Ejemplo n.º 1
0
 function can_edit($commentID = 0, $postID = 0)
 {
     global $wpdb, $aecomments;
     //Check if admin/editor/post author
     if (AECCore::is_comment_owner($postID)) {
         return 1;
     }
     //Get the current comment, if necessary
     $comment = AECCore::get_edit_comment($commentID);
     //Check to see if the user is logged in and can indefinitely edit
     if ($comment['user_id'] != 0) {
         if ($aecomments->get_admin_option('allow_registeredediting') == 'false') {
             return 'no_user_editing';
         }
     } else {
         //Check to see if admin allows comment editing for anonymous users
         if ($aecomments->get_admin_option('allow_editing') == "false") {
             return 'no_user_editing';
         }
     }
     if (!$comment) {
         return 'get_comment_failed';
     }
     //Check to see if the comment is spam
     if ($comment['comment_approved'] === 'spam') {
         return 'comment_spam';
     }
     //Check to see if the user is logged in and can indefinitely edit
     if (is_user_logged_in()) {
         global $current_user;
         $user_id = $current_user->ID;
         if ($user_id == $comment['user_id'] && AECCore::can_indefinitely_edit($comment['user_id'])) {
             return 1;
         }
     }
     //Now we check to see if there is any time remaining for comments
     $timestamp = $comment['time'];
     $time = current_time('timestamp', 1) - $timestamp;
     $minutesPassed = round($time % 604800 % 86400 % 3600 / 60);
     //Get the time the admin has set for minutes
     $minutes = $aecomments->get_admin_option('minutes');
     if (!is_numeric($minutes)) {
         $minutes = $aecomments->get_minutes();
         //failsafe
     }
     if ($minutes < 1) {
         $minutes = $aecomments->get_minutes();
     }
     if ($minutesPassed - $minutes > 0) {
         return 'comment_time_elapsed';
     }
     //Now check if options allow editing after an additional comment has been made
     if ($aecomments->get_admin_option('allow_editing_after_comment') == "false") {
         //Admin doesn't want users to edit - so now check if any other comments have been left
         $query = "SELECT comment_ID from {$wpdb->comments} where comment_post_ID = %d and comment_type <> 'pingback' and comment_type <> 'trackback' order by comment_ID DESC limit 1";
         $newComment = $wpdb->get_row($wpdb->prepare($query, $postID), ARRAY_A);
         if (!$newComment) {
             return 'new_comment_posted';
         }
         //Check to see if there is a higher comment ID
         if ($commentID != $newComment['comment_ID']) {
             return 'new_comment_posted';
         }
     }
     //Check to see if cookie is set
     $hash = md5($comment['comment_author_IP'] . $comment['comment_date_gmt']);
     if (!isset($_COOKIE['WPAjaxEditCommentsComment' . $commentID . $hash])) {
         return 'comment_edit_denied';
     }
     //Get post security key
     $postContent = $wpdb->get_row($wpdb->prepare("SELECT meta_value FROM {$wpdb->postmeta} WHERE post_id = %d and meta_key = '_%d'", $comment['comment_post_ID'], $comment['comment_ID']), ARRAY_A);
     //$wpdb->get_row("SELECT post_content from $wpdb->posts WHERE post_type = 'ajax_edit_comments' and guid = $commentID order by ID desc limit 1", ARRAY_A);
     if (!$postContent) {
         return 'comment_edit_denied';
     }
     //Now check to see if there's a valid cookie
     if (!isset($GLOBALS['WPAjaxEditCommentsComment' . $commentID . $hash])) {
         //For compatability with CFORMS
         if (isset($_COOKIE['WPAjaxEditCommentsComment' . $commentID . $hash])) {
             if ($_COOKIE['WPAjaxEditCommentsComment' . $commentID . $hash] != $postContent['meta_value']) {
                 return 'comment_edit_denied';
             }
         } else {
             return 'comment_edit_denied';
         }
     } else {
         if ($GLOBALS['WPAjaxEditCommentsComment' . $commentID . $hash] != $postContent['meta_value']) {
             return 'comment_edit_denied';
         }
     }
     return 1;
     //Yay, user can edit
 }