function store(&$postNew)
{
$app = JFactory::getApplication();
$user = JFactory::getUser();
$db = JFactory::getDBO();
$uri = JFactory::getURI();
$tmpl = array();
$token = JUtility::getToken();
$paramsC = JComponentHelper::getParams('com_phocaguestbook');
//Add requirement
if (!JRequest::getInt($token, 0, 'post')) {
$app->redirect(JRoute::_('index.php', false), JText::_('JINVALID_TOKEN'));
exit;
}
// Security
$redSpam = 'index.php?option=com_phocaguestbook&view=empty';
//temp, does not work if sef enabled
$sec = 0;
$tmpl['specific_itemid'] = $paramsC->get('specific_itemid', '');
$tmpl['enable_detecting_page'] = $paramsC->get('enable_detecting_page', 0);
$itemids = explode(',', $tmpl['specific_itemid']);
if (!empty($itemids) && isset($itemids[0]) && (int) $itemids[0] > 0) {
$itemid = JRequest::getCmd('Itemid');
if (!in_array($itemid, $itemids)) {
$sec = 1;
}
}
if (!JRequest::getInt($token, 0, 'post')) {
$sec = 1;
}
if (JRequest::getCmd('view') != 'guestbook') {
$sec = 1;
}
if (JRequest::getCmd('option') != 'com_phocaguestbook') {
$sec = 1;
}
if (JRequest::getCmd('task') != 'submit') {
$sec = 1;
}
if ((int) $sec == 1) {
$app->redirect(JRoute::_('index.php', false), JText::_("COM_PHOCAGUESTBOOK_FORM_DATA_NOT_VALID"));
exit;
}
$tmpl['session_suffix'] = $paramsC->get('session_suffix');
//Get Session Data (we have saved new session, because we want to check captcha
$session =& JFactory::getSession();
$phoca_guestbook_session = $session->get('pgbsess' . $tmpl['session_suffix']);
// - - - - - - - - - -
//Some POST data can be required or not, If yes, set message if there is POST data == ''
//Get the params, e.g. if we define in params, that e.g. title can be "", we will not check it
//if params doesn't exist it will be required, if exists and is required (1) it is required
$tmpl['display_title_form'] = $paramsC->get('display_title_form', 2);
$tmpl['display_name_form'] = $paramsC->get('display_name_form', 2);
$tmpl['display_email_form'] = $paramsC->get('display_email_form', 1);
$tmpl['display_website_form'] = $paramsC->get('display_website_form', 0);
$tmpl['display_content_form'] = $paramsC->get('display_content_form', 2);
$tmpl['max_char'] = $paramsC->get('max_char', 2000);
$tmpl['send_mail'] = $paramsC->get('send_mail', 0);
$tmpl['registered_users_only'] = $paramsC->get('registered_users_only', 0);
$tmpl['enable_captcha'] = $paramsC->get('enable_captcha', 1);
$tmpl['enable_captcha_users'] = $paramsC->get('enable_captcha_users', 0);
$tmpl['enable_akismet'] = $paramsC->get('enable_akismet', 0);
$tmpl['akismet_api_key'] = $paramsC->get('akismet_api_key', "");
$tmpl['akismet_block_spam'] = $paramsC->get('akismet_block_spam', 0);
$tmpl['akismet_url'] = $paramsC->get('akismet_url', 0);
$tmpl['username_or_name'] = $paramsC->get('username_or_name', 0);
$tmpl['predefined_name'] = $paramsC->get('predefined_name', '');
$tmpl['disable_user_check'] = $paramsC->get('disable_user_check', 0);
$tmpl['enable_html_purifier'] = $paramsC->get('enable_html_purifier', 1);
$tmpl['enable_hidden_field'] = $paramsC->get('enable_hidden_field', 0);
$tmpl['forbidden_word_behaviour'] = $paramsC->get('forbidden_word_behaviour', 0);
//Get POST Data - - - - - - - - -
$post = JRequest::get('post');
// Hidden Field
if ($tmpl['enable_hidden_field'] == 1) {
$session =& JFactory::getSession();
$session_suffix = $paramsC->get('session_suffix');
