbPosts .= ' From ';
}
$gbPosts .= PhocaguestbookHelper::wordDelete($values->title, 100, '...');
}
if ($this->tmpl['display_website'] != 0) {
if ($values->homesite != '') {
if ($values->title == '' && $values->email == '' && $values->username == '') {
$gbPosts .= '';
} else {
$gbPosts .= ' <br />';
}
$gbPosts .= ' <span><a href="' . $values->homesite . '">' . PhocaguestbookHelper::wordDelete($values->homesite, 50, '...') . '</a></span>';
}
}
$gbPosts .= '</h4>';
// SECURITY
// Open a tag protection
$a_count = substr_count(strtolower($values->content), "<a");
$a_end_count = substr_count(strtolower($values->content), "</a>");
$quote_count = substr_count(strtolower($values->content), "\"");
if ($quote_count % 2 != 0) {
$end_quote = "\"";
// close the " if it is open
} else {
$end_quote = "";
}
if ($a_count > $a_end_count) {
echo $row->title;
?>
</a>
<?php
}
?>
</td>
<td align="center"><?php
echo $row->username;
?>
</td>
<td align="left"><?php
$row->content = JFilterOutput::cleanText(strip_tags($row->content));
echo PhocaguestbookHelper::wordDelete($row->content, 60, '...');
?>
</td>
<td align="center"><?php
echo $row->ip;
?>
</td>
<td align="center"><?php
echo $published;
?>
</td>
<td class="order">
<span><?php
echo $this->pagination->orderUpIcon($i, $row->catid == @$this->items[$i - 1]->catid, 'orderup', 'Move Up', $ordering);
function sendPhocaGuestbookMail($id, $post, $url)
{
global $mainframe;
$db = JFactory::getDBO();
$sitename = $mainframe->getCfg('sitename');
//get all super administrator
$query = 'SELECT name, email, sendEmail' . ' FROM #__users' . ' WHERE id = ' . (int) $id;
$db->setQuery($query);
$rows = $db->loadObjectList();
if (isset($post['title']) && $post['title'] != '') {
$subject = $sitename . ' (' . JText::_('New Phoca Guestbook Item') . '): ' . PhocaguestbookHelper::wordDelete($post['title'], 25, '...');
$title = $post['title'];
} else {
$subject = $sitename . " (" . JText::_('New Phoca Guestbook Item') . ')';
$title = $post['title'];
}
if (isset($post['username']) && $post['username'] != '') {
$fromname = $post['username'];
} else {
$fromname = JText::_('Guest');
}
if (isset($post['email']) && $post['email'] != '') {
$mailfrom = $post['email'];
} else {
$mailfrom = $rows[0]->email;
}
if (isset($post['content']) && $post['content'] != '') {
$content = $post['content'];
} else {
$content = "...";
}
$email = $rows[0]->email;
$post['content'] = str_replace("</p>", "\n", $post['content']);
$post['content'] = strip_tags($post['content']);
$message = JText::_('New Phoca Guestbook item saved') . "\n\n" . JText::_('Website') . ': ' . $sitename . "\n" . JText::_('From') . ': ' . $fromname . "\n" . JText::_('Date') . ': ' . JHTML::_('date', gmdate('Y-m-d H:i:s'), JText::_('DATE_FORMAT_LC2')) . "\n\n" . JText::_('Title') . ': ' . $title . "\n" . JText::_('Message') . ': ' . "\n" . "\n\n" . PhocaguestbookHelper::wordDelete($post['content'], 400, '...') . "\n\n" . "\n\n" . JText::_('Click the link') . "\n" . $url . "\n\n" . JText::_('Regards') . ", \n" . $sitename . "\n";
$subject = html_entity_decode($subject, ENT_QUOTES);
$message = html_entity_decode($message, ENT_QUOTES);
JUtility::sendMail($mailfrom, $fromname, $email, $subject, $message);
return true;
}
if ($sep == 1) {
$msgpg .= ' ';
$msgpg .= '( ' . JHTML::_('email.cloak', PhocaguestbookHelper::wordDelete($values->email, 35, '...')) . ' )';
$sep = 1;
} else {
$msgpg .= JHTML::_('email.cloak', PhocaguestbookHelper::wordDelete($values->email, 35, '...'));
$sep = 1;
}
}
}
if ($values->title != '') {
if ($values->title != '') {
if ($sep == 1) {
$msgpg .= ': ';
}
$msgpg .= PhocaguestbookHelper::wordDelete($values->title, 40, '...');
}
}
// SECURITY
// Open a tag protection
$a_count = substr_count(strtolower($values->content), "<a");
$a_end_count = substr_count(strtolower($values->content), "</a>");
