/**
* @Route("/comment")
* @Request({"post_id": "int", "comment": "array"}, csrf=true)
*/
public function commentAction($id, $data)
{
try {
$user = $this['user'];
if (!$user->hasAccess('blog: post comments')) {
throw new Exception(__('Insufficient User Rights.'));
}
// check minimum idle time in between user comments
if (!$user->hasAccess('blog: skip comment min idle') and $minidle = $this->extension->getParams('comments.minidle') and $comment = $this->comments->query()->where($user->isAuthenticated() ? ['user_id' => $user->getId()] : ['ip' => $this['request']->getClientIp()])->orderBy('created', 'DESC')->first()) {
$diff = $comment->getCreated()->diff(new \DateTime("- {$minidle} sec"));
if ($diff->invert) {
throw new Exception(__('Please wait another %seconds% seconds before commenting again.', ['%seconds%' => $diff->s + $diff->i * 60 + $diff->h * 3600]));
}
}
if (!($post = $this->posts->query()->where(['id' => $id, 'status' => Post::STATUS_PUBLISHED])->first())) {
throw new Exception(__('Insufficient User Rights.'));
}
if (!$post->isCommentable()) {
throw new Exception(__('Comments have been disabled for this post.'));
}
// retrieve user data
if ($user->isAuthenticated()) {
$data['author'] = $user->getName();
$data['email'] = $user->getEmail();
$data['url'] = $user->getUrl();
} elseif ($this->extension->getParams('comments.require_name_and_email') && (!$data['author'] || !$data['email'])) {
throw new Exception(__('Please provide valid name and email.'));
}
$comment = new Comment();
$comment->setUserId((int) $user->getId());
$comment->setIp($this['request']->getClientIp());
$comment->setCreated(new \DateTime());
$comment->setPost($post);
$approved_once = (bool) $this->comments->query()->where(['user_id' => $user->getId(), 'status' => Comment::STATUS_APPROVED])->first();
$comment->setStatus($user->hasAccess('blog: skip comment approval') ? Comment::STATUS_APPROVED : $user->hasAccess('blog: comment approval required once') && $approved_once ? Comment::STATUS_APPROVED : Comment::STATUS_PENDING);
// check the max links rule
if ($comment->getStatus() == Comment::STATUS_APPROVED && $this->extension->getParams('comments.maxlinks') <= preg_match_all('/<a [^>]*href/i', @$data['content'])) {
$comment->setStatus(Comment::STATUS_PENDING);
}
// check for spam
$this['events']->dispatch('system.comment.spam_check', new CommentEvent($comment));
$this->comments->save($comment, $data);
$this['message']->info(__('Thanks for commenting!'));
return $this->redirect($this['url']->route('@blog/id', ['id' => $post->getId()], true) . '#comment-' . $comment->getId());
} catch (Exception $e) {
$this['message']->error($e->getMessage());
return $this->redirect($this['url']->previous());
} catch (\Exception $e) {
$this['message']->error(__('Whoops, something went wrong!'));
return $this->redirect($this['url']->previous());
}
}
/**
* @Request({"comment": "array", "id": "int"}, csrf=true)
* @Response("json")
*/
public function saveAction($data, $id = 0)
{
try {
$user = $this['user'];
if (!$id || !($comment = $this->comments->find($id))) {
if (!($parent = $this->comments->find((int) @$data['parent_id']))) {
throw new Exception('Invalid comment reply.');
}
$comment = new Comment();
$comment->setUserId((int) $user->getId());
$comment->setIp($this['request']->getClientIp());
$comment->setAuthor($user->getName());
$comment->setEmail($user->getEmail());
$comment->setUrl($user->getUrl());
$comment->setStatus(CommentInterface::STATUS_APPROVED);
$comment->setPostId($parent->getPostId());
$comment->setParent($parent);
}
$this->comments->save($comment, $data);
return ['message' => $id ? __('Comment saved.') : __('Comment created.')];
} catch (Exception $e) {
return ['message' => $e->getMessage(), 'error' => true];
}
}