$hiddenSession = 'pgbsesshf' . $session_suffix;
$hiddenField = JRequest::getVar($session->get($hiddenSession . 'name'), '', 'post', 'string');
$session->clear($hiddenSession . 'id');
$session->clear($hiddenSession . 'name');
$session->clear($hiddenSession . 'class');
if ($hiddenField != '') {
$app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED"));
exit;
}
}
$post2['content'] = JRequest::getVar('pgbcontent', '', 'post', 'string', JREQUEST_ALLOWRAW);
$post2['captcha'] = JRequest::getVar('captcha', '', 'post', 'string');
$post2['title'] = JRequest::getVar('title', '', 'post', 'string');
$post2['pgusername'] = JRequest::getVar('pgusername', '', 'post', 'string');
$post2['email'] = JRequest::getVar('email', '', 'post', 'string');
$post2['website'] = JRequest::getVar('website', '', 'post', 'string');
$post2['language'] = JRequest::getVar('language', '', 'post', 'string');
$post2['task'] = JRequest::getVar('task', '', 'post', 'string');
$post2['save'] = JRequest::getVar('save', '', 'post', 'string');
if (!isset($post2['captcha']) || isset($post2['captcha']) && $post2['captcha'] == '') {
$post2['captcha'] = '';
}
// HTML Purifier - - - - - - - - - -
if ($tmpl['enable_html_purifier'] == 0) {
$filterTags = '';
//preg_split( '#[,\s]+#', trim( ) ); // black list method is used
$filterAttrs = '';
//preg_split( '#[,\s]+#', trim( ) ); // black list method is used
$filter = new JFilterInput($filterTags, $filterAttrs, 1, 1, 1);
$post2['content'] = $filter->clean($post2['content']);
} else {
require_once JPATH_COMPONENT . DS . 'assets' . DS . 'library' . DS . 'HTMLPurifier.standalone.php';
$configP = HTMLPurifier_Config::createDefault();
$configP->set('Core.Encoding', 'UTF-8');
$configP->set('HTML.Doctype', 'XHTML 1.0 Transitional');
$configP->set('HTML.TidyLevel', 'medium');
$configP->set('HTML.Allowed', 'strong,em,p[style],span[style],img[src|width|height|alt|title],li,ul,ol,a[href],u,strike,br');
$purifier = new HTMLPurifier($configP);
$post2['content'] = $purifier->purify($post2['content']);
}
$cid = JRequest::getVar('cid', array(0), 'post', 'array');
$post2['catid'] = (int) $cid[0];
$post2['published'] = (int) 1;
if ($paramsC->get('review_item') != '') {
$post2['published'] = (int) $paramsC->get('review_item');
}
$post2['ip'] = $_SERVER["REMOTE_ADDR"];
if (!isset($post2['pgusername'])) {
$post2['username'] = '';
} else {
$post2['username'] = $post2['pgusername'];
}
if (!isset($post2['email'])) {
$post2['email'] = '';
}
if (!isset($post2['website'])) {
$post2['website'] = '';
}
if ($tmpl['forbidden_word_behaviour'] == 0) {
$fwfa = explode(',', trim($paramsC->get('forbidden_word_filter', '')));
$fwwfa = explode(',', trim($paramsC->get('forbidden_whole_word_filter', '')));
$fW = 0;
foreach ($fwfa as $key2 => $values2) {
if (trim($values2) != '') {
if (stripos($post2['username'], trim($values2)) !== false) {
$fW = 1;
break;
}
if (stripos($post2['title'], trim($values2)) !== false) {
$fW = 1;
break;
}
if (stripos($post2['content'], trim($values2)) !== false) {
$fW = 1;
break;
}
if (stripos($post2['email'], trim($values2)) !== false) {
$fW = 1;
break;
}
if (stripos($post2['website'], trim($values2)) !== false) {
$fW = 1;
break;
}
}
}
//Forbidden Whole Word Filter
$fWW = 0;
$matches = '';
foreach ($fwwfa as $key3 => $values3) {
if ($values3 != '') {
//$values3 = "/([\. ])".$values3."([\. ])/";
