private function validateForm()
{
// get settings
$commentsAllowed = isset($this->settings['allow_comments']) && $this->settings['allow_comments'];
// comments aren't allowed so we don't have to validate
if (!$commentsAllowed) {
return false;
}
// is the form submitted
if ($this->frm->isSubmitted()) {
// cleanup the submitted fields, ignore fields that were added by hackers
$this->frm->cleanupFields();
// does the key exists?
if (\SpoonSession::exists('blog_comment_' . $this->record['id'])) {
// calculate difference
$diff = time() - (int) \SpoonSession::get('blog_comment_' . $this->record['id']);
// calculate difference, it it isn't 10 seconds the we tell the user to slow down
if ($diff < 10 && $diff != 0) {
$this->frm->getField('message')->addError(FL::err('CommentTimeout'));
}
}
// validate required fields
$this->frm->getField('author')->isFilled(FL::err('AuthorIsRequired'));
$this->frm->getField('email')->isEmail(FL::err('EmailIsRequired'));
$this->frm->getField('message')->isFilled(FL::err('MessageIsRequired'));
// validate optional fields
if ($this->frm->getField('website')->isFilled() && $this->frm->getField('website')->getValue() != 'http://') {
$this->frm->getField('website')->isURL(FL::err('InvalidURL'));
}
// no errors?
if ($this->frm->isCorrect()) {
// get module setting
$spamFilterEnabled = isset($this->settings['spamfilter']) && $this->settings['spamfilter'];
$moderationEnabled = isset($this->settings['moderation']) && $this->settings['moderation'];
// reformat data
$author = $this->frm->getField('author')->getValue();
$email = $this->frm->getField('email')->getValue();
$website = $this->frm->getField('website')->getValue();
if (trim($website) == '' || $website == 'http://') {
$website = null;
}
$text = $this->frm->getField('message')->getValue();
// build array
$comment['post_id'] = $this->record['id'];
$comment['language'] = LANGUAGE;
$comment['created_on'] = FrontendModel::getUTCDate();
$comment['author'] = $author;
$comment['email'] = $email;
$comment['website'] = $website;
$comment['text'] = $text;
$comment['status'] = 'published';
$comment['data'] = serialize(array('server' => $_SERVER));
// get URL for article
$permaLink = $this->record['full_url'];
$redirectLink = $permaLink;
// is moderation enabled
if ($moderationEnabled) {
// if the commenter isn't moderated before alter the
// comment status so it will appear in the moderation queue
if (!FrontendBlogModel::isModerated($author, $email)) {
$comment['status'] = 'moderation';
}
}
// should we check if the item is spam
if ($spamFilterEnabled) {
// check for spam
$result = FrontendModel::isSpam($text, SITE_URL . $permaLink, $author, $email, $website);
// if the comment is spam alter the comment status so it will appear in the spam queue
if ($result) {
$comment['status'] = 'spam';
} elseif ($result == 'unknown') {
// if the status is unknown then we should moderate it manually
$comment['status'] = 'moderation';
}
}
// insert comment
$comment['id'] = FrontendBlogModel::insertComment($comment);
// trigger event
FrontendModel::triggerEvent('Blog', 'after_add_comment', array('comment' => $comment));
// append a parameter to the URL so we can show moderation
if (mb_strpos($redirectLink, '?') === false) {
if ($comment['status'] == 'moderation') {
$redirectLink .= '?comment=moderation#' . FL::act('Comment');
}
if ($comment['status'] == 'spam') {
$redirectLink .= '?comment=spam#' . FL::act('Comment');
}
if ($comment['status'] == 'published') {
$redirectLink .= '?comment=true#comment-' . $comment['id'];
}
} else {
if ($comment['status'] == 'moderation') {
$redirectLink .= '&comment=moderation#' . FL::act('Comment');
}
if ($comment['status'] == 'spam') {
$redirectLink .= '&comment=spam#' . FL::act('Comment');
}
if ($comment['status'] == 'published') {
$redirectLink .= '&comment=true#comment-' . $comment['id'];
}
}
// set title
$comment['post_title'] = $this->record['title'];
$comment['post_url'] = $this->record['url'];
// notify the admin
FrontendBlogModel::notifyAdmin($comment);
// store timestamp in session so we can block excessive usage
\SpoonSession::set('blog_comment_' . $this->record['id'], time());
// store author-data in cookies
try {
CommonCookie::set('comment_author', $author);
CommonCookie::set('comment_email', $email);
CommonCookie::set('comment_website', $website);
} catch (\Exception $e) {
// settings cookies isn't allowed, but because this isn't a real problem we ignore the exception
}
// redirect
$this->redirect($redirectLink);
}
}
}