$quote_count = substr_count(strtolower($values->content), "\"");
if ($quote_count % 2 != 0) {
$end_quote = "\"";
// close the " if it is open
} else {
$end_quote = "";
}
if ($a_count > $a_end_count) {
$end_a = "></a>";
function display($tpl = null)
{
global $mainframe;
$pathway =& $mainframe->getPathway();
$document =& JFactory::getDocument();
$uri =& JFactory::getURI();
$user =& JFactory::getUser();
JHTML::stylesheet('phocaguestbook.css', 'components/com_phocaguestbook/assets/');
$administrator = 0;
if (strtolower($user->usertype) == strtolower('super administrator') || $user->usertype == strtolower('administrator')) {
$administrator = 1;
}
// Get the parameters of the active menu item
$menus =& JSite::getMenu();
$menu = $menus->getActive();
$params =& $mainframe->getParams();
//PARAMS
$tmpl = array();
$tmpl['captchamethod'] = $params->get('captcha_method', 0);
$tmpl['enableeditor'] = $params->get('enable_editor', 1);
$tmpl['tablewidth'] = $params->get('table_width', 400);
$tmpl['editorwidth'] = $params->get('editor_width', 400);
$tmpl['editorheight'] = $params->get('editor_height', 200);
$tmpl['displayform'] = $params->get('display_form', 1);
$tmpl['df'] = $params->get('df', 1);
$tmpl['date_format'] = $params->get('date_format', 'DATE_FORMAT_LC');
switch ($tmpl['date_format']) {
case 1:
$tmpl['date_format'] = '%d. %B %Y';
break;
case 2:
$tmpl['date_format'] = '%d/%m/%y';
break;
case 3:
$tmpl['date_format'] = '%d. %m. %Y';
break;
}
$document->addCustomTag(PhocaguestbookHelper::setCaptchaReloadJS());
if ($tmpl['enableeditor'] == 1) {
$document->addCustomTag(PhocaguestbookHelper::setTinyMCEJS());
$document->addCustomTag(PhocaguestbookHelper::displaySimpleTinyMCEJS());
}
//-----------------------------------------------------------------------------------------------
// Fill the form in case, you get data from post (e.g. user send data, but with no valid captcha
// We send him back to the form but without lossing data
$post = JRequest::get('post');
$post['content'] = JRequest::getVar('pgbcontent', '', 'post', 'string', JREQUEST_ALLOWRAW);
$cid = JRequest::getVar('cid', array(0), 'post', 'array');
$id = JRequest::getVar('id', '', 'get', 'string');
$post['catid'] = (int) $cid[0];
if (isset($post['pgusername'])) {
// if not there is other code to solve it - see below
$post['username'] = $post['pgusername'];
}
// HTML Purifier
require_once JPATH_COMPONENT . DS . 'assets' . DS . 'library' . DS . 'HTMLPurifier.auto.php';
$configP = HTMLPurifier_Config::createDefault();
$configP->set('Core', 'TidyFormat', !empty($_REQUEST['tidy']));
$configP->set('Core', 'DefinitionCache', null);
$configP->set('HTML', 'Allowed', 'strong,em,p[style],span[style],img[src|width|height|alt|title],li,ul,ol,a[href],u,strike');
$purifier = new HTMLPurifier($configP);
$post['content'] = $purifier->purify($post['content']);
// ------------
//-----------------------------------------------------------------------------------------------
// Add username and user e-mail if user is login
$username_or_name = 0;
if ($params->get('username_or_name') != '') {
$username_or_name = $params->get('username_or_name');
}
if ($username_or_name == 1) {
if ($user->name && trim($user->name != '')) {
$form_username = $user->name;
} else {
$form_username = JText::_('Guest');
}
} else {
if ($user->username && trim($user->username != '')) {
$form_username = $user->username;
} else {
$form_username = JText::_('Guest');
}
}
if ($user->email && trim($user->email != '')) {
$form_email = $user->email;
} else {
$form_email = '';
}
//-----------------------------------------------------------------------------------------------
// !!!! Add content to the fields
//-----------------------------------------------------------------------------------------------