$values3 = "/(^|[^a-zA-Z0-9_]){1}(" . preg_quote($values3, "/") . ")(\$|[^a-zA-Z0-9_]){1}/i";
$a[] = $values3;
if (preg_match($values3, $post2['username']) == 1) {
$fWW = 1;
break;
}
if (preg_match($values3, $post2['title']) == 1) {
$fWW = 1;
break;
}
if (preg_match($values3, $post2['content']) == 1) {
$fWW = 1;
break;
}
if (preg_match($values3, $post2['email']) == 1) {
$fWW = 1;
break;
}
if (preg_match($values3, $post2['website']) == 1) {
$fWW = 1;
break;
}
}
}
if ($fW == 1 || $fWW == 1) {
$app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED"));
exit;
}
}
// Maximum of character, they will be saved in database
$post2['content'] = substr($post2['content'], 0, $tmpl['max_char']);
// Title Check
if ($tmpl['display_title_form'] == 2) {
if ($post2['title'] && trim($post2['title']) != '') {
$title = 1;
// there is a value in title ... OK
} else {
$title = 0;
JRequest::setVar('title-msg-1', 1, 'get', true);
// there is no value in title ... FALSE
}
} else {
if ($tmpl['display_title_form'] == 0) {
if ($post2['title'] && trim($post2['title']) != '') {
$app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED"));
exit;
}
$title = 1;
} else {
$title = 1;
//there is a value or there is no value but it is not required, so it is OK
}
}
if ($title != 0 && preg_match("~[<|>]~", $post2['title'])) {
$title = 0;
JRequest::setVar('title-msg-2', 1, 'get', true);
}
// Username or name check
//$post2 is the same for both (name or username)
//$tmpl['username'] is the same for both (name or username)
if ($tmpl['username_or_name'] == 1) {
if ($tmpl['display_name_form'] == 2) {
if ($post2['username'] && trim($post2['username']) != '') {
$username = 1;
} else {
$username = 0;
JRequest::setVar('username-msg-1', 1, 'get', true);
}
} else {
if ($tmpl['display_name_form'] == 0) {
if ($post2['username'] && trim($post2['username']) != '') {
$app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED"));
exit;
}
$username = 1;
} else {
$username = 1;
}
}
if ($username != 0 && preg_match("~[\\<|\\>|\"|\\'|\\%|\\;|\\(|\\)|\\&|\\+]~", $post2['username'])) {
$username = 0;
JRequest::setVar('username-msg-2', 1, 'get', true);
}
if ($tmpl['disable_user_check'] == 0) {
// Check for existing username
$query = 'SELECT id' . ' FROM #__users ' . ' WHERE username = '******'username']) . ' OR name = ' . $db->Quote($post2['username']) . ' AND id != ' . (int) $user->id;
$db->setQuery($query);
$xid = intval($db->loadResult());
if ($xid && $xid != intval($user->id)) {
$username = 0;
JRequest::setVar('username-msg-3', 1, 'get', true);
}
}
} else {
if ($tmpl['display_name_form'] == 2) {
if ($post2['username'] && trim($post2['username']) != '') {
$username = 1;
} else {
$username = 0;
JRequest::setVar('username-msg-1', 1, 'get', true);
}
} else {
if ($tmpl['display_name_form'] == 0) {
if ($post2['username'] && trim($post2['username']) != '') {
$app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED"));
exit;
}
$username = 1;
} else {
$username = 1;
}
}
if ($username != 0 && preg_match("~[\\<|\\>|\"|\\'|\\%|\\;|\\(|\\)|\\&|\\+]~", $post2['username'])) {
$username = 0;
JRequest::setVar('username-msg-2', 1, 'get', true);
}
if ($tmpl['disable_user_check'] == 0) {
// Check for existing username
$query = 'SELECT id' . ' FROM #__users ' . ' WHERE username = '******'username']) . ' OR name = ' . $db->Quote($post2['username']) . ' AND id != ' . (int) $user->id;
