/** * onBeforeSave method. Hook for chidlren model to prepare the data. * * @param array $data The data to be saved. * @param JTable $table The table object. * * @return boolean */ protected function onBeforeSave(&$data, $table) { // Get application $application = JFactory::getApplication(); // Params $params = JComponentHelper::getParams('com_k2'); // Get user $user = JFactory::getUser(); // New comments if (!$table->id) { // New comments only allowed in frontend if ($application->isAdmin()) { $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION')); return false; } // Don't allow new comments if comments are disabled if (!$params->get('comments')) { $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION')); return false; } // Get the item to check permissions $model = K2Model::getInstance('Items'); $model->setState('id', $data['itemId']); $item = $model->getRow(); // First check that user can actualy view the specific item if (!$item->checkSiteAccess()) { $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION')); return false; } // Check that the current user can comment on this category if (!$user->authorise('k2.comment.create', 'com_k2.category.' . $item->catid)) { $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION')); return false; } // Text is required for both guests and authenticated users if (trim($data['text']) == '') { $this->setError(JText::_('K2_YOU_NEED_TO_FILL_IN_ALL_REQUIRED_FIELDS')); return false; } // Validate user data for guests if ($user->guest) { // Check that the required fields have been set if (trim($data['name']) == '' || trim($data['email']) == '') { $this->setError(JText::_('K2_YOU_NEED_TO_FILL_IN_ALL_REQUIRED_FIELDS')); return false; } // Check that the email is valid if (!JMailHelper::isEmailAddress($data['email'])) { $this->setError(JText::_('K2_INVALID_EMAIL_ADDRESS')); return false; } // Check for spoofing $model = K2Model::getInstance('Users'); $spoofing = $model->checkSpoofing(trim($data['name']), $data['email']); if ($spoofing > 0) { $this->setError(JText::_('K2_THE_NAME_OR_EMAIL_ADDRESS_YOU_TYPED_IS_ALREADY_IN_USE')); return false; } // Enforce some data for guests $data['userId'] = 0; } else { // Enforce some data for authenticated users $data['userId'] = $user->id; $data['name'] = $user->name; $data['email'] = $user->email; } // Check captcha depending on settings require_once JPATH_SITE . '/components/com_k2/helpers/captcha.php'; if (!($result = K2HelperCaptcha::check($data, $this))) { return false; } // Everything seems fine, lets enforce the common variables $data['ip'] = $_SERVER['REMOTE_ADDR']; $data['hostname'] = gethostbyaddr($_SERVER['REMOTE_ADDR']); $data['date'] = JFactory::getDate()->toSql(); $data['state'] = $params->get('commentsPublishing') ? 1 : 0; // Set a variable to indicate that this was a new comment $this->setState('isNew', true); } else { // Check permissions $canEditAnyComment = $user->authorise('k2.comment.edit', 'com_k2'); if (!$canEditAnyComment) { $this->setError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION')); return false; } // Edit is only allowed for comment text and state. The rest fields should not be edited. $data['id'] = $table->id; $data['itemId'] = $table->itemId; $data['userId'] = $table->userId; $data['name'] = $table->name; $data['date'] = $table->date; $data['email'] = $table->email; $data['url'] = $table->url; $data['ip'] = $table->ip; $data['hostname'] = $table->hostname; } return true; }
<textarea name="reportReason" id="reportReason" cols="60" rows="10"></textarea> <?php if ($this->params->get('recaptcha') && $this->user->guest) { ?> <label class="formRecaptcha"><?php echo JText::_('K2_PLEASE_VERIFY_THAT_YOU_ARE_HUMAN'); ?> </label> <div id="recaptcha"></div> <?php } ?> <?php echo K2HelperCaptcha::display(); ?> <button data-action="report.send"><?php echo JText::_('K2_SEND_REPORT'); ?> </button> <span data-role="log"></span> <input type="hidden" name="id" value="" /> <input type="hidden" name="task" value="comments.report" /> <input type="hidden" name="format" value="json" /> <?php echo JHTML::_('form.token'); ?> </form>
public function display($tpl = null) { // Get application $application = JFactory::getApplication(); // Get input $id = $application->input->get('id', 0, 'int'); // Get item $this->item = K2Items::getInstance($id); // Check access $this->item->checkSiteAccess(); // Merge menu params with category params $effectiveParams = $this->item->category->getEffectiveParams(); $this->params->merge($effectiveParams); // Merge params with item params $this->params->merge($this->item->params); // Get the image depending on params $this->item->image = $this->item->getImage($this->params->get('itemImgSize')); // Trigger plugins. We need to do this there in order to provide the correct context $this->item->events = $this->item->getEvents('com_k2.item', $this->params, 0); // Image modal JHtml::_('behavior.modal', 'a.k2Modal'); // Load head data for comments and inline editing if required if ($this->item->canEdit || $this->params->get('itemComments') && $this->params->get('comments') && empty($this->item->events->K2CommentsCounter) && empty($this->item->events->K2CommentsBlock)) { // Common