} } if ($values->title != '') { if ($sep == 1) { $gbPosts .= ' From '; } $gbPosts .= PhocaguestbookHelper::wordDelete($values->title, 100, '...'); } if ($this->tmpl['display_website'] != 0) { if ($values->homesite != '') { if ($values->title == '' && $values->email == '' && $values->username == '') { $gbPosts .= ''; } else { $gbPosts .= ' <br />'; } $gbPosts .= ' <span><a href="' . $values->homesite . '">' . PhocaguestbookHelper::wordDelete($values->homesite, 50, '...') . '</a></span>'; } } $gbPosts .= '</h4>'; // SECURITY // Open a tag protection $a_count = substr_count(strtolower($values->content), "<a"); $a_end_count = substr_count(strtolower($values->content), "</a>"); $quote_count = substr_count(strtolower($values->content), "\""); if ($quote_count % 2 != 0) { $end_quote = "\""; // close the " if it is open } else { $end_quote = ""; } if ($a_count > $a_end_count) {
echo $row->title; ?> </a> <?php } ?> </td> <td align="center"><?php echo $row->username; ?> </td> <td align="left"><?php $row->content = JFilterOutput::cleanText(strip_tags($row->content)); echo PhocaguestbookHelper::wordDelete($row->content, 60, '...'); ?> </td> <td align="center"><?php echo $row->ip; ?> </td> <td align="center"><?php echo $published; ?> </td> <td class="order"> <span><?php echo $this->pagination->orderUpIcon($i, $row->catid == @$this->items[$i - 1]->catid, 'orderup', 'Move Up', $ordering);
function sendPhocaGuestbookMail($id, $post, $url) { global $mainframe; $db = JFactory::getDBO(); $sitename = $mainframe->getCfg('sitename'); //get all super administrator $query = 'SELECT name, email, sendEmail' . ' FROM #__users' . ' WHERE id = ' . (int) $id; $db->setQuery($query); $rows = $db->loadObjectList(); if (isset($post['title']) && $post['title'] != '') { $subject = $sitename . ' (' . JText::_('New Phoca Guestbook Item') . '): ' . PhocaguestbookHelper::wordDelete($post['title'], 25, '...'); $title = $post['title']; } else { $subject = $sitename . " (" . JText::_('New Phoca Guestbook Item') . ')'; $title = $post['title']; } if (isset($post['username']) && $post['username'] != '') { $fromname = $post['username']; } else { $fromname = JText::_('Guest'); } if (isset($post['email']) && $post['email'] != '') { $mailfrom = $post['email']; } else { $mailfrom = $rows[0]->email; } if (isset($post['content']) && $post['content'] != '') { $content = $post['content']; } else { $content = "..."; } $email = $rows[0]->email; $post['content'] = str_replace("</p>", "\n", $post['content']); $post['content'] = strip_tags($post['content']); $message = JText::_('New Phoca Guestbook item saved') . "\n\n" . JText::_('Website') . ': ' . $sitename . "\n" . JText::_('From') . ': ' . $fromname . "\n" . JText::_('Date') . ': ' . JHTML::_('date', gmdate('Y-m-d H:i:s'), JText::_('DATE_FORMAT_LC2')) . "\n\n" . JText::_('Title') . ': ' . $title . "\n" . JText::_('Message') . ': ' . "\n" . "\n\n" . PhocaguestbookHelper::wordDelete($post['content'], 400, '...') . "\n\n" . "\n\n" . JText::_('Click the link') . "\n" . $url . "\n\n" . JText::_('Regards') . ", \n" . $sitename . "\n"; $subject = html_entity_decode($subject, ENT_QUOTES); $message = html_entity_decode($message, ENT_QUOTES); JUtility::sendMail($mailfrom, $fromname, $email, $subject, $message); return true; }
if ($sep == 1) { $msgpg .= ' '; $msgpg .= '( ' . JHTML::_('email.cloak', PhocaguestbookHelper::wordDelete($values->email, 35, '...')) . ' )'; $sep = 1; } else { $msgpg .= JHTML::_('email.cloak', PhocaguestbookHelper::wordDelete($values->email, 35, '...')); $sep = 1; } } } if ($values->title != '') { if ($values->title != '') { if ($sep == 1) { $msgpg .= ': '; } $msgpg .= PhocaguestbookHelper::wordDelete($values->title, 40, '...'); } } // SECURITY // Open a tag protection $a_count = substr_count(strtolower($values->content), "<a"); $a_end_count = substr_count(strtolower($values->content), "</a>"); $quote_count = substr_count(strtolower($values->content), "\""); if ($quote_count % 2 != 0) { $end_quote = "\""; // close the " if it is open } else { $end_quote = ""; } if ($a_count > $a_end_count) { $end_a = "></a>";