$db->setQuery($query);
$xid = intval($db->loadResult());
if ($xid && $xid != intval($user->id)) {
$username = 0;
JRequest::setVar('username-msg-3', 1, 'get', true);
}
}
}
// Email Check
if ($tmpl['display_email_form'] == 2) {
if ($post2['email'] && trim($post2['email']) != '') {
$email = 1;
} else {
$email = 0;
JRequest::setVar('email-msg-1', 1, 'get', true);
}
if ($email != 0 && !JMailHelper::isEmailAddress($post2['email'])) {
$email = 0;
JRequest::setVar('email-msg-2', 1, 'get', true);
}
} else {
if ($tmpl['display_email_form'] == 0) {
if ($post2['email'] && trim($post2['email']) != '') {
$app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED"));
exit;
}
$email = 1;
} else {
$email = 1;
if ($email != 0 && $post2['email'] != '' && !JMailHelper::isEmailAddress($post2['email'])) {
$email = 0;
JRequest::setVar('email-msg-2', 1, 'get', true);
}
}
}
if ($tmpl['disable_user_check'] == 0) {
// check for existing email
$query = 'SELECT id' . ' FROM #__users ' . ' WHERE email = ' . $db->Quote($post2['email']) . ' AND id != ' . (int) $user->id;
$db->setQuery($query);
$xid = intval($db->loadResult());
if ($xid && $xid != intval($user->id)) {
$email = 0;
JRequest::setVar('email-msg-3', 1, 'get', true);
}
}
// Website Check
if ($tmpl['display_website_form'] == 2) {
if ($post2['website'] && trim($post2['website']) != '') {
$website = 1;
} else {
$website = 0;
JRequest::setVar('website-msg-1', 1, 'get', true);
}
if ($website != 0 && !PhocaguestbookHelperFront::isURLAddress($post2['website'])) {
$website = 0;
JRequest::setVar('website-msg-2', 1, 'get', true);
}
} else {
if ($tmpl['display_website_form'] == 0) {
if ($post2['website'] && trim($post2['website']) != '') {
$app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED"));
exit;
}
$website = 1;
} else {
$website = 1;
if ($website != 0 && $post2['website'] != '' && !PhocaguestbookHelperFront::isURLAddress($post2['website'])) {
$website = 0;
JRequest::setVar('website-msg-2', 1, 'get', true);
}
}
}
// Content Check
if ($tmpl['display_content_form'] == 2) {
if ($post2['content'] && trim($post2['content']) != '') {
$content = 1;
} else {
$content = 0;
JRequest::setVar('content-msg-1', 1, 'get', true);
}
} else {
if ($tmpl['display_content_form'] == 0) {
if ($post2['content'] && trim($post2['content']) != '') {
$app->redirect(JRoute::_($redSpam, false), JText::_("COM_PHOCAGUESTBOOK_POSSIBLE_SPAM_DETECTED"));
exit;
}
$content = 1;
} else {
$content = 1;
}
}
// IP BAN Check
$ip_ban = trim($paramsC->get('ip_ban'));
$ip_ban_array = explode(',', $ip_ban);
$tmpl['ipa'] = 1;
//display
if (is_array($ip_ban_array)) {
foreach ($ip_ban_array as $valueIp) {
//if ($post2['ip'] == trim($value)) {
if ($valueIp != '') {
if (strstr($post2['ip'], trim($valueIp)) && strpos($post2['ip'], trim($valueIp)) == 0) {
$tmpl['ipa'] = 0;
JRequest::setVar('ip-msg-1', 1, 'get', true);
break;
}
}
}
}
// Not allowed URLs
$tmpl['deny_url_words'] = $paramsC->get('deny_url_words', '');
if (!empty($tmpl['deny_url_words'])) {
$tmpl['deny_url_words'] = explode(',', $paramsC->get('deny_url_words', ''));
}
if (!empty($tmpl['deny_url_words']) && $content == 1) {
$deny_url = 1;
foreach ($tmpl['deny_url_words'] as $word) {
if ($word != '') {
if (strpos($post2['content'], $word) !== false || strpos($post2['title'], $word) !== false || strpos($post2['username'], $word) !== false) {
$deny_url = 0;