//Create new object, if user fill not all data, no redirection and he gets the data he added (he doesn't loss it)
$formdata = new JObject();
//Content
if (isset($post['content'])) {
$formdata->set('content', $post['content']);
} else {
$formdata->set('content', '');
}
//Name !!! NAME OR USERNAME
if (isset($post['username'])) {
$formdata->set('username', $post['username']);
} else {
$formdata->set('username', $form_username);
}
//Email
if (isset($post['email'])) {
$formdata->set('email', $post['email']);
} else {
$formdata->set('email', $form_email);
}
//Title
if (isset($post['title'])) {
$formdata->set('title', $post['title']);
} else {
$formdata->set('title', '');
}
if ($tmpl['enableeditor'] == 1) {
$editor = PhocaguestbookHelper::displayTextArea('pgbcontent', $formdata->content, (int) $tmpl['editorwidth'] . 'px', (int) $tmpl['editorheight'] . 'px', '60', '80', false);
} else {
$editor = '<textarea id="pgbcontent" name="pgbcontent" rows="6" cols="30" >' . $formdata->content . '</textarea>';
}
//-----------------------------------------------------------------------------------------------
// Get data - all items
$items = $this->get('data');
$guestbooks = $this->get('guestbook');
// Define image tag attributes
if (!empty($guestbooks->image)) {
$attribs['align'] = $guestbooks->image_position;
$attribs['hspace'] = '6';
// Use the static HTML library to build the image tag
$image = JHTML::_('image', 'images/stories/' . $guestbooks->image, JText::_('Phoca Guestbook'), $attribs);
}
//$total = $this->get('total');
$pagination =& $this->get('pagination');
//----------------------------------------------------------------------------------------------
// Forbidden Word Filter
$forbidden_word_filter = trim($params->get('forbidden_word_filter'));
$forbidden_word_filter_array = explode(';', $forbidden_word_filter);
//----------------------------------------------------------------------------------------------
// Forbidden Whole Word Filter
$forbidden_whole_word_filter = trim($params->get('forbidden_whole_word_filter'));
$forbidden_whole_word_filter_array = explode(';', $forbidden_whole_word_filter);
//----------------------------------------------------------------------------------------------
//Add custom CSS V A L U E S
if ($params->get('font_color') != '') {
$css['fontcolor'] = $params->get('font_color');
} else {
$css['fontcolor'] = '#000000';
}
if ($params->get('second_font_color') != '') {
$css['secondfontcolor'] = $params->get('second_font_color');
} else {
$css['secondfontcolor'] = '#dddddd';
}
if ($params->get('background_color') != '') {
$css['backgroundcolor'] = $params->get('background_color');
} else {
$css['backgroundcolor'] = '#C8DFF9';
}
if ($params->get('border_color') != '') {
$css['bordercolor'] = $params->get('border_color');
} else {
$css['bordercolor'] = '#E6E6E6';
}
//Add display values
$display = '';
$require = '';
$display['username'] = 1;
if ($params->get('display_name') != '') {
$display['username'] = $params->get('display_name');
}
$display['email'] = 1;
if ($params->get('display_email') != '') {
$display['email'] = $params->get('display_email');
}
$display['formusername'] = 1;
if ($params->get('display_name_form') != '') {
$display['formusername'] = $params->get('display_name_form');
}
$display['formemail'] = 1;
if ($params->get('display_email_form') != '') {
$display['formemail'] = $params->get('display_email_form');
}
//Add requirement V A L U E S
$require['title'] = 1;
if ($params->get('require_title') != '') {
$require['title'] = $params->get('require_title');
}
$require['username'] = 1;
if ($params->get('require_username') != '') {
$require['username'] = $params->get('require_username');
}
$require['email'] = 0;
if ($params->get('require_email') != '') {
$require['email'] = $params->get('require_email');
}
// if we disable email form field and name form field we cannot require these items
