function JCommentsACL() { $user = JFactory::getUser(); $config = JCommentsFactory::getConfig(); $this->canDelete = $this->check('can_delete'); $this->canDeleteOwn = $this->check('can_delete_own'); $this->canDeleteForMyObject = $this->check('can_delete_for_my_object'); $this->canEdit = $this->check('can_edit'); $this->canEditOwn = $this->check('can_edit_own'); $this->canEditForMyObject = $this->check('can_edit_for_my_object'); $this->canPublish = $this->check('can_publish'); $this->canPublishForMyObject = $this->check('can_publish_for_my_object'); $this->canViewIP = $this->check('can_view_ip'); $this->canViewEmail = $this->check('can_view_email'); $this->canViewHomepage = $this->check('can_view_homepage'); $this->canComment = $this->check('can_comment'); $this->canVote = $this->check('can_vote'); $this->canReport = intval($this->check('can_report') && $config->getInt('enable_reports')); $this->canBan = 0; $this->canQuote = intval($this->canComment && $this->check('enable_bbcode_quote')); $this->canReply = intval($this->canComment && $this->check('can_reply') && $config->get('template_view') == 'tree'); $this->userID = (int) $user->id; $this->userIP = $_SERVER['REMOTE_ADDR']; $this->userBlocked = 0; $this->deleteMode = $config->getInt('delete_mode'); $this->commentsLocked = false; if ($config->getInt('enable_blacklist', 0) == 1) { $options = array(); $options['ip'] = $this->getUserIP(); $options['userid'] = $this->getUserID(); if (!JCommentsSecurity::checkBlacklist($options)) { $this->userBlocked = 1; $this->canComment = 0; $this->canQuote = 0; $this->canReply = 0; $this->canVote = 0; $this->canBan = 0; } else { $this->canBan = $this->check('can_ban'); } } }
public static function executeCmd() { $app = JFactory::getApplication('site'); $cmd = strtolower($app->input->get('cmd', '')); $hash = $app->input->get('hash', ''); $id = $app->input->getInt('id', 0); $message = ''; $link = str_replace('/administrator', '', JURI::root()) . 'index.php'; $checkHash = JCommentsFactory::getCmdHash($cmd, $id); if ($hash == $checkHash) { $config = JCommentsFactory::getConfig(); if ($config->getInt('enable_quick_moderation') == 1) { JTable::addIncludePath(JCOMMENTS_TABLES); $comment = JTable::getInstance('Comment', 'JCommentsTable'); if ($comment->load($id)) { $link = JCommentsObjectHelper::getLink($comment->object_id, $comment->object_group, $comment->lang); $link = str_replace('&', '&', $link); switch ($cmd) { case 'publish': $comment->published = 1; $comment->store(); // send notification to comment subscribers JComments::sendToSubscribers($comment, true); $link .= '#comment-' . $comment->id; break; case 'unpublish': $comment->published = 0; $comment->store(); $acl = JCommentsFactory::getACL(); if ($acl->canPublish()) { $link .= '#comment-' . $comment->id; } else { $link .= '#comments'; } break; case 'delete': if ($config->getInt('delete_mode') == 0) { $comment->delete(); $link .= '#comments'; } else { $comment->markAsDeleted(); $link .= '#comment-' . $comment->id; } break; case 'ban': if ($config->getInt('enable_blacklist') == 1) { $acl = JCommentsFactory::getACL(); // we will not ban own IP ;) if ($comment->ip != $acl->getUserIP()) { $options = array(); $options['ip'] = $comment->ip; // check if this IP already banned if (JCommentsSecurity::checkBlacklist($options)) { $blacklist = JTable::getInstance('Blacklist', 'JCommentsTable'); $blacklist->ip = $comment->ip; $blacklist->store(); $message = JText::_('SUCCESSFULLY_BANNED'); } else { $message = JText::_('ERROR_IP_ALREADY_BANNED'); } } else { $message = JText::_('ERROR_YOU_CAN_NOT_BAN_YOUR_IP'); } } break; } JCommentsNotificationHelper::send(); } else { $message = JText::_('ERROR_NOT_FOUND'); } } else { $message = JText::_('ERROR_QUICK_MODERATION_DISABLED'); } } else { $message = JText::_('ERROR_QUICK_MODERATION_INCORRECT_HASH'); } $app->redirect($link, $message); }
public static function BanIP($id) { if (JCommentsSecurity::badRequest() == 1) { JCommentsSecurity::notAuth(); } $acl = JCommentsFactory::getACL(); $response = JCommentsFactory::getAjaxResponse(); if ($acl->canBan()) { $config = JCommentsFactory::getConfig(); if ($config->getInt('enable_blacklist') == 1) { $id = (int) $id; $db = JCommentsFactory::getDBO(); $comment = new JCommentsTableComment($db); if ($comment->load($id)) { // we will not ban own IP ;) if ($comment->ip != $acl->getUserIP()) { $options = array(); $options['ip'] = $comment->ip; // check if this IP already banned if (JCommentsSecurity::checkBlacklist($options)) { $result = JCommentsEvent::trigger('onJCommentsUserBeforeBan', array(&$comment, &$options)); if (!in_array(false, $result, true)) { require_once JCOMMENTS_TABLES . '/blacklist.php'; $blacklist = new JCommentsTableBlacklist($db); $blacklist->ip = $comment->ip; $blacklist->created = JCommentsFactory::getDate(); $blacklist->created_by = $acl->getUserId(); if ($blacklist->store()) { JCommentsEvent::trigger('onJCommentsUserAfterBan', array(&$comment, $options)); self::showInfoMessage(JText::_('SUCCESSFULLY_BANNED'), 'comment-item-' . $id); } } } else { self::showErrorMessage(JText::_('ERROR_IP_ALREADY_BANNED'), '', 'comment-item-' . $id); } } else { self::showErrorMessage(JText::_('ERROR_YOU_CAN_NOT_BAN_YOUR_IP'), '', 'comment-item-' . $id); } } } } return $response; }