JRequest::setVar('denyurl-msg-1', 1, 'get', true);
}
}
}
} else {
$deny_url = 1;
}
// Registered user Check
if ($tmpl['registered_users_only'] == 1) {
if ($user->id > 0) {
$reguser = 1;
} else {
$reguser = 0;
JRequest::setVar('reguser-msg-1', 1, 'get', true);
}
} else {
$reguser = 1;
}
// Captcha not for registered
if ((int) $tmpl['enable_captcha_users'] == 1) {
if ((int) $user->id > 0) {
$tmpl['enable_captcha'] = 0;
}
}
// Enable or disable Captcha
if ($tmpl['enable_captcha'] < 1) {
$phoca_guestbook_session = 1;
$post2['captcha'] = 1;
}
/*
if ($content != 0 && eregi( "[\<|\>]", $post2['content'])) {
$content = 0; JRequest::setVar( 'content-msg-2', 1, 'get',true );
}*/
// SAVING DATA - - - - - - - - - -
//the captcha picture code is the same as captcha input code, we can save the data
//and other post data are OK
//Recaptcha
if ($phoca_guestbook_session == '') {
// Maybe it is used a reCAPTCHA - we don't know but, because of security reason
// no information about which method is used is sent through the form
// So try to get reCAPTCHA
require_once JPATH_COMPONENT . DS . 'helpers' . DS . 'recaptchalib.php';
$resp = PhocaGuestbookHelperReCaptcha::recaptcha_check_answer($paramsC->get('recaptcha_privatekey', ''), $_SERVER["REMOTE_ADDR"], JRequest::getVar('recaptcha_challenge_field', '', 'post', 'string'), JRequest::getVar('recaptcha_response_field', '', 'post', 'string'));
if (!$resp->is_valid) {
$phoca_guestbook_session = '';
$post2['captcha'] = '';
} else {
$phoca_guestbook_session = 1;
$post2['captcha'] = 1;
}
}
if ($phoca_guestbook_session && $phoca_guestbook_session != '' && isset($post2['captcha']) && $post2['captcha'] != '' && $phoca_guestbook_session == $post2['captcha'] && $title == 1 && $username == 1 && $email == 1 && $content == 1 && $website == 1 && $tmpl['ipa'] == 1 && $deny_url == 1 && $reguser == 1 && isset($post2['task']) && $post2['task'] == 'submit' && isset($post2['save']) && isset($post2['published'])) {
$post2['homesite'] = $post2['website'];
/* Akismet
* after checking, that everything is valid and the captcha is good,
* we ask the akismet Service if this post is a spam,
* given that akismet check is enabled in the config
*/
//optimistic Default values, might be overriden
/** If this is true, the content will be posted, either as a published or unpublished post*/
$akismetIsGood = true;
/** If this is true, the content will be unpublished (or not posted, see above)*/
$akismetSuspectSpam = false;
if ($tmpl['enable_akismet'] == 1) {
$msgA = '';
$akismetSuspectSpam = PhocaguestbookAkismetHelper::checkSpam($tmpl['akismet_api_key'], $tmpl['akismet_url'], $post2['username'], $post2['email'], $post2['website'], $post2['content'], $msgA);
// Error while setting Akismet
if ($msgA != '') {
$postNew['displayformerror'] = 0;
$postNew['akismeterror'] = JText::_('COM_PHOCAGUESTBOOK_PHOCA_GUESTBOOK_AKISMET_NOT_CORRECTLY_SET');
return false;
}
if ($akismetSuspectSpam && $tmpl['akismet_block_spam'] == 1) {
$akismetIsGood = false;
}
}
//If akismet decides this is a spam post, and settings state, that spam gets blocked completly, return with false
if (!$akismetIsGood) {
$postNew['displayformerror'] = 0;
$postNew['akismeterror'] = JText::_('COM_PHOCAGUESTBOOK_PHOCA_GUESTBOOK_SPAM_BLOCKED');
return false;
}
//Akismet decides this is a spam post, the settings state, that spam posts get submitted but unpublished.