function display($tpl = null) { global $mainframe; $pathway =& $mainframe->getPathway(); $document =& JFactory::getDocument(); $uri =& JFactory::getURI(); $user =& JFactory::getUser(); JHTML::stylesheet('phocaguestbook.css', 'components/com_phocaguestbook/assets/'); $administrator = 0; if (strtolower($user->usertype) == strtolower('super administrator') || $user->usertype == strtolower('administrator')) { $administrator = 1; } // Get the parameters of the active menu item $menus =& JSite::getMenu(); $menu = $menus->getActive(); $params =& $mainframe->getParams(); //PARAMS $tmpl = array(); $tmpl['captchamethod'] = $params->get('captcha_method', 0); $tmpl['enableeditor'] = $params->get('enable_editor', 1); $tmpl['tablewidth'] = $params->get('table_width', 400); $tmpl['editorwidth'] = $params->get('editor_width', 400); $tmpl['editorheight'] = $params->get('editor_height', 200); $tmpl['displayform'] = $params->get('display_form', 1); $tmpl['df'] = $params->get('df', 1); $tmpl['date_format'] = $params->get('date_format', 'DATE_FORMAT_LC'); switch ($tmpl['date_format']) { case 1: $tmpl['date_format'] = '%d. %B %Y'; break; case 2: $tmpl['date_format'] = '%d/%m/%y'; break; case 3: $tmpl['date_format'] = '%d. %m. %Y'; break; } $document->addCustomTag(PhocaguestbookHelper::setCaptchaReloadJS()); if ($tmpl['enableeditor'] == 1) { $document->addCustomTag(PhocaguestbookHelper::setTinyMCEJS()); $document->addCustomTag(PhocaguestbookHelper::displaySimpleTinyMCEJS()); } //----------------------------------------------------------------------------------------------- // Fill the form in case, you get data from post (e.g. user send data, but with no valid captcha // We send him back to the form but without lossing data $post = JRequest::get('post'); $post['content'] = JRequest::getVar('pgbcontent', '', 'post', 'string', JREQUEST_ALLOWRAW); $cid = JRequest::getVar('cid', array(0), 'post', 'array'); $id = JRequest::getVar('id', '', 'get', 'string'); $post['catid'] = (int) $cid[0]; if (isset($post['pgusername'])) { // if not there is other code to solve it - see below $post['username'] = $post['pgusername']; } // HTML Purifier require_once JPATH_COMPONENT . DS . 'assets' . DS . 'library' . DS . 'HTMLPurifier.auto.php'; $configP = HTMLPurifier_Config::createDefault(); $configP->set('Core', 'TidyFormat', !empty($_REQUEST['tidy'])); $configP->set('Core', 'DefinitionCache', null); $configP->set('HTML', 'Allowed', 'strong,em,p[style],span[style],img[src|width|height|alt|title],li,ul,ol,a[href],u,strike'); $purifier = new HTMLPurifier($configP); $post['content'] = $purifier->purify($post['content']); // ------------ //----------------------------------------------------------------------------------------------- // Add username and user e-mail if user is login $username_or_name = 0; if ($params->get('username_or_name') != '') { $username_or_name = $params->get('username_or_name'); } if ($username_or_name == 1) { if ($user->name && trim($user->name != '')) { $form_username = $user->name; } else { $form_username = JText::_('Guest'); } } else { if ($user->username && trim($user->username != '')) { $form_username = $user->username; } else { $form_username = JText::_('Guest'); } } if ($user->email && trim($user->email != '')) { $form_email = $user->email; } else { $form_email = ''; } //----------------------------------------------------------------------------------------------- // !!!! Add content to the fields //----------------------------------------------------------------------------------------------- //Create new object, if user fill not all data, no redirection and he gets the data he added (he doesn't loss it) $formdata = new JObject(); //Content if (isset($post['content'])) { $formdata->set('content', $post['content']); } else { $formdata->set('content', ''); } //Name !!! NAME OR USERNAME if (isset($post['username'])) { $formdata->set('username', $post['username']); } else { $formdata->set('username', $form_username); } //Email if (isset($post['email'])) { $formdata->set('email', $post['email']); } else { $formdata->set('email', $form_email); } //Title if (isset($post['title'])) { $formdata->set('title', $post['title']); } else { $formdata->set('title', ''); } if ($tmpl['enableeditor'] == 1) { $editor = PhocaguestbookHelper::displayTextArea('pgbcontent', $formdata->content, (int) $tmpl['editorwidth'] . 'px', (int) $tmpl['editorheight'] . 'px', '60', '80', false); } else { $editor = '<textarea id="pgbcontent" name="pgbcontent" rows="6" cols="30" >' . $formdata->content . '</textarea>'; } //----------------------------------------------------------------------------------------------- // Get data - all items $items = $this->get('data'); $guestbooks = $this->get('guestbook'); // Define image tag attributes if (!empty($guestbooks->image)) { $attribs['align'] = $guestbooks->image_position; $attribs['hspace'] = '6'; // Use the static HTML library to build the image tag $image = JHTML::_('image', 'images/stories/' . $guestbooks->image, JText::_('Phoca Guestbook'), $attribs); } //$total = $this->get('total'); $pagination =& $this->get('pagination'); //---------------------------------------------------------------------------------------------- // Forbidden Word Filter $forbidden_word_filter = trim($params->get('forbidden_word_filter')); $forbidden_word_filter_array = explode(';', $forbidden_word_filter); //---------------------------------------------------------------------------------------------- // Forbidden Whole Word Filter $forbidden_whole_word_filter = trim($params->get('forbidden_whole_word_filter')); $forbidden_whole_word_filter_array = explode(';', $forbidden_whole_word_filter); //---------------------------------------------------------------------------------------------- //Add custom CSS V A L U E S if ($params->get('font_color') != '') { $css['fontcolor'] = $params->get('font_color'); } else { $css['fontcolor'] = '#000000'; } if ($params->get('second_font_color') != '') { $css['secondfontcolor'] = $params->get('second_font_color'); } else { $css['secondfontcolor'] = '#dddddd'; } if ($params->get('background_color') != '') { $css['backgroundcolor'] = $params->get('background_color'); } else { $css['backgroundcolor'] = '#C8DFF9'; } if ($params->get('border_color') != '') { $css['bordercolor'] = $params->get('border_color'); } else { $css['bordercolor'] = '#E6E6E6'; } //Add display values $display = ''; $require = ''; $display['username'] = 1; if ($params->get('display_name') != '') { $display['username'] = $params->get('display_name'); } $display['email'] = 1; if ($params->get('display_email') != '') { $display['email'] = $params->get('display_email'); } $display['formusername'] = 1; if ($params->get('display_name_form') != '') { $display['formusername'] = $params->get('display_name_form'); } $display['formemail'] = 1; if ($params->get('display_email_form') != '') { $display['formemail'] = $params->get('display_email_form'); } //Add requirement V A L U E S $require['title'] = 1; if ($params->get('require_title') != '') { $require['title'] = $params->get('require_title'); } $require['username'] = 1; if ($params->get('require_username') != '') { $require['username'] = $params->get('require_username'); } $require['email'] = 0; if ($params->get('require_email') != '') { $require['email'] = $params->get('require_email'); } // if we disable email form field and name form field we cannot require these items if ($display['formusername'] == 0) { $require['username'] = 0; } if ($display['formemail'] == 0) { $require['email'] = 0; } $require['content'] = 1; if ($params->get('require_content') != '') { $require['content'] = $params->get('require_content'); } $require['reguser'] = 0; if ($params->get('registered_users_only') != '') { $require['reguser'] = $params->get('registered_users_only'); } $tmpl['pf'] = PhocaguestbookHelper::setP($tmpl['df']); //Select the position, add V A L U E S if ($params->get('form_position') != '') { $config['position'] = $params->get('form_position'); } else { $config['position'] = 0; } if ($params->get('max_url') != '') { $config['maxurl'] = $params->get('max_url'); } else { $config['maxurl'] = 5; } if ($params->get('enable_captcha') != '') { $require['captcha'] = $params->get('enable_captcha'); } else { $require['captcha'] = 1; } //----------------------------------------------------------------------------------------------- // !!!! 1. Server Side Checking controll //----------------------------------------------------------------------------------------------- //Form Variables -------------------------------------------------------------------------------- //captcha is wrong,we cannot redirect the page,we display message this way //DISPLAY MESSAGES WHICH YOU GET FROM CONTROLL FILE - (CONTROLLERS - phocaguestbook.php) $smB = '<small style="color:#fc0000;">'; $smE = '</small><br />'; $errorMsgCaptcha = ''; $errorMsgTop = ''; if (JRequest::getVar('captcha-msg', 0, 'get', 'int') == 1) { $errorMsgCaptcha .= '<tr><td> </td><td colspan="3">' . $smB . JText::_('Phoca Guestbook Wrong Captcha') . '</small></td></tr>'; } if (JRequest::getVar('title-msg-1', 0, 'get', 'int') == 1) { $errorMsgTop .= $smB . JText::_('Phoca Guestbook No Title') . $smE; } if (JRequest::getVar('title-msg-2', 0, 'get', 'int') == 1) { $errorMsgTop .= $smB . JText::_('Phoca Guestbook Bad Title') . $smE; } if (JRequest::getVar('username-msg-1', 0, 'get', 'int') == 1) { $errorMsgTop .= $smB . JText::_('Phoca Guestbook No Username') . $smE; } if (JRequest::getVar('username-msg-2', 0, 'get', 'int') == 1) { $errorMsgTop .= $smB . JText::_('Phoca Guestbook Bad Username') . $smE; } if (JRequest::getVar('username-msg-3', 0, 'get', 'int') == 1) { $errorMsgTop .= $smB . JText::_('Phoca Guestbook Username Exists') . $smE; } if (JRequest::getVar('email-msg-1', 0, 'get', 'int') == 1) { $errorMsgTop .= $smB . JText::_('Phoca Guestbook No Email') . $smE; } if (JRequest::getVar('email-msg-2', 0, 'get', 'int') == 1) { $errorMsgTop .= $smB . JText::_('Phoca Guestbook Bad Email') . $smE; } if (JRequest::getVar('email-msg-3', 0, 'get', 'int') == 1) { $errorMsgTop .= $smB . JText::_('Phoca Guestbook Email Exists') . $smE; } if (JRequest::getVar('content-msg-1', 0, 'get', 'int') == 1) { $errorMsgTop .= $smB . JText::_('Phoca Guestbook No Content') . $smE; } if (JRequest::getVar('content-msg-2', 0, 'get', 'int') == 1) { $errorMsgTop .= $smB . JText::_('Phoca Guestbook Bad Content') . $smE; } if (JRequest::getVar('ip-msg-1', 0, 'get', 'int') == 1) { $errorMsgTop .= $smB . JText::_('Phoca Guestbook IP Ban') . $smE; } if (JRequest::getVar('reguser-msg-1', 0, 'get', 'int') == 1) { $errorMsgTop .= $smB . JText::_('Phoca Guestbook Reg User Only') . $smE; } $this->assignRef('error_msg_captcha', $errorMsgCaptcha); $this->assignRef('error_msg_top', $errorMsgTop); //Form Variables -------------------------------------------------------------------------------- //----------------------------------------------------------------------------------------------- // !!!! 