if ($display['formusername'] == 0) {
$require['username'] = 0;
}
if ($display['formemail'] == 0) {
$require['email'] = 0;
}
$require['content'] = 1;
if ($params->get('require_content') != '') {
$require['content'] = $params->get('require_content');
}
$require['reguser'] = 0;
if ($params->get('registered_users_only') != '') {
$require['reguser'] = $params->get('registered_users_only');
}
$tmpl['pf'] = PhocaguestbookHelper::setP($tmpl['df']);
//Select the position, add V A L U E S
if ($params->get('form_position') != '') {
$config['position'] = $params->get('form_position');
} else {
$config['position'] = 0;
}
if ($params->get('max_url') != '') {
$config['maxurl'] = $params->get('max_url');
} else {
$config['maxurl'] = 5;
}
if ($params->get('enable_captcha') != '') {
$require['captcha'] = $params->get('enable_captcha');
} else {
$require['captcha'] = 1;
}
//-----------------------------------------------------------------------------------------------
// !!!! 1. Server Side Checking controll
//-----------------------------------------------------------------------------------------------
//Form Variables --------------------------------------------------------------------------------
//captcha is wrong,we cannot redirect the page,we display message this way
//DISPLAY MESSAGES WHICH YOU GET FROM CONTROLL FILE - (CONTROLLERS - phocaguestbook.php)
$smB = '<small style="color:#fc0000;">';
$smE = '</small><br />';
$errorMsgCaptcha = '';
$errorMsgTop = '';
if (JRequest::getVar('captcha-msg', 0, 'get', 'int') == 1) {
$errorMsgCaptcha .= '<tr><td> </td><td colspan="3">' . $smB . JText::_('Phoca Guestbook Wrong Captcha') . '</small></td></tr>';
}
if (JRequest::getVar('title-msg-1', 0, 'get', 'int') == 1) {
$errorMsgTop .= $smB . JText::_('Phoca Guestbook No Title') . $smE;
}
if (JRequest::getVar('title-msg-2', 0, 'get', 'int') == 1) {
$errorMsgTop .= $smB . JText::_('Phoca Guestbook Bad Title') . $smE;
}
if (JRequest::getVar('username-msg-1', 0, 'get', 'int') == 1) {
$errorMsgTop .= $smB . JText::_('Phoca Guestbook No Username') . $smE;
}
if (JRequest::getVar('username-msg-2', 0, 'get', 'int') == 1) {
$errorMsgTop .= $smB . JText::_('Phoca Guestbook Bad Username') . $smE;
}
if (JRequest::getVar('username-msg-3', 0, 'get', 'int') == 1) {
$errorMsgTop .= $smB . JText::_('Phoca Guestbook Username Exists') . $smE;
}
if (JRequest::getVar('email-msg-1', 0, 'get', 'int') == 1) {
$errorMsgTop .= $smB . JText::_('Phoca Guestbook No Email') . $smE;
}
if (JRequest::getVar('email-msg-2', 0, 'get', 'int') == 1) {
$errorMsgTop .= $smB . JText::_('Phoca Guestbook Bad Email') . $smE;
}
if (JRequest::getVar('email-msg-3', 0, 'get', 'int') == 1) {
$errorMsgTop .= $smB . JText::_('Phoca Guestbook Email Exists') . $smE;
}
if (JRequest::getVar('content-msg-1', 0, 'get', 'int') == 1) {
$errorMsgTop .= $smB . JText::_('Phoca Guestbook No Content') . $smE;
}
if (JRequest::getVar('content-msg-2', 0, 'get', 'int') == 1) {
$errorMsgTop .= $smB . JText::_('Phoca Guestbook Bad Content') . $smE;
}
if (JRequest::getVar('ip-msg-1', 0, 'get', 'int') == 1) {
$errorMsgTop .= $smB . JText::_('Phoca Guestbook IP Ban') . $smE;
}
if (JRequest::getVar('reguser-msg-1', 0, 'get', 'int') == 1) {
$errorMsgTop .= $smB . JText::_('Phoca Guestbook Reg User Only') . $smE;
}
$this->assignRef('error_msg_captcha', $errorMsgCaptcha);
$this->assignRef('error_msg_top', $errorMsgTop);
//Form Variables --------------------------------------------------------------------------------
//-----------------------------------------------------------------------------------------------
// !!!! 2. Before Server Side Checking controll, don't show form (but there is a server side
// checking, it means, if the user hack the form which is not displayed to him
// there is a server checking controll too.
