protected function addComment(array $post = [], int $blogPostId = 0) : bool
{
if (!$this->config('blog.comments.enabled')) {
$this->storeLensVar('blog_error', \__('Comments are not enabled on this blog.'));
return false;
}
if (!$this->isLoggedIn() && !$this->config('blog.comments.guests')) {
$this->storeLensVar('blog_error', \__('Guest comments are not enabled on this blog.'));
return false;
}
if (!$this->isLoggedIn() && (empty($post['name']) || empty($post['email']))) {
$this->storeLensVar('blog_error', \__('Name and email address are required fields.'));
return false;
}
if ($this->isLoggedIn() && !$this->isSuperUser()) {
if (!empty($post['author'])) {
$allowedAuthors = $this->blog->getAuthorsForUser($this->getActiveUserId());
if (!\in_array($post['author'], $allowedAuthors)) {
$this->storeLensVar('blog_error', \__('You do not have permission to post as this author.'));
return false;
}
}
}
$msg = \trim($post['message']);
if (Binary::safeStrlen($msg) < 2) {
$this->storeLensVar('blog_error', \__('The comment you attempted to leave is much too short.'));
return false;
}
$published = false;
$can_comment = false;
if ($this->can('publish')) {
// No CAPTCHA necessary
$published = true;
$can_comment = true;
} elseif ($this->config('blog.comments.recaptcha')) {
if (isset($post['g-recaptcha-response'])) {
$rc = \Airship\getReCaptcha($this->config('recaptcha.secret-key'), $this->config('recaptcha.curl-opts') ?? []);
$resp = $rc->verify($post['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
$can_comment = $resp->isSuccess();
}
} else {
$can_comment = true;
}
if (!$can_comment) {
$this->storeLensVar('blog_error', \__('Invalid CAPTCHA Response. Please try again.'));
return false;
}
return $this->blog->addCommentToPost($post, $blogPostId, $published);
}
