function _save() { $this->autoRender = false; $this->autoLayout = false; $response = array(); # Validate form token $this->components = array('security'); $this->__initComponents(); if ($this->invalidToken) { return $this->ajaxError(s2messages::invalidToken()); } if ($this->Config->user_report) { $this->data['Report']['report_text'] = Sanitize::getString($this->data['Report'], 'report_text'); $listing_id = $this->data['Report']['listing_id'] = Sanitize::getInt($this->data['Report'], 'listing_id'); $review_id = $this->data['Report']['review_id'] = Sanitize::getInt($this->data['Report'], 'review_id'); $post_id = $this->data['Report']['post_id'] = Sanitize::getInt($this->data['Report'], 'post_id'); $extension = $this->data['Report']['extension'] = Sanitize::getString($this->data['Report'], 'extension'); if ($this->data['Report']['report_text'] != '') { $this->data['Report']['user_id'] = $this->_user->id; $this->data['Report']['ipaddress'] = $this->ipaddress; $this->data['Report']['created'] = date('Y-m-d H:i:s'); $this->data['Report']['approved'] = 0; if ($this->_user->id) { $this->data['Report']['name'] = $this->_user->name; $this->data['Report']['username'] = $this->_user->username; $this->data['Report']['email'] = $this->_user->email; } else { $this->data['Report']['name'] = 'Guest'; $this->data['Report']['username'] = '******'; } if ($this->Report->store($this->data)) { $update_text = __t("Your report was submitted, thank you.", true); $response[] = "jQuery('#jr_reportLink" . ($post_id > 0 ? $post_id : $review_id) . "').remove();"; return $this->ajaxUpdateDialog($update_text, $response); } return $this->ajaxError(s2Messages::submitErrorDb()); } # Validation failed if (isset($this->Security)) { $reponse[] = "jQuery('jr_reportToken').val('" . $this->Security->reissueToken() . "')"; } return $this->ajaxValidation(__t("The message is empty.", true), $response); } }
function _save() { $this->autoRender = false; $this->autoLayout = false; $this->components = array('security'); $this->__initComponents(); $listing_id = Sanitize::getInt($this->data['Claim'], 'listing_id'); $response = array(); # Validate form token if ($this->invalidToken) { return $this->ajaxError(s2Messages::invalidToken()); } if (!$listing_id) { return $this->ajaxError(s2Messages::accessDenied()); } if ($this->Config->claims_enable && $this->_user->id) { $this->data['Claim']['claim_text'] = Sanitize::getString($this->data['Claim'], 'claim_text'); if ($this->data['Claim']['claim_text'] != '') { // Check if this user already has a claim for this listing to update it $claim_id = $this->Claim->findOne(array('fields' => array('Claim.claim_id AS `Claim.claim_id`'), 'conditions' => array('Claim.user_id = ' . (int) $this->_user->id, 'Claim.listing_id = ' . $listing_id, 'Claim.approved <= 0'))); if ($claim_id > 0) { $this->data['Claim']['claim_id'] = $claim_id; } $this->data['Claim']['user_id'] = $this->_user->id; $this->data['Claim']['created'] = date('Y-m-d H:i:s'); $this->data['Claim']['approved'] = 0; if ($this->Claim->store($this->data)) { $update_text = __t("Your claim was submitted, thank you.", true); $response[] = "jQuery('#jr_claimImg{$listing_id}').remove();"; return $this->ajaxUpdateDialog($update_text, $response); } } else { # Validation failed if (isset($this->Security)) { $response[] = "jQuery('#jr_claimToken').val('" . $this->Security->reissueToken() . "');"; } return $this->ajaxValidation(__t("The message is empty.", true), $response); } } return $this->ajaxError(s2Messages::submitErrorDb()); }
function _save() { $response = array(); $this->data['Vote']['user_id'] = $this->_user->id; $this->data['Vote']['review_id'] = (int) $this->data['Vote']['review_id']; # Exact vote check to prevent form tampering. User can cheat the js and enter any interger, thus increasing the count $this->data['Vote']['vote_yes'] = Sanitize::getInt($this->data['Vote'], 'vote_yes') ? 1 : 0; $this->data['Vote']['vote_no'] = Sanitize::getInt($this->data['Vote'], 'vote_no') ? 1 : 0; $this->data['Vote']['created'] = gmdate('Y-m-d H:i:s'); $this->data['Vote']['ipaddress'] = $this->ipaddress; if (!$this->data['Vote']['review_id']) { return $this->ajaxError(s2Messages::submitErrorGeneric()); } // Find duplicates $duplicate = $this->Vote->findCount(array('conditions' => array('review_id = ' . $this->data['Vote']['review_id'], 'ipaddress = ' . $this->Vote->Quote($this->data['Vote']['ipaddress'])))); // It's a guest so we only care about checking the IP address if this feature is not disabled and // server is not localhost if (!$this->_user->id) { if (!$this->Config->vote_ipcheck_disable && $this->ipaddress != '127.0.0.1') { // Do the ip address check everywhere except in localhost $duplicate = $this->Vote->findCount(array('conditions' => array('review_id = ' . $this->data['Vote']['review_id'], 'ipaddress = ' . $this->Vote->Quote($this->ipaddress)))); } } else { $duplicate = $this->Vote->findCount(array('conditions' => array('review_id = ' . $this->data['Vote']['review_id'], "(user_id = {$this->_user->id}" . ($this->ipaddress != '127.0.0.1' && !