public function addCommentToPost(array $post, int $blogPostId, bool $published = false) : bool
{
$replyTo = isset($post['reply_to']) ? $this->checkCommentReplyTo((int) $post['reply_to'], $blogPostId) : 0;
// Enforce maximum comment reply depth.
if ($replyTo) {
$depth = $this->getCommentDepth($replyTo);
$conf = \Airship\LensFunctions\cabin_custom_config();
if ($depth + 1 > $conf['blog']['comments']['depth_max']) {
$replyTo = null;
}
}
if ($replyTo === 0) {
$replyTo = null;
}
if (!empty($post['author'])) {
$authors = $this->getAuthorsForUser($this->getActiveUserId());
if (!\in_array($post['author'], $authors)) {
$this->db->rollBack();
return false;
}
$author = $post['author'];
$metadata = null;
} else {
$author = null;
$metadata = \json_encode(['name' => $post['name'], 'email' => $post['email'], 'url' => $post['url']]);
}
// We're going to do this inside of a transaction:
$this->db->beginTransaction();
// Create the new comment:
$commentId = $this->db->insertGet('hull_blog_comments', ['blogpost' => $blogPostId, 'replyto' => $replyTo, 'author' => $author, 'approved' => $published ?? false, 'metadata' => $metadata], 'commentid');
if (!empty($commentId)) {
// Insert the comment
$this->db->insert('hull_blog_comment_versions', ['comment' => $commentId, 'approved' => $published ?? false, 'message' => $post['message']]);
// Get the unique ID for this blog post:
$unique = $this->getBlogPostUniqueId($blogPostId);
// Delete the cached entry:
$this->getCommentCache()->delete($unique);
// Hooray!
return $this->db->commit();
}
$this->db->rollBack();
return false;
}
/** * Add a comment to a blog post * * @param array $post * @param int $blogPostId * @return bool */ protected function addComment(array $post = [], int $blogPostId = 0) : bool { if (!$this->config('blog.comments.enabled')) { $this->storeLensVar('blog_error', \__('Comments are not enabled on this blog.')); return false; } if (!$this->isLoggedIn() && !$this->config('blog.comments.guests')) { $this->storeLensVar('blog_error', \__('Guest comments are not enabled on this blog.')); return false; } if (!$this->isLoggedIn() && (empty($post['name']) || empty($post['email']))) { $this->storeLensVar('blog_error', \__('Name and email address are required fields.')); return false; } if ($this->isLoggedIn() && !$this->isSuperUser()) { if (!empty($post['author'])) { $allowedAuthors = $this->blog->getAuthorsForUser($this->getActiveUserId()); if (!\in_array($post['author'], $allowedAuthors)) { $this->storeLensVar('blog_error', \__('You do not have permission to post as this author.')); return false; } } } $msg = \trim($post['message']); if (Binary::safeStrlen($msg) < 2) { $this->storeLensVar('blog_error', \__('The comment you attempted to leave is much too short.')); return false; } $published = false; $can_comment = false; if ($this->can('publish')) { // No CAPTCHA necessary $published = true; $can_comment = true; } elseif ($this->config('blog.comments.recaptcha')) { if (isset($post['g-recaptcha-response'])) { $rc = \Airship\getReCaptcha($this->config('recaptcha.secret-key'), $this->config('recaptcha.curl-opts') ?? []); $resp = $rc->verify($post['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']); $can_comment = $resp->isSuccess(); } } else { $can_comment = true; } if (!$can_comment) { $this->storeLensVar('blog_error', \__('Invalid CAPTCHA Response. Please try again.')); return false; } return $this->blog->addCommentToPost($post, $blogPostId, $published); }