//-----------------------------------------------------------------------------------------------
//Don't show form, is IP Ban is wrong
$ip_ban = trim($params->get('ip_ban'));
$ip_ban_array = explode(';', $ip_ban);
$ipa = 1;
//display
if (is_array($ip_ban_array)) {
foreach ($ip_ban_array as $value) {
if ($_SERVER["REMOTE_ADDR"] == trim($value)) {
$ipa = 0;
}
}
}
//REGISTERED USER ONLY --------------------------------------------------------------------------
if ($require['reguser'] == 1) {
if ($user->id > 0) {
$reguser = 1;
} else {
$reguser = 0;
}
} else {
$reguser = 1;
}
//ENABLE OR DISABLE CAPTCHA ----------------------------------------------------------------
if ($require['captcha'] < 1) {
$enablecaptcha = 0;
} else {
$enablecaptcha = 1;
}
// reCaptcha public key ------------------------------------------------
if ($params->get('enable_captcha') == 20) {
$recaptchakey = $params->get('recaptcha_publickey');
} else {
$recaptchakey = '';
// Disables recaptcha
}
//----------------------------------------------------------------------------------------------------
//Variables
$this->assignRef('tmpl', $tmpl);
$this->assignRef('administrator', $administrator);
$this->assignRef('itemid', $menu->id);
$this->assignRef('id', $id);
$this->assignRef('formdata', $formdata);
//captcha is wrong, add the same values via POST into form as they were
$this->assignRef('items', $items);
$this->assignRef('fwfa', $forbidden_word_filter_array);
$this->assignRef('fwwfa', $forbidden_whole_word_filter_array);
$this->assignRef('css', $css);
$this->assignRef('display', $display);
$this->assignRef('require', $require);
$this->assignRef('config', $config);
$this->assignRef('guestbooks', $guestbooks);
$this->assignRef('image', $image);
$this->assignRef('params', $params);
$this->assignRef('editor', $editor);
$this->assignRef('pagination', $pagination);
$this->assignRef('ipa', $ipa);
$this->assignRef('reguser', $reguser);
$this->assignRef('enablecaptcha', $enablecaptcha);
$this->assignRef('recaptchakey', $recaptchakey);
$this->assign('action', $uri->toString());
parent::display($tpl);
}
function display($tpl = null)
{
global $mainframe;
$pathway =& $mainframe->getPathway();
$document =& JFactory::getDocument();
$uri =& JFactory::getURI();
$user =& JFactory::getUser();
$params =& $mainframe->getParams();
$tmpl = array();
JHTML::stylesheet('phocaguestbook.css', 'components/com_phocaguestbook/assets/');
$tmpl['administrator'] = 0;
if (strtolower($user->usertype) == strtolower('super administrator') || strtolower($user->usertype) == strtolower('administrator')) {
$tmpl['administrator'] = 1;
}
//PARAMS
$tmpl['captcha_method'] = $params->get('captcha_method', 1);
$tmpl['enable_editor'] = $params->get('enable_editor', 1);
$tmpl['table_width'] = $params->get('table_width', 400);
$tmpl['editor_width'] = $params->get('editor_width', 400);
$tmpl['editor_height'] = $params->get('editor_height', 200);
$tmpl['display_form'] = $params->get('display_form', 1);
$tmpl['date_format'] = $params->get('date_format', 'DATE_FORMAT_LC');
$tmpl['font_color'] = $params->get('font_color', '#000000');
$tmpl['second_font_color'] = $params->get('second_font_color', '#dddddd');
$tmpl['background_color'] = $params->get('background_color', '#C8DFF9');
$tmpl['border_color'] = $params->get('border_color', '#E6E6E6');
$tmpl['display_name_form'] = $params->get('display_name_form', 2);
$tmpl['display_email_form'] = $params->get('display_email_form', 1);
$tmpl['display_title_form'] = $params->get('display_title_form', 2);
$tmpl['display_content_form'] = $params->get('display_content_form', 2);
$tmpl['display_website_form'] = $params->get('display_website_form', 0);
$tmpl['display_name'] = $params->get('display_name', 1);