2. Before Server Side Checking controll, don't show form (but there is a server side // checking, it means, if the user hack the form which is not displayed to him // there is a server checking controll too. //----------------------------------------------------------------------------------------------- //Don't show form, is IP Ban is wrong $ip_ban = trim($params->get('ip_ban')); $ip_ban_array = explode(';', $ip_ban); $ipa = 1; //display if (is_array($ip_ban_array)) { foreach ($ip_ban_array as $value) { if ($_SERVER["REMOTE_ADDR"] == trim($value)) { $ipa = 0; } } } //REGISTERED USER ONLY -------------------------------------------------------------------------- if ($require['reguser'] == 1) { if ($user->id > 0) { $reguser = 1; } else { $reguser = 0; } } else { $reguser = 1; } //ENABLE OR DISABLE CAPTCHA ---------------------------------------------------------------- if ($require['captcha'] < 1) { $enablecaptcha = 0; } else { $enablecaptcha = 1; } // reCaptcha public key ------------------------------------------------ if ($params->get('enable_captcha') == 20) { $recaptchakey = $params->get('recaptcha_publickey'); } else { $recaptchakey = ''; // Disables recaptcha } //---------------------------------------------------------------------------------------------------- //Variables $this->assignRef('tmpl', $tmpl); $this->assignRef('administrator', $administrator); $this->assignRef('itemid', $menu->id); $this->assignRef('id', $id); $this->assignRef('formdata', $formdata); //captcha is wrong, add the same values via POST into form as they were $this->assignRef('items', $items); $this->assignRef('fwfa', $forbidden_word_filter_array); $this->assignRef('fwwfa', $forbidden_whole_word_filter_array); $this->assignRef('css', $css); $this->assignRef('display', $display); $this->assignRef('require', $require); $this->assignRef('config', $config); $this->assignRef('guestbooks', $guestbooks); $this->assignRef('image', $image); $this->assignRef('params', $params); $this->assignRef('editor', $editor); $this->assignRef('pagination', $pagination); $this->assignRef('ipa', $ipa); $this->assignRef('reguser', $reguser); $this->assignRef('enablecaptcha', $enablecaptcha); $this->assignRef('recaptchakey', $recaptchakey); $this->assign('action', $uri->toString()); parent::display($tpl); }
function display($tpl = null) { global $mainframe; $pathway =& $mainframe->getPathway(); $document =& JFactory::getDocument(); $uri =& JFactory::getURI(); $user =& JFactory::getUser(); $params =& $mainframe->getParams(); $tmpl = array(); JHTML::stylesheet('phocaguestbook.css', 'components/com_phocaguestbook/assets/'); $tmpl['administrator'] = 0; if (strtolower($user->usertype) == strtolower('super administrator') || strtolower($user->usertype) == strtolower('administrator')) { $tmpl['administrator'] = 1; } //PARAMS $tmpl['captcha_method'] = $params->get('captcha_method', 1); $tmpl['enable_editor'] = $params->get('enable_editor', 1); $tmpl['table_width'] = $params->get('table_width', 400); $tmpl['editor_width'] = $params->get('editor_width', 400); $tmpl['editor_height'] = $params->get('editor_height', 200); $tmpl['display_form'] = $params->get('display_form', 1); $tmpl['date_format'] = $params->get('date_format', 'DATE_FORMAT_LC'); $tmpl['font_color'] = $params->get('font_color', '#000000'); $tmpl['second_font_color'] = $params->get('second_font_color', '#dddddd'); $tmpl['background_color'] = $params->get('background_color', '#C8DFF9'); $tmpl['border_color'] = $params->get('border_color', '#E6E6E6'); $tmpl['display_name_form'] = $params->get('display_name_form', 2); $tmpl['display_email_form'] = $params->get('display_email_form', 1); $tmpl['display_title_form'] = $params->get('display_title_form', 2); $tmpl['display_content_form'] = $params->get('display_content_form', 