if ($akismetSuspectSpam) {
//unpublish
$post2['published'] = 0;
}
// Incoming page
if ($tmpl['enable_detecting_page'] == 1) {
$post2['incoming_page'] = htmlspecialchars(JFactory::getURI()->toString());
}
$data = $post2;
// TRUE MODEL
$row =& $this->getTable('phocaguestbook');
// Bind the form fields to the table
if (!$row->bind($data)) {
$this->setError($this->_db->getErrorMsg());
return false;
}
// First check: no category
if ((int) $row->catid < 1) {
$this->setError($this->_db->getErrorMsg());
return false;
}
// Second check: not existing category
$categoryExists = $this->_checkGuestbook((int) $row->catid);
if (!$categoryExists) {
$this->setError($this->_db->getErrorMsg());
return false;
}
//Check if we are authorized to post to the guestbook
$access = false;
if ($this->_loadGuestbook()) {
$app = JFactory::getApplication();
$uri = JFactory::getURI();
$user = JFactory::getUser();
$accessMsg = JText::_('COM_PHOCAGUESTBOOK_NOT_AUTHORIZED_DO_ACTION');
if (isset($this->_guestbook->access)) {
$neededAccessLevels = PhocaguestbookHelperFront::toArray($this->_guestbook->access);
//PhocaguestbookHelperFront::getNeededAccessLevels();
$access = PhocaguestbookHelperFront::isAccess($user->authorisedLevels(), $neededAccessLevels);
}
if (isset($this->_guestbook->id) && isset($data['catid']) && (int) $this->_guestbook->id == (int) $data['catid']) {
} else {
$access = FALSE;
$accessMsg = JText::_('COM_PHOCAGUESTBOOK_NOT_AUTHORIZED_DO_ACTION') . '. ' . JText::_('COM_PHOCAGUESTBOOK_WRONG_GUESTBOOK') . '.';
}
if (isset($this->_guestbook->language) && isset($data['language']) && ((int) $this->_guestbook->language == (int) $data['language'] || (int) ($this->_guestbook->language = '*' || (int) ($this->_guestbook->language = '')))) {
} else {
$access = FALSE;
$accessMsg = JText::_('COM_PHOCAGUESTBOOK_NOT_AUTHORIZED_DO_ACTION') . '. ' . JText::_('COM_PHOCAGUESTBOOK_WRONG_LANGUAGE') . '.';
}
}
if (!$access) {
//JError::raiseError(403, JText::_("ALERTNOTAUTH"));
$app->redirect('index.php?option=com_users&view=login&return=' . base64_encode($uri), $accessMsg);
return;
}
// Create the timestamp for the date
$row->date = gmdate('Y-m-d H:i:s');
// if new item, order last in appropriate group
if (!$row->id) {
$where = 'catid = ' . (int) $row->catid;
$row->ordering = $row->getNextOrder($where);
}
// Make sure the table is valid
if (!$row->check()) {
$this->setError($this->_db->getErrorMsg());
return false;
}
// Store the Phoca gallery table to the database
if (!$row->store()) {
$this->setError($this->_db->getErrorMsg());
return false;
}
// Everything OK
if ((int) $tmpl['send_mail'] > 0) {
PhocaGuestbookModelGuestbook::sendPhocaGuestbookMail((int) $tmpl['send_mail'], $data, $uri->toString(), $tmpl);
}
$postNew = $post2;
return true;
} else {
// captcha image code is not the same as captcha input field (don't redirect because we need post data)
if ($post2['captcha'] == '') {
JRequest::setVar('captcha-msg', 1, 'get', true);
}
if (!$post2['captcha']) {
JRequest::setVar('captcha-msg', 1, 'get', true);
}
if ($phoca_guestbook_session != $post2['captcha']) {
JRequest::setVar('captcha-msg', 1, 'get', true);
}
$post2['displayformerror'] = 1;
$postNew = $post2;
return false;
}
}
/**
* Gets html to display an email address given a public an private key.