$tmpl['display_email'] = $params->get('display_email', 1);
$tmpl['display_website'] = $params->get('display_website', 1);
$tmpl['username_or_name'] = $params->get('username_or_name', 0);
$tmpl['predefined_name'] = $params->get('predefined_name', '');
$tmpl['enable_html_purifier'] = $params->get('enable_html_purifier', 1);
$tmpl['display_path_editor'] = $params->get('display_path_editor', 1);
$tmpl['date_format'] = PhocaguestbookHelper::getDateFormat($tmpl['date_format']);
$document->addCustomTag(PhocaguestbookHelper::setCaptchaReloadJS());
if ($tmpl['enable_editor'] == 1) {
$document->addCustomTag(PhocaguestbookHelper::setTinyMCEJS());
$document->addCustomTag(PhocaguestbookHelper::displaySimpleTinyMCEJS($tmpl['display_path_editor']));
}
// - - - - - - - - - - -
// Fill the form in case, you get data from post (e.g. user send data, but with no valid captcha
// We send him back to the form but without lossing data
$post = JRequest::get('post');
$post['content'] = JRequest::getVar('pgbcontent', '', 'post', 'string', JREQUEST_ALLOWRAW);
$cid = JRequest::getVar('cid', array(0), 'post', 'array');
$id = JRequest::getVar('id', '', 'get', 'string');
$post['catid'] = (int) $cid[0];
if ((int) $id < 1) {
echo '<div id="phocaguestbook"><div class="error">' . JText::_('Warning Select Guestbook') . '</div></div>';
return true;
}
if (isset($post['pgusername'])) {
// if not there is other code to solve it - see below
$post['username'] = $post['pgusername'];
}
// HTML Purifier - - - - - - - - - -
if ($tmpl['enable_html_purifier'] == 0) {
$filterTags = '';
//preg_split( '#[,\s]+#', trim( ) ); // black list method is used
$filterAttrs = '';
//preg_split( '#[,\s]+#', trim( ) ); // black list method is used
$filter = new JFilterInput($filterTags, $filterAttrs, 1, 1, 1);
$post['content'] = $filter->clean($post['content']);
} else {
require_once JPATH_COMPONENT . DS . 'assets' . DS . 'library' . DS . 'HTMLPurifier.auto.php';
$configP = HTMLPurifier_Config::createDefault();
$configP->set('Core', 'TidyFormat', !empty($_REQUEST['tidy']));
$configP->set('Core', 'DefinitionCache', null);
$configP->set('HTML', 'Allowed', 'strong,em,p[style],span[style],img[src|width|height|alt|title],li,ul,ol,a[href],u,strike,br');
$purifier = new HTMLPurifier($configP);
$post['content'] = $purifier->purify($post['content']);
}
// - - - - - - - - - -
// Add username and user e-mail if user is login
if ($tmpl['username_or_name'] == 1) {
if ($user->name && trim($user->name != '')) {
$form_username = $user->name;
} else {
$form_username = $tmpl['predefined_name'];
}
} else {
if ($user->username && trim($user->username != '')) {
$form_username = $user->username;
} else {
$form_username = $tmpl['predefined_name'];
}
}
if ($user->email && trim($user->email != '')) {
$form_email = $user->email;
} else {
$form_email = '';
}
// - - - - - - - - - - -
// !!!! Add content to the fields
// - - - - - - - - - - -
//Create new object, if user fill not all data, no redirection and he gets the data he added (he doesn't loss it)
$formdata = new JObject();
if (isset($post['content'])) {
$formdata->set('content', $post['content']);
} else {
$formdata->set('content', '');
}
if (isset($post['username'])) {
$formdata->set('username', $post['username']);
} else {
$formdata->set('username', $form_username);
}
if (isset($post['email'])) {
$formdata->set('email', $post['email']);
} else {
$formdata->set('email', $form_email);
}
if (isset($post['title'])) {
$formdata->set('title', $post['title']);
} else {
$formdata->set('title', '');
}
//if (isset($post['website'])) {$formdata->set('website', $post['website']);}
//else {$formdata->set('website', 'http://');}
if (isset($post['website'])) {
$formdata->set('website', $post['website']);
} else {
if ($tmpl['display_website'] == 2) {