2); $tmpl['display_website_form'] = $params->get('display_website_form', 0); $tmpl['display_name'] = $params->get('display_name', 1); $tmpl['display_email'] = $params->get('display_email', 1); $tmpl['display_website'] = $params->get('display_website', 1); $tmpl['username_or_name'] = $params->get('username_or_name', 0); $tmpl['predefined_name'] = $params->get('predefined_name', ''); $tmpl['enable_html_purifier'] = $params->get('enable_html_purifier', 1); $tmpl['display_path_editor'] = $params->get('display_path_editor', 1); $tmpl['date_format'] = PhocaguestbookHelper::getDateFormat($tmpl['date_format']); $document->addCustomTag(PhocaguestbookHelper::setCaptchaReloadJS()); if ($tmpl['enable_editor'] == 1) { $document->addCustomTag(PhocaguestbookHelper::setTinyMCEJS()); $document->addCustomTag(PhocaguestbookHelper::displaySimpleTinyMCEJS($tmpl['display_path_editor'])); } // - - - - - - - - - - - // Fill the form in case, you get data from post (e.g. user send data, but with no valid captcha // We send him back to the form but without lossing data $post = JRequest::get('post'); $post['content'] = JRequest::getVar('pgbcontent', '', 'post', 'string', JREQUEST_ALLOWRAW); $cid = JRequest::getVar('cid', array(0), 'post', 'array'); $id = JRequest::getVar('id', '', 'get', 'string'); $post['catid'] = (int) $cid[0]; if ((int) $id < 1) { echo '<div id="phocaguestbook"><div class="error">' . JText::_('Warning Select Guestbook') . '</div></div>'; return true; } if (isset($post['pgusername'])) { // if not there is other code to solve it - see below $post['username'] = $post['pgusername']; } // HTML Purifier - - - - - - - - - - if ($tmpl['enable_html_purifier'] == 0) { $filterTags = ''; //preg_split( '#[,\s]+#', trim( ) ); // black list method is used $filterAttrs = ''; //preg_split( '#[,\s]+#', trim( ) ); // black list method is used $filter = new JFilterInput($filterTags, $filterAttrs, 1, 1, 1); $post['content'] = $filter->clean($post['content']); } else { require_once JPATH_COMPONENT . DS . 'assets' . DS . 'library' . DS . 'HTMLPurifier.auto.php'; $configP = HTMLPurifier_Config::createDefault(); $configP->set('Core', 'TidyFormat', !empty($_REQUEST['tidy'])); $configP->set('Core', 'DefinitionCache', null); $configP->set('HTML', 'Allowed', 'strong,em,p[style],span[style],img[src|width|height|alt|title],li,ul,ol,a[href],u,strike,br'); $purifier = new HTMLPurifier($configP); $post['content'] = $purifier->purify($post['content']); } // - - - - - - - - - - // Add username and user e-mail if user is login if ($tmpl['username_or_name'] == 1) { if ($user->name && trim($user->name != '')) { $form_username = $user->name; } else { $form_username = $tmpl['predefined_name']; } } else { if ($user->username && trim($user->username != '')) { $form_username = $user->username; } else { $form_username = $tmpl['predefined_name']; } } if ($user->email && trim($user->email != '')) { $form_email = $user->email; } else { $form_email = ''; } // - - - - - - - - - - - // !!!! Add content to the fields // - - - - - - - - - - - //Create new object, if user fill not all data, no redirection and he gets the data he added (he doesn't loss it) $formdata = new JObject(); if (isset($post['content'])) { $formdata->set('content', $post['content']); } else { $formdata->set('content', ''); } if (isset($post['username'])) { $formdata->set('username', $post['username']); } else { $formdata->set('username', $form_username); } if (isset($post['email'])) { $formdata->set('email', $post['email']); } else { $formdata->set('email', $form_email); } if (isset($post['title'])) { $formdata->set('title', $post['title']); } else { $formdata->set('title', ''); } //if (isset($post['website'])) {$formdata->set('website', $post['website']);} //else {$formdata->set('website', 'http://');} if (isset($post['website'])) { $formdata->set('website', $post['website']); } else { if ($tmpl['display_website'] == 2) { $formdata->set('website', 'http://'); //required } else { $formdata->set('website', ''); // not required } } if ($tmpl['enable_editor'] == 1) { $tmpl['editor'] = PhocaguestbookHelper::displayTextArea('pgbcontent', $formdata->content, (int) $tmpl['editor_width'] . 