/**
* XoopsUserUtility::validate
*
* @return false|string
*/
public static function validate()
{
$xoops = Xoops::getInstance();
$args = func_get_args();
$args_num = func_num_args();
/* @var $user XoopsUser|null */
$user = null;
$uname = null;
$email = null;
$pass = null;
$vpass = null;
switch ($args_num) {
case 1:
$user = $args[0];
break;
case 2:
list($uname, $email) = $args;
break;
case 3:
list($user, $pass, $vpass) = $args;
break;
case 4:
list($uname, $email, $pass, $vpass) = $args;
break;
default:
return false;
}
if (is_object($user)) {
$uname = $user->getVar('uname', 'n');
$email = $user->getVar('email', 'n');
}
//$user = empty($user) ? null : trim($user);
$uname = empty($uname) ? null : trim($uname);
$email = empty($email) ? null : trim($email);
$pass = empty($pass) ? null : trim($pass);
$vpass = empty($vpass) ? null : trim($vpass);
$xoops->getConfigs();
$stop = '';
// Invalid email address
if (!$xoops->checkEmail($email)) {
$stop .= XoopsLocale::E_INVALID_EMAIL . '<br />';
}
if (strrpos($email, ' ') > 0) {
$stop .= XoopsLocale::E_EMAIL_SHOULD_NOT_CONTAIN_SPACES . '<br />';
}
// Check forbidden email address if current operator is not an administrator
if (!$xoops->userIsAdmin) {
$bad_emails = $xoops->getConfig('bad_emails');
if (!empty($bad_emails)) {
foreach ($bad_emails as $be) {
if (!empty($be) && preg_match('/' . $be . '/i', $email)) {
$stop .= XoopsLocale::E_INVALID_EMAIL . '<br />';
break;
}
}
}
}
$uname = XoopsLocale::trim($uname);
$restriction = '';
switch ($xoops->getConfig('uname_test_level')) {
case 0:
// strict
$restriction = '/[^a-zA-Z0-9\\_\\-]/';
break;
case 1:
// medium
$restriction = '/[^a-zA-Z0-9\\_\\-\\<\\>\\,\\.\\$\\%\\#\\@\\!\\\'\']/';
break;
case 2:
// loose
$restriction = '/[\\000-\\040]/';
break;
}
if (empty($uname) || preg_match($restriction, $uname)) {
$stop .= XoopsLocale::E_INVALID_USERNAME . '<br />';
}
// Check uname settings if current operator is not an administrator
if (!$xoops->userIsAdmin) {
$maxuname = $xoops->getConfig('maxuname');
if (!empty($maxuname) && mb_strlen($uname) > $maxuname) {
$stop .= sprintf(XoopsLocale::EF_USERNAME_MUST_BE_LESS_THAN, $maxuname) . '<br />';
}
$minuname = $xoops->getConfig('minuname');
if (!empty($minuname) && mb_strlen($uname) < $minuname) {
$stop .= sprintf(XoopsLocale::EF_USERNAME_MUST_BE_MORE_THAN, $minuname) . '<br />';
}
$bad_unames = $xoops->getConfig('bad_unames');
if (!empty($bad_unames)) {
foreach ($bad_unames as $bu) {
if (!empty($bu) && preg_match('/' . $bu . '/i', $uname)) {
$stop .= XoopsLocale::E_NAME_IS_RESERVED . '<br />';
break;
}
}
}
}
// Check if uname/email already exists if the user is a new one
$uid = is_object($user) ? $user->getVar('uid') : 0;
$user_handler = $xoops->getHandlerUser();
$myts = MyTextSanitizer::getInstance();
$criteria = new CriteriaCompo(new Criteria('uname', $myts->addSlashes($uname)));
if ($uid > 0) {
$criteria->add(new Criteria('uid', $uid, '<>'));
}
$count = $user_handler->getCount($criteria);
if ($count > 0) {
$stop .= XoopsLocale::E_USERNAME_TAKEN . '<br />';
}
$criteria = new CriteriaCompo(new Criteria('email', $myts->addSlashes($email)));
if ($uid > 0) {
$criteria->add(new Criteria('uid', $uid, '<>'));
}
$count = $user_handler->getCount($criteria);
if ($count > 0) {
$stop .= XoopsLocale::E_EMAIL_TAKEN . '<br />';
}
// If password is not set, skip password validation
if ($pass === null && $vpass === null) {
return $stop;
}
if (empty($pass) || empty($vpass)) {
$stop .= XoopsLocale::E_MUST_PROVIDE_PASSWORD . '<br />';
}
if (isset($pass) && isset($vpass) && $pass != $vpass) {