$formdata->set('website', 'http://');
//required
} else {
$formdata->set('website', '');
// not required
}
}
if ($tmpl['enable_editor'] == 1) {
$tmpl['editor'] = PhocaguestbookHelper::displayTextArea('pgbcontent', $formdata->content, (int) $tmpl['editor_width'] . 'px', (int) $tmpl['editor_height'] . 'px', '60', '80', false);
} else {
$tmpl['editor'] = '<textarea id="pgbcontent" name="pgbcontent" cols="45" rows="10" style="width: ' . (int) $tmpl['editor_width'] . 'px; height:' . (int) $tmpl['editor_height'] . 'px;" class="pgbinput" >' . $formdata->content . '</textarea>';
}
// - - - - - - - - - - -
// Get data - all items
$items = $this->get('data');
$guestbooks = $this->get('guestbook');
// Define image tag attributes
if (!empty($guestbooks->image)) {
$attribs['align'] = $guestbooks->image_position;
$attribs['hspace'] = '6';
// Use the static HTML library to build the image tag
$tmpl['image'] = JHTML::_('image', 'images/stories/' . $guestbooks->image, JText::_('Phoca Guestbook'), $attribs);
}
$pagination =& $this->get('pagination');
$tmpl['fwfa'] = explode(',', trim($params->get('forbidden_word_filter', '')));
$tmpl['fwwfa'] = explode(',', trim($params->get('forbidden_whole_word_filter', '')));
/*$tmpl['formemail'] = 1;
if ($params->get( 'display_email_form' ) != '') {$tmpl['formemail'] = $params->get( 'display_email_form' );}
//Add requirement V A L U E S
$tmpl['title'] = 1;
if ($params->get( 'require_title' ) != '') {$tmpl['title'] = $params->get( 'require_title' );}
/*$tmpl['username'] = 1;
if ($params->get( 'require_username' ) != '') {$tmpl['username'] = $params->get( 'require_username' );}
*/
/*$tmpl['email'] = 0;
if ($params->get( 'require_email' ) != '') {$tmpl['email'] = $params->get( 'require_email' );}
// if we disable email form field and name form field we cannot require these items
/*if ($tmpl['display_name_form'] == 0) {$tmpl['username'] = 0;}
if ($tmpl['formemail'] == 0) {$tmpl['email'] = 0;}*/
/*
$tmpl['content'] = 1;
if ($params->get( 'require_content' ) != '') {$tmpl['content'] = $params->get( 'require_content' );}
*/
$tmpl['registered_users_only'] = $params->get('registered_users_only', 0);
$tmpl['form_position'] = $params->get('form_position', 0);
$tmpl['max_url'] = $params->get('max_url', 5);
$tmpl['enable_captcha'] = $params->get('enable_captcha', 1);
$tmpl['enable_captcha_users'] = $params->get('enable_captcha_users', 0);
// Captcha not for registered
if ((int) $tmpl['enable_captcha_users'] == 1) {
if ((int) $user->id > 0) {
$tmpl['enable_captcha'] = 0;
}
}
//-----------------------------------------------------------------------------------------------
// !!!! 1. Server Side Checking controll
//-----------------------------------------------------------------------------------------------
//Form Variables --------------------------------------------------------------------------------
//captcha is wrong,we cannot redirect the page,we display message this way
//DISPLAY MESSAGES WHICH YOU GET FROM CONTROLL FILE - (CONTROLLERS - phocaguestbook.php)
$smB = '<small style="color:#fc0000;">';
$smE = '</small><br />';
$tmpl['errmsg_captcha'] = '';
$tmpl['errmsg_top'] = '';
if (JRequest::getVar('captcha-msg', 0, 'get', 'int') == 1) {
$tmpl['errmsg_captcha'] .= '<tr><td> </td><td colspan="3">' . $smB . JText::_('Phoca Guestbook Wrong Captcha') . '</small></td></tr>';
}
if (JRequest::getVar('title-msg-1', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook No Title') . $smE;
}
if (JRequest::getVar('title-msg-2', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Bad Title') . $smE;
}
if (JRequest::getVar('username-msg-1', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook No Username') . $smE;
}