'px', (int) $tmpl['editor_height'] . 'px', '60', '80', false); } else { $tmpl['editor'] = '<textarea id="pgbcontent" name="pgbcontent" cols="45" rows="10" style="width: ' . (int) $tmpl['editor_width'] . 'px; height:' . (int) $tmpl['editor_height'] . 'px;" class="pgbinput" >' . $formdata->content . '</textarea>'; } // - - - - - - - - - - - // Get data - all items $items = $this->get('data'); $guestbooks = $this->get('guestbook'); // Define image tag attributes if (!empty($guestbooks->image)) { $attribs['align'] = $guestbooks->image_position; $attribs['hspace'] = '6'; // Use the static HTML library to build the image tag $tmpl['image'] = JHTML::_('image', 'images/stories/' . $guestbooks->image, JText::_('Phoca Guestbook'), $attribs); } $pagination =& $this->get('pagination'); $tmpl['fwfa'] = explode(',', trim($params->get('forbidden_word_filter', ''))); $tmpl['fwwfa'] = explode(',', trim($params->get('forbidden_whole_word_filter', ''))); /*$tmpl['formemail'] = 1; if ($params->get( 'display_email_form' ) != '') {$tmpl['formemail'] = $params->get( 'display_email_form' );} //Add requirement V A L U E S $tmpl['title'] = 1; if ($params->get( 'require_title' ) != '') {$tmpl['title'] = $params->get( 'require_title' );} /*$tmpl['username'] = 1; if ($params->get( 'require_username' ) != '') {$tmpl['username'] = $params->get( 'require_username' );} */ /*$tmpl['email'] = 0; if ($params->get( 'require_email' ) != '') {$tmpl['email'] = $params->get( 'require_email' );} // if we disable email form field and name form field we cannot require these items /*if ($tmpl['display_name_form'] == 0) {$tmpl['username'] = 0;} if ($tmpl['formemail'] == 0) {$tmpl['email'] = 0;}*/ /* $tmpl['content'] = 1; if ($params->get( 'require_content' ) != '') {$tmpl['content'] = $params->get( 'require_content' );} */ $tmpl['registered_users_only'] = $params->get('registered_users_only', 0); $tmpl['form_position'] = $params->get('form_position', 0); $tmpl['max_url'] = $params->get('max_url', 5); $tmpl['enable_captcha'] = $params->get('enable_captcha', 1); $tmpl['enable_captcha_users'] = $params->get('enable_captcha_users', 0); // Captcha not for registered if ((int) $tmpl['enable_captcha_users'] == 1) { if ((int) $user->id > 0) { $tmpl['enable_captcha'] = 0; } } //----------------------------------------------------------------------------------------------- // !!!! 1. Server Side Checking controll //----------------------------------------------------------------------------------------------- //Form Variables -------------------------------------------------------------------------------- //captcha is wrong,we cannot redirect the page,we display message this way //DISPLAY MESSAGES WHICH YOU GET FROM CONTROLL FILE - (CONTROLLERS - phocaguestbook.php) $smB = '<small style="color:#fc0000;">'; $smE = '</small><br />'; $tmpl['errmsg_captcha'] = ''; $tmpl['errmsg_top'] = ''; if (JRequest::getVar('captcha-msg', 0, 'get', 'int') == 1) { $tmpl['errmsg_captcha'] .