JHtml::_('behavior.keepalive'); $this->document->addScriptDeclaration('var K2SitePath = "' . JUri::root(true) . '";'); $this->document->addScriptDeclaration('var K2SessionToken = "' . JSession::getFormToken() . '";'); // Comments if ($this->params->get('itemComments') && $this->params->get('comments') && empty($this->item->events->K2CommentsCounter) && empty($this->item->events->K2CommentsBlock)) { // Check if user can comment $this->user->canComment = $this->user->authorise('k2.comment.create', 'com_k2'); // Load comments requirements $this->document->addScript(JURI::root(true) . '/media/k2app/vendor/underscore/underscore-min.js'); $this->document->addScript(JURI::root(true) . '/media/k2app/vendor/backbone/backbone-min.js'); $this->document->addScript(JURI::root(true) . '/media/k2app/vendor/marionette/backbone.marionette.min.js'); $this->document->addScript(JURI::root(true) . '/media/k2app/app/sync.js'); require_once JPATH_SITE . '/components/com_k2/helpers/captcha.php'; K2HelperCaptcha::initialize(); } // Inline editing if ($this->item->canEdit) { $this->document->addScript('//cdn.ckeditor.com/4.4.6/standard/ckeditor.js'); } } // Get related items. We need to do this here since the parameter is related with the view if ($this->params->get('itemRelated')) { $this->item->related = $this->item->getRelated($this->params->get('itemRelatedLimit', 5)); foreach ($this->item->related as $related) { $related->image = $related->getImage($this->params->get('itemRelatedImageSize')); } } // Get latest from same author. We need to do this here since the parameter is related with the view if ($this->params->get('itemAuthorLatest')) { $this->item->author->latest = $this->item->getLatestByAuthor($this->params->get('itemAuthorLatestLimit', 5)); } // Increase hits counter $this->item->hit(); // Set metadata $this->setMetadata($this->item); // Set Facebook meta data if ($this->params->get('facebookMetadata')) { $this->document->setMetaData('og:url', $this->item->url); $this->document->setMetaData('og:title', $this->document->getTitle()); $this->document->setMetaData('og:type', 'article'); $this->document->setMetaData('og:description', $this->document->getDescription()); $facebookImage = $this->item->getImage($this->params->get('facebookMetadataImageSize')); if ($facebookImage) { $this->document->setMetaData('og:image', $facebookImage->url); } } // Set the layout $this->setLayout('item'); // Add the template path $this->addTemplatePath(JPATH_SITE . '/components/com_k2/templates/' . $this->item->category->template); $this->addTemplatePath(JPATH_SITE . '/templates/' . JFactory::getApplication()->getTemplate() . '/html/com_k2/' . $this->item->category->template); // Display parent::display($tpl); }
public function report() { // Check for token JSession::checkToken() or K2Response::throwError(JText::_('JINVALID_TOKEN')); // Get application $application = JFactory::getApplication(); // Get configuration $configuration = JFactory::getConfig(); // Get input $id = $application->input->get('id', 0, 'int'); $reportName = $application->input->get('reportName', '', 'string'); $reportReason = $application->input->get('reportReason', '', 'string'); // Get params $params = JComponentHelper::getParams('com_k2'); // Get user $user = JFactory::getUser(); // Check if user can report if (!$params->get('comments') || !$params->get('commentsReporting') || $params->get('commentsReporting') == '2' && $user->guest) { K2Response::throwError(JText::_('K2_ALERTNOTAUTH'), 403); } // Get comment $comment = K2Comments::getInstance($id); // Check comment is published if (!$comment->state) { K2Response::throwError(JText::_('K2_COMMENT_NOT_FOUND')); } // Get item $item = K2Items::getInstance($comment->itemId); // Check access to the item $item->checkSiteAccess(); // Check input if (trim($reportName) == '') { K2Response::throwError(JText::_('K2_PLEASE_TYPE_YOUR_NAME')); } if (trim($reportReason) == '') { K2Response::throwError(JText::_('K2_PLEASE_TYPE_THE_REPORT_REASON')); } // Check captcha depending on settings require_once JPATH_SITE . '/components/com_k2/helpers/captcha.php'; $data = $this->getInputData(); if (!($result = K2HelperCaptcha::check($data, $this))) { K2Response::throwError($this->getError()); } $mailer = JFactory::getMailer(); $senderEmail = $configuration->get('mailfrom'); $senderName = $configuration->get('fromname'); $mailer->setSender(array($senderEmail, $senderName)); $mailer->setSubject(JText::_('K2_COMMENT_REPORT')); $mailer->IsHTML(true); $body = "\n <strong>" . JText::_('K2_NAME') . "</strong>: " . $reportName . " <br/>\n <strong>" . JText::_('K2_REPORT_REASON') . "</strong>: " . $reportReason . " <br/>\n <strong>" . JText::_('K2_COMMENT') . "</strong>: " . nl2br($comment->text) . " <br/>\n "; $mailer->setBody($body); $mailer->ClearAddresses(); $mailer->AddAddress($params->get('commentsReportRecipient', $configuration->get('mailfrom'))); $mailer->Send(); $application->enqueueMessage(JText::_('K2_REPORT_SUBMITTED')); echo json_encode(K2Response::render()); return $this; }