if (JRequest::getVar('username-msg-2', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Bad Username') . $smE;
}
if (JRequest::getVar('username-msg-3', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Username Exists') . $smE;
}
if (JRequest::getVar('email-msg-1', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook No Email') . $smE;
}
if (JRequest::getVar('email-msg-2', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Bad Email') . $smE;
}
if (JRequest::getVar('email-msg-3', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Email Exists') . $smE;
}
if (JRequest::getVar('website-msg-1', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook No Website') . $smE;
}
if (JRequest::getVar('website-msg-2', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Bad Website') . $smE;
}
if (JRequest::getVar('content-msg-1', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook No Content') . $smE;
}
if (JRequest::getVar('content-msg-2', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Bad Content') . $smE;
}
if (JRequest::getVar('ip-msg-1', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook IP Ban') . $smE;
}
if (JRequest::getVar('reguser-msg-1', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Reg User Only') . $smE;
}
if (JRequest::getVar('denyurl-msg-1', 0, 'get', 'int') == 1) {
$tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Deny URL') . $smE;
}
//Form Variables --------------------------------------------------------------------------------
//-----------------------------------------------------------------------------------------------
// !!!! 2. Before Server Side Checking controll, don't show form (but there is a server side
// checking, it means, if the user hack the form which is not displayed to him
// there is a server checking controll too.
//-----------------------------------------------------------------------------------------------
//Don't show form, is IP Ban is wrong
/* $ip_ban = trim( $params->get( 'ip_ban', '' ) );
$ip_ban_array = explode( ',', $ip_ban );
$i = '192.68.25.23';
$tmpl['ipa'] = 1;//display
if (is_array($ip_ban_array)) {
foreach ($ip_ban_array as $value) {
krumo(trim($value));
if ($i == trim($value)) {
$tmpl['ipa'] = 0;
echo "ano";
break;// found
}
}
}*/
$post['ip'] = $_SERVER["REMOTE_ADDR"];
$ip_ban = trim($params->get('ip_ban'));
$ip_ban_array = explode(',', $ip_ban);
$tmpl['ipa'] = 1;
//display
if (is_array($ip_ban_array)) {
foreach ($ip_ban_array as $valueIp) {
//if ($post['ip'] == trim($value)) {
if ($valueIp != '') {
if (strstr($post['ip'], trim($valueIp)) && strpos($post['ip'], trim($valueIp)) == 0) {
$tmpl['ipa'] = 0;
JRequest::setVar('ip-msg-1', 1, 'get', true);
break;
}
}
}
}
// Display or not to display the form
// If user is registered - return 1, if not return 0, if not but the form can be displayed for not registered, return 1
$tmpl['registered_users_only'] = PhocaguestbookHelper::isRegisteredUser($tmpl['registered_users_only'], $user->id);
$tmpl['show_form'] = 1;
if ($tmpl['ipa'] == 0) {
$tmpl['show_form'] = 0;
$tmpl['ipa_msg'] = '<p>' . JText::_('Phoca Guestbook IP Ban No Access') . '</p>';
} else {
$tmpl['ipa_msg'] = '';
}
if ($tmpl['registered_users_only'] == 0) {
$tmpl['show_form'] = 0;
$tmpl['reguser_msg'] = '<p>' . JText::_('Phoca Guestbook Reg User Only No Access') . '</p>';
} else {
$tmpl['reguser_msg'] = '';
}
$tmpl['m'] = PhocaguestbookHelper::getInfo();
$this->assignRef('tmpl', $tmpl);
$this->assignRef('id', $id);
$this->assignRef('formdata', $formdata);
//captcha is wrong, add the same values via POST into form as they were
$this->assignRef('items', $items);
$this->assignRef('guestbooks', $guestbooks);
$this->assignRef('params', $params);
$this->assignRef('pagination', $pagination);
$this->assign('action', $uri->toString());
parent::display($tpl);
}