* to get a key, go to:
*
* http://www.google.com/recaptcha/mailhide/apikey
*/
function recaptcha_mailhide_html($pubkey, $privkey, $email)
{
$emailparts = PhocaGuestbookHelperReCaptcha::_recaptcha_mailhide_email_parts($email);
$url = PhocaGuestbookHelperReCaptcha::recaptcha_mailhide_url($pubkey, $privkey, $email);
return htmlentities($emailparts[0]) . "<a href='" . htmlentities($url) . "' onclick=\"window.open('" . htmlentities($url) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities($emailparts[1]);
}
if ((int) $this->tmpl['display_website_form'] > 0) {
echo '<tr>' . '<td><strong>' . JText::_('COM_PHOCAGUESTBOOK_WEBSITE') . PhocaguestbookHelperFront::getRequiredSign((int) $this->tmpl['display_website_form']) . ' </strong></td>' . '<td colspan="3">' . '<input type="text" name="website" id="pgbwebsite" value="' . htmlspecialchars($this->formdata->website) . '" size="32" maxlength="100" class="pgbinput" />' . $this->tmpl['hidden_field_output'][4] . '</td>' . '</tr>';
}
if ((int) $this->tmpl['display_content_form'] > 0) {
echo '<tr>' . '<td><strong>' . JText::_('COM_PHOCAGUESTBOOK_CONTENT') . PhocaguestbookHelperFront::getRequiredSign((int) $this->tmpl['display_content_form']) . ' </strong></td>' . '<td colspan="3">' . $this->tmpl['editor'] . $this->tmpl['hidden_field_output'][5] . '</td>' . '</tr>';
}
if ((int) $this->tmpl['enable_captcha'] > 0 && $this->tmpl['captcha_id'] > 0) {
// Server side checking CAPTCHA
echo $this->tmpl['errmsg_captcha'];
//-- Server side checking CAPTCHA
// Set fix height because of pane slider
$imageHeight = 'style="height:105px"';
echo '<tr>' . '<td width="5"><strong>' . JText::_('COM_PHOCAGUESTBOOK_IMG_VERIFICATION') . PhocaguestbookHelperFront::getRequiredSign(2) . ' </strong></td>';
if ((int) $this->tmpl['captcha_id'] == 4) {
echo '<td colspan="2" align="center" valign="middle" ' . $imageHeight . '>';
echo PhocaGuestbookHelperReCaptcha::recaptcha_get_html($this->tmpl['recaptcha_publickey']);
echo '</td>';
} else {
echo '<td width="5" align="left" valign="middle" ' . $imageHeight . '>';
echo PhocaguestbookHelperFront::getCaptchaUrl($this->id);
echo '</td>';
echo '<td width="5" align="left" valign="middle">' . '<input type="text" id="pgbcaptcha" name="captcha" size="6" maxlength="6" class="pgbinput" /></td>';
echo '<td align="center" width="50" valign="middle">';
//Remove because of IE6 - href="javascript:void(0)" onclick="javascript:reloadCaptcha();"
echo '<a href="javascript:reloadCaptcha();" title="' . JText::_('COM_PHOCAGUESTBOOK_RELOAD_IMAGE') . '" >' . JHTML::_('image', 'components/com_phocaguestbook/assets/images/icon-reload.gif', JText::_('COM_PHOCAGUESTBOOK_RELOAD_IMAGE')) . '</a></td>';
}
echo '</tr>';
}
echo '<tr>' . '<td> </td>' . '<td colspan="3">' . '<input type="submit" name="save" value="' . JText::_('COM_PHOCAGUESTBOOK_SUBMIT') . '" />' . ' ' . '<input type="reset" name="reset" value="' . JText::_('COM_PHOCAGUESTBOOK_RESET') . '" /></td>' . '</tr>' . '</table>';
echo '<input type="hidden" name="cid" value="' . $this->id . '" />' . "\n" . '<input type="hidden" name="language" value="' . $this->guestbooks->language . '" />' . "\n" . '<input type="hidden" name="option" value="com_phocaguestbook" />' . "\n" . '<input type="hidden" name="view" value="guestbook" />' . "\n" . '<input type="hidden" name="controller" value="phocaguestbook" />' . "\n" . '<input type="hidden" name="task" value="submit" />' . "\n" . '<input type="hidden" name="' . JUtility::getToken() . '" value="1" />' . "\n" . '</form>' . "\n" . '</div><div style="clear:both;"> </div>';
// Display Pane or not