$this->Config->vote_ipcheck_disable ? " OR ipaddress = " . $this->Vote->Quote($this->ipaddress) . ") " : ')')))); } if ($duplicate > 0) { # Hides vote buttons and shows message alert $response[] = "jQuery('#jr_reviewVote{$this->data['Vote']['review_id']}').fadeOut('medium',function(){\n jQuery(this).html('" . __t("You already voted.", true, true) . "').fadeIn();\n });"; return $this->ajaxResponse($response); } if ($this->Vote->store($this->data)) { # Hides vote buttons and shows message alert $response[] = "jQuery('#jr_reviewVote{$this->data['Vote']['review_id']}').fadeOut('medium',function(){\n jQuery(this).html('" . __t("Thank you for your vote.", true, true) . "').fadeIn();\n });"; # Facebook wall integration only for positive votes $facebook_integration = Sanitize::getBool($this->Config, 'facebook_enable') && Sanitize::getBool($this->Config, 'facebook_votes'); $token = cmsFramework::getCustomToken($this->data['Vote']['review_id']); $facebook_integration and $this->data['Vote']['vote_yes'] and $response[] = "\n jQuery.ajax({url:s2AjaxUri+jreviews.ajax_params()+'&url=facebook/_postVote/id:{$this->data['Vote']['review_id']}&{$token}=1',dataType:'script'});\n "; return $this->ajaxResponse($response); } return $this->ajaxError(s2Messages::submitErrorDb()); }
function _save() { $response = array(); $formToken = cmsFramework::getCustomToken($this->review_id); if ($this->denyAccess == true || !$this->__validateToken($formToken)) { return $this->ajaxError(s2Messages::accessDenied()); } # Validate form token $this->components = array('security'); $this->__initComponents(); if ($this->invalidToken) { return $this->ajaxError(s2messages::invalidToken()); } // Check if an owner reply already exists $this->OwnerReply->fields = array(); if ($reply = $this->OwnerReply->findRow(array('fields' => array('OwnerReply.owner_reply_text', 'OwnerReply.owner_reply_approved'), 'conditions' => array('OwnerReply.id = ' . $this->review_id)))) { if ($reply['OwnerReply']['owner_reply_approved'] == 1) { $error_text = __t("A reply for this review already exists.", true); $response[] = "jQuery('#jr_ownerReplyLink{$this->review_id}').remove();"; return $this->ajaxError($error_text, $response); } } if ($this->Config->owner_replies) { if ($this->data['OwnerReply']['owner_reply_text'] != '' && $this->data['OwnerReply']['id'] > 0) { $this->data['OwnerReply']['owner_reply_created'] = date('Y-m-d H:i:s'); $this->data['OwnerReply']['owner_reply_approved'] = (int) (!$this->Access->moderateOwnerReply()); // Replies will be moderated by default if ($this->OwnerReply->store($this->data)) { $update_text = $this->data['OwnerReply']['owner_reply_approved'] ? __t("Your reply was submitted and has been approved.", true) : __t("Your reply was submitted and will be published once it is verified.", true); $response[] = "jQuery('#jr_ownerReplyLink{$this->review_id}').remove();"; return $this->ajaxUpdateDialog($update_text, $response); } return $this->ajaxError(s2Messages::submitErrorDb()); } # Validation failed return $this->ajaxValidation(__t("The reply is empty.", true), $response); } }
function _delete($params) { $response = array(); $listing_id = $this->data['Listing']['id'] = Sanitize::getInt($this->params, 'id'); # Stop form data tampering $formToken = cmsFramework::getCustomToken($listing_id); if (!$listing_id || !$this->__validateToken($formToken)) { return $this->ajaxError(s2Messages::accessDenied()); } # Load current listing author id $query = "SELECT Listing.created_by, Listing.images FROM #__content AS Listing WHERE Listing.id = " . $listing_id; $this->_db->setQuery($query); $row = end($this->_db->loadAssocList()); # Check access if (!$this->Access->canDeleteListing($row['created_by'])) { return $this->ajaxError(s2Messages::accessDenied()); } $this->data['Listing']['images'] = $row['images']; # Delete listing and all associated records and images if ($this->Listing->delete($this->data)) { $msg = __t("The listing has been removed.", true); $response[] = "jQuery('#jr_listing_manager{$listing_id}').hide('fast').html('{$msg}').fadeIn(1000).effect('highlight',{},5000);"; return $this->ajaxResponse($response); } return $this->ajaxError(s2Messages::submitErrorDb()); }
function _delete($params) { // For compat with xajax if ($this->xajaxRequest) { $xajax = new xajaxResponse(); $xajax->loadCommands($this->{$this->action . 'Xajax'}($params)); return $xajax; } $this->autoRender = false; $this->autoLayout = false; $response = array(); $listing_id = $this->data['Listing']['id'] = Sanitize::getInt($this->params, 'id'); # Check if listing_id is valid if ($listing_id == 0) { return $this->ajaxError(s2Messages::accessDenied()); } # Load current listing author id $query = "SELECT Listing.created_by, Listing.images FROM #__content AS Listing WHERE Listing.id = " . $listing_id; $this->_db->setQuery($query); $row = end($this->_db->loadAssocList()); # Check access if (!$this->Access->canDeleteListing($row['created_by'])) { return $this->ajaxError(s2Messages::accessDenied()); } $this->data['Listing']['images'] = $row['images']; # Delete listing and all associated records and images if ($this->Listing->delete($this->data)) { $msg = __t("The listing has been removed.", true); $response[] = "jQuery('#jr_listing_manager{$listing_id}').hide('fast').html('{$msg}').fadeIn(1000).effect('highlight',{},5000);"; return $this->ajaxResponse($response); } return $this->ajaxError(s2Messages::submitErrorDb()); }