public function addCommentToPost(array $post, int $blogPostId, bool $published = false) : bool
{
$replyTo = isset($post['reply_to']) ? $this->checkCommentReplyTo((int) $post['reply_to'], $blogPostId) : 0;
// Enforce maximum comment reply depth.
if ($replyTo) {
$depth = $this->getCommentDepth($replyTo);
$conf = \Airship\LensFunctions\cabin_custom_config();
if ($depth + 1 > $conf['blog']['comments']['depth_max']) {
$replyTo = null;
}
}
if ($replyTo === 0) {
$replyTo = null;
}
if (!empty($post['author'])) {
$authors = $this->getAuthorsForUser($this->getActiveUserId());
if (!\in_array($post['author'], $authors)) {
$this->db->rollBack();
return false;
}
$author = $post['author'];
$metadata = null;
} else {
$author = null;
$metadata = \json_encode(['name' => $post['name'], 'email' => $post['email'], 'url' => $post['url']]);
}
// We're going to do this inside of a transaction:
$this->db->beginTransaction();
// Create the new comment:
$commentId = $this->db->insertGet('hull_blog_comments', ['blogpost' => $blogPostId, 'replyto' => $replyTo, 'author' => $author, 'approved' => $published ?? false, 'metadata' => $metadata], 'commentid');
if (!empty($commentId)) {
// Insert the comment
$this->db->insert('hull_blog_comment_versions', ['comment' => $commentId, 'approved' => $published ?? false, 'message' => $post['message']]);
// Get the unique ID for this blog post:
$unique = $this->getBlogPostUniqueId($blogPostId);
// Delete the cached entry:
$this->getCommentCache()->delete($unique);
// Hooray!
return $this->db->commit();
}
$this->db->rollBack();
return false;
} /**
* Add a comment to a blog post
*
* @param array $post
* @param int $blogPostId
* @return bool
*/
protected function addComment(array $post = [], int $blogPostId = 0) : bool
{
if (!$this->config('blog.comments.enabled')) {
$this->storeLensVar('blog_error', \__('Comments are not enabled on this blog.'));
return false;
}
if (!$this->isLoggedIn() && !$this->config('blog.comments.guests')) {
$this->storeLensVar('blog_error', \__('Guest comments are not enabled on this blog.'));
return false;
}
if (!$this->isLoggedIn() && (empty($post['name']) || empty($post['email']))) {
$this->storeLensVar('blog_error', \__('Name and email address are required fields.'));
return false;
}
if ($this->isLoggedIn() && !$this->isSuperUser()) {
if (!empty($post['author'])) {
$allowedAuthors = $this->blog->getAuthorsForUser($this->getActiveUserId());
if (!\in_array($post['author'], $allowedAuthors)) {
$this->storeLensVar('blog_error', \__('You do not have permission to post as this author.'));
return false;
}
}
}
$msg = \trim($post['message']);
if (Binary::safeStrlen($msg) < 2) {
$this->storeLensVar('blog_error', \__('The comment you attempted to leave is much too short.'));
return false;
}
$published = false;
$can_comment = false;
if ($this->can('publish')) {
// No CAPTCHA necessary
$published = true;
$can_comment = true;
} elseif ($this->config('blog.comments.recaptcha')) {
if (isset($post['g-recaptcha-response'])) {
$rc = \Airship\getReCaptcha($this->config('recaptcha.secret-key'), $this->config('recaptcha.curl-opts') ?? []);
$resp = $rc->verify($post['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
$can_comment = $resp->isSuccess();
}
} else {
$can_comment = true;
}
if (!$can_comment) {
$this->storeLensVar('blog_error', \__('Invalid CAPTCHA Response. Please try again.'));
return false;
}
return $this->blog->addCommentToPost($post, $blogPostId, $published);
}