$stop .= XoopsLocale::E_PASSWORDS_MUST_MATCH . '<br />';
} else {
$minpass = $xoops->getConfig('minpass');
if ($pass != '' && !empty($minpass) && mb_strlen($pass) < $minpass) {
$stop .= sprintf(XoopsLocale::EF_PASSWORD_MUST_BE_GREATER_THAN, $minpass) . '<br />';
}
}
return $stop;
}
public function displayPost()
{
$xoops = Xoops::getInstance();
if (Request::getMethod() !== 'POST') {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
$id = Request::getInt('com_id');
$modid = Request::getInt('com_modid');
if (empty($modid)) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
/* @var $comment CommentsComment */
$comment = $this->getHandlerComment()->get($id);
if (!is_object($comment)) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
if (!$comment->isNew()) {
$modid = $comment->getVar('modid');
} else {
$comment->setVar('modid', $modid);
}
$module = $xoops->getModuleById($modid);
if (!is_object($module)) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
$moddir = $module->getVar('dirname');
if ($xoops->isAdminSide) {
if (empty($id)) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
$redirect_page = $this->url('admin/main.php?com_modid=' . $modid . '&com_itemid');
} else {
if (COMMENTS_APPROVENONE == $xoops->getModuleConfig('com_rule', $module->getVar('dirname'))) {
$xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
$redirect_page = '';
}
/* @var $plugin CommentsPluginInterface */
if ($plugin = \Xoops\Module\Plugin::getPlugin($moddir, 'comments')) {
if (!$xoops->isAdminSide) {
$redirect_page = $xoops->url('modules/' . $moddir . '/' . $plugin->pageName() . '?');
if (is_array($extraParams = $plugin->extraParams())) {
$extra_params = '';
foreach ($extraParams as $extra_param) {
$extra_params .= isset($_POST[$extra_param]) ? $extra_param . '=' . htmlspecialchars($_POST[$extra_param]) . '&' : $extra_param . '=amp;';
}
$redirect_page .= $extra_params;
}
$redirect_page .= $plugin->itemName();
}
$comment_url = $redirect_page;
$op = Request::getBool('com_dopost') ? 'post' : '';
$op = Request::getBool('com_dopreview') ? 'preview' : $op;
$op = Request::getBool('com_dodelete') ? 'delete' : $op;
if ($op === 'preview' || $op === 'post') {
if (!$xoops->security()->check()) {
$op = '';
}
}
if ($op === 'post' && !$xoops->isUser()) {
$xoopsCaptcha = XoopsCaptcha::getInstance();
if (!$xoopsCaptcha->verify()) {
$captcha_message = $xoopsCaptcha->getMessage();
$op = 'preview';
}
}
$title = XoopsLocale::trim(Request::getString('com_title'));
$text = XoopsLocale::trim(Request::getString('com_text'));
$mode = XoopsLocale::trim(Request::getString('com_mode', 'flat'));
$order = XoopsLocale::trim(Request::getString('com_order', COMMENTS_OLD1ST));
$itemid = Request::getInt('com_itemid');
$pid = Request::getInt('com_pid');
$rootid = Request::getInt('com_rootid');
$status = Request::getInt('com_status');
$dosmiley = Request::getBool('com_dosmiley');
$doxcode = Request::getBool('com_doxcode');
$dobr = Request::getBool('com_dobr');
$dohtml = Request::getBool('com_html');
$doimage = Request::getBool('com_doimage');
$icon = XoopsLocale::trim(Request::getString('com_icon'));
$comment->setVar('title', $title);
$comment->setVar('text', $text);
$comment->setVar('itemid', $itemid);
$comment->setVar('pid', $pid);
$comment->setVar('rootid', $rootid);
$comment->setVar('status', $status);
$comment->setVar('dosmiley', $dosmiley);
$comment->setVar('doxcode', $doxcode);
$comment->setVar('dobr', $dobr);
$comment->setVar('dohtml', $dohtml);
$comment->setVar('doimage', $doimage);
$comment->setVar('icon', $icon);
switch ($op) {
case "delete":
$this->displayDelete();