= '<tr><td> </td><td colspan="3">' . $smB . JText::_('Phoca Guestbook Wrong Captcha') . '</small></td></tr>'; } if (JRequest::getVar('title-msg-1', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook No Title') . $smE; } if (JRequest::getVar('title-msg-2', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Bad Title') . $smE; } if (JRequest::getVar('username-msg-1', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook No Username') . $smE; } if (JRequest::getVar('username-msg-2', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Bad Username') . $smE; } if (JRequest::getVar('username-msg-3', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Username Exists') . $smE; } if (JRequest::getVar('email-msg-1', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook No Email') . $smE; } if (JRequest::getVar('email-msg-2', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Bad Email') . $smE; } if (JRequest::getVar('email-msg-3', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Email Exists') . $smE; } if (JRequest::getVar('website-msg-1', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook No Website') . $smE; } if (JRequest::getVar('website-msg-2', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Bad Website') . $smE; } if (JRequest::getVar('content-msg-1', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook No Content') . $smE; } if (JRequest::getVar('content-msg-2', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Bad Content') . $smE; } if (JRequest::getVar('ip-msg-1', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook IP Ban') . $smE; } if (JRequest::getVar('reguser-msg-1', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Reg User Only') . $smE; } if (JRequest::getVar('denyurl-msg-1', 0, 'get', 'int') == 1) { $tmpl['errmsg_top'] .= $smB . JText::_('Phoca Guestbook Deny URL') . $smE; } //Form Variables -------------------------------------------------------------------------------- //----------------------------------------------------------------------------------------------- // !!!! 2. Before Server Side Checking controll, don't show form (but there is a server side // checking, it means, if the user hack the form which is not displayed to him // there is a server checking controll too. //----------------------------------------------------------------------------------------------- //Don't show form, is IP Ban is wrong /* $ip_ban = trim( $params->get( 'ip_ban', '' ) ); $ip_ban_array = explode( ',', $ip_ban ); $i = '192.68.25.23'; $tmpl['ipa'] = 1;//display if (is_array($ip_ban_array)) { foreach ($ip_ban_array as $value) { krumo(trim($value)); if ($i == trim($value)) { $tmpl['ipa'] = 0; echo "ano"; break;// found } } }*/ $post['ip'] = $_SERVER["REMOTE_ADDR"]; $ip_ban = trim($params->get('ip_ban')); $ip_ban_array = explode(',', $ip_ban); $tmpl['ipa'] = 1; //display if (is_array($ip_ban_array)) { foreach ($ip_ban_array as $valueIp) { //if ($post['ip'] == trim($value)) { if ($valueIp != '') { if (strstr($post['ip'], trim($valueIp)) && strpos($post['ip'], trim($valueIp)) == 0) { $tmpl['ipa'] = 0; JRequest::setVar('ip-msg-1', 1, 'get', true); break; } } } } // Display or not to display the form // If user is registered - return 1, if not return 0, if not but the form can be displayed for not registered, return 1 $tmpl['registered_users_only'] = PhocaguestbookHelper::isRegisteredUser($tmpl['registered_users_only'], $user->id); $tmpl['show_form'] = 1; if ($tmpl['ipa'] == 0) { $tmpl['show_form'] = 0; $tmpl['ipa_msg'] = '<p>' . JText::_('Phoca Guestbook IP Ban No Access') . '</p>'; } else { $tmpl['ipa_msg'] = ''; } if ($tmpl['registered_users_only'] == 0) { $tmpl['show_form'] = 0; $tmpl['reguser_msg'] = '<p>' . JText::_('Phoca Guestbook Reg User Only No Access') . '</p>'; } else { $tmpl['reguser_msg'] = ''; } $tmpl['m'] = PhocaguestbookHelper::getInfo(); $this->assignRef('tmpl', $tmpl); $this->assignRef('id', $id); $this->assignRef('formdata', $formdata); //captcha is wrong, add the same values via POST into form as they were $this->assignRef('items', $items); $this->assignRef('guestbooks', $guestbooks); $this->assignRef('params', $params); $this->assignRef('pagination', $pagination); $this->assign('action', $uri->toString()); parent::display($tpl); }