break;
case "preview":
$comment->setVar('doimage', 1);
if ($comment->getVar('dohtml') != 0) {
if ($xoops->isUser()) {
if (!$xoops->user->isAdmin($comment->getVar('modid'))) {
$comment->setVar('dohtml', 0);
}
} else {
$comment->setVar('dohtml', 0);
}
}
$xoops->header();
if (!$xoops->isAdminSide && !empty($captcha_message)) {
echo $xoops->alert('error', $captcha_message);
}
echo $this->renderHeader($comment->getVar('title', 'p'), $comment->getVar('text', 'p'), false, time());
$this->displayCommentForm($comment);
$xoops->footer();
break;
case "post":
$comment->setVar('doimage', 1);
$comment_handler = $this->getHandlerComment();
$add_userpost = false;
$call_approvefunc = false;
$call_updatefunc = false;
// RMV-NOTIFY - this can be set to 'comment' or 'comment_submit'
$notify_event = false;
if (!empty($id)) {
$accesserror = false;
if ($xoops->isUser()) {
if ($xoops->user->isAdmin($comment->getVar('modid'))) {
if (!empty($status) && $status != COMMENTS_PENDING) {
$old_status = $comment->getVar('status');
$comment->setVar('status', $status);
// if changing status from pending state, increment user post
if (COMMENTS_PENDING == $old_status) {
$add_userpost = true;
if (COMMENTS_ACTIVE == $status) {
$call_updatefunc = true;
$call_approvefunc = true;
// RMV-NOTIFY
$notify_event = 'comment';
}
} else {
if (COMMENTS_HIDDEN == $old_status && COMMENTS_ACTIVE == $status) {
$call_updatefunc = true;
// Comments can not be directly posted hidden,
// no need to send notification here
} else {
if (COMMENTS_ACTIVE == $old_status && COMMENTS_HIDDEN == $status) {
$call_updatefunc = true;
}
}
}
}
} else {
$comment->setVar('dohtml', 0);
if ($comment->getVar('uid') != $xoops->user->getVar('uid')) {
$accesserror = true;
}
}
} else {
$comment->setVar('dohtml', 0);
$accesserror = true;
}
if (false != $accesserror) {
$xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_mode=' . $mode . '&com_order=' . $order, 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
} else {
$comment->setVar('created', time());
$comment->setVar('ip', $xoops->getEnv('REMOTE_ADDR'));
if ($xoops->isUser()) {
if ($xoops->user->isAdmin($comment->getVar('modid'))) {
$comment->setVar('status', COMMENTS_ACTIVE);
$add_userpost = true;
$call_approvefunc = true;
$call_updatefunc = true;
// RMV-NOTIFY
$notify_event = 'comment';
} else {
$comment->setVar('dohtml', 0);
switch ($xoops->getModuleConfig('com_rule')) {
case COMMENTS_APPROVEALL:
case COMMENTS_APPROVEUSER:
$comment->setVar('status', COMMENTS_ACTIVE);
$add_userpost = true;
$call_approvefunc = true;
$call_updatefunc = true;
// RMV-NOTIFY
$notify_event = 'comment';
break;
case COMMENTS_APPROVEADMIN:
default:
$comment->setVar('status', COMMENTS_PENDING);
$notify_event = 'comment_submit';
break;
}
}
if ($xoops->getModuleConfig('com_anonpost', $module->getVar('dirname')) && $comment->getVar('noname')) {
$comment->setVar('uid', 0);
} else {
$comment->setVar('uid', $xoops->user->getVar('uid'));
}
} else {
$comment->setVar('dohtml', 0);
$comment->setVar('uid', 0);
if ($xoops->getModuleConfig('com_anonpost', $module->getVar('dirname')) != 1) {
$xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_mode=' . $mode . '&com_order=' . $order, 1, XoopsLocale::E_NO_ACCESS_PERMISSION);
}
}
if ($comment->getVar('uid') == 0) {
switch ($xoops->getModuleConfig('com_rule')) {
case COMMENTS_APPROVEALL:
$comment->setVar('status', COMMENTS_ACTIVE);
$add_userpost = true;
$call_approvefunc = true;
$call_updatefunc = true;
// RMV-NOTIFY
$notify_event = 'comment';
break;
case COMMENTS_APPROVEADMIN:
case COMMENTS_APPROVEUSER:
default:
$comment->setVar('status', COMMENTS_PENDING);
// RMV-NOTIFY
$notify_event = 'comment_submit';
break;
}
}
}
if ($comment->getVar('title') == '') {
$comment->setVar('title', XoopsLocale::NO_TITLE);
}
$comment->setVar('modified', time());
if (isset($extra_params)) {
$comment->setVar('exparams', $extra_params);
}
if (false != $comment_handler->insert($comment)) {
$newcid = $comment->getVar('id');
// set own id as root id if this is a top comment
if ($comment->getVar('rootid') == 0) {
$comment->setVar('rootid', $newcid);
if (!$comment_handler->updateByField($comment, 'rootid', $comment->getVar('rootid'))) {
$comment_handler->delete($comment);
$xoops->header();
echo $xoops->alert('error', $comment->getHtmlErrors());
$xoops->footer();
}
}
// call custom approve function if any
if (false != $call_approvefunc) {
$plugin->approve($comment);
}
if (false != $call_updatefunc) {
$criteria = new CriteriaCompo(new Criteria('modid', $comment->getVar('modid')));
$criteria->add(new Criteria('itemid', $comment->getVar('itemid')));
$criteria->add(new Criteria('status', COMMENTS_ACTIVE));
$comment_count = $comment_handler->getCount($criteria);
$plugin->update($comment->getVar('itemid'), $comment_count);
}
// increment user post if needed
$uid = $comment->getVar('uid');
if ($uid > 0 && false != $add_userpost) {
$member_handler = $xoops->getHandlerMember();
$poster = $member_handler->getUser($uid);
if ($poster instanceof XoopsUser) {
$member_handler->updateUserByField($poster, 'posts', $poster->getVar('posts') + 1);
}
}
// RMV-NOTIFY
// trigger notification event if necessary
if ($notify_event && $xoops->isActiveModule('notifications')) {
$notifications = Notifications::getInstance();
$not_modid = $comment->getVar('modid');
$not_catinfo = $notifications->getCommentsCategory($module->getVar('dirname'));
$not_category = $not_catinfo['name'];
$not_itemid = $comment->getVar('itemid');
$not_event = $notify_event;
// Build an ABSOLUTE URL to view the comment. Make sure we
// point to a viewable page (i.e. not the system administration
// module).
$comment_tags = array();
$comment_tags['X_COMMENT_URL'] = $comment_url . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_rootid=' . $comment->getVar('rootid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id');
if ($xoops->isActiveModule('notifications')) {
Notifications::getInstance()->getHandlerNotification()->triggerEvent($not_category, $not_itemid, $not_event, $comment_tags, false, $not_modid);
}
}
if (!isset($comment_post_results)) {
// if the comment is active, redirect to posted comment
if ($comment->getVar('status') == COMMENTS_ACTIVE) {
$xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_rootid=' . $comment->getVar('rootid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id'), 1, _MD_COMMENTS_THANKSPOST);
} else {
// not active, so redirect to top comment page
$xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id'), 1, _MD_COMMENTS_THANKSPOST);
}
}
} else {
if (!isset($purge_comment_post_results)) {
$xoops->header();
echo $xoops->alert('error', $comment->getHtmlErrors());
$xoops->footer();
} else {
$comment_post_results = $comment->getErrors();
}
}
break;
default:
$xoops->redirect(\XoopsBaseConfig::get('url') . '/', 1, implode('<br />', $xoops->security()->getErrors()));
break;
}
}
}
/**
* @deprecated
* @param $text
* @return string
*/
function xoops_trim($text)
{
$xoops = Xoops::getInstance();
$xoops->deprecated(__FUNCTION__ . ' is deprecated since XOOPS 2.6.0. See how to replace it in file ' . __FILE__ . ' line ' . __LINE__);
return XoopsLocale::trim($text);
}
