public static function comment_posted($commentID = 0) { global $wpdb, $aecomments; //Get comment $comment = get_comment($commentID, ARRAY_A); //Some sanity checks if (!$comment) { return; } //if ($comment['comment_approved'] == "1") { return; } if ($comment['comment_approved'] == "spam") { return; } //If admin, exit since we don't want to add anything if (AECCore::is_comment_owner($comment['comment_post_ID'])) { return $commentID; } //Check to see if the user is logged in and can indefinitely edit if ($comment['user_id'] != 0) { if ($aecomments->get_admin_option('allow_registeredediting') == 'false') { return 'no_user_editing'; } } else { //Check to see if admin allows comment editing for anonymous users if ($aecomments->get_admin_option('allow_editing') == "false") { return 'no_user_editing'; } } //Don't save data if user can indefinitely edit if (AECCore::can_indefinitely_edit($comment['user_id'])) { return; } //Get hash and random security key $hash = md5($comment['comment_author_IP'] . $comment['comment_date_gmt']); $rand = 'wpAjax' . $hash . md5(AECUtility::random()) . md5(AECUtility::random()); //Get the minutes allowed to edit $minutes = $aecomments->get_admin_option('minutes'); if (!is_numeric($minutes)) { $minutes = $aecomments->get_minutes(); } if ($minutes < 1) { $minutes = $aecomments->get_minutes(); } //Insert the random key into the database //todo - update to update_post_meta or use comment meta instead $query = "INSERT INTO " . $wpdb->postmeta . "(post_id, meta_key, meta_value) " . "VALUES (%d,'_%d', %s)"; @$wpdb->query($wpdb->prepare($query, $comment['comment_post_ID'], $comment['comment_ID'], $rand)); //Set the cookie $cookieName = 'WPAjaxEditCommentsComment' . $commentID . $hash; $value = $rand; $expire = time() + 60 * $minutes; if (!isset($_COOKIE[$cookieName])) { setcookie($cookieName, $value, $expire, COOKIEPATH, COOKIE_DOMAIN); //setcookie($cookieName, $value, $expire, SITECOOKIEPATH,COOKIE_DOMAIN); $GLOBALS[$cookieName] = $value; //For compatability with CFORMS } //Read in security key count, delete keys if over 100 $securityCount = get_site_option('ajax-edit-comments_security_key_count'); if (!$securityCount) { $securityCount = get_option('ajax-edit-comments_security_key_count'); } //for upgrade/multi-site support if (!$securityCount) { $securityCount = 1; update_site_option('ajax-edit-comments_security_key_count', $securityCount); } else { $securityCount = (int) $securityCount; } //Delete keys if over a 100 if ($securityCount >= 100) { $metakey = "_" . $comment['comment_ID']; @$wpdb->query($wpdb->prepare("delete from {$wpdb->postmeta} where left(meta_value, 6) = 'wpAjax' and meta_key <> '%s'", $metakey)); $securityCount = 0; } $securityCount += 1; update_site_option('ajax-edit-comments_security_key_count', $securityCount); return $commentID; }
public static function is_logged_in($userID = 0) { if (AECUtility::get_user_id() == $userID) { return true; } else { return false; } }
public static function save_comment($commentID, $postID, $commentarr) { global $wpdb, $aecomments; //Save the old comment and build an undo spot $undoComment = $commentarr; //Make sure the comment has something in it $response = array(); if ('' == $commentarr['comment_content'] || $commentarr['comment_content'] == "undefined") { $response['error'] = $aecomments->get_error('content_empty'); return $response; } //Check to see if user can edit $message = AECCore::can_edit($commentID, $postID); if (is_string($message)) { $response['error'] = $aecomments->get_error($message); return $response; } //Sanity checks if (!AECCore::is_comment_owner($postID)) { //Make sure required fields are filled out if (get_option('require_name_email') && (6 > strlen($commentarr['comment_author_email']) && AECCore::can_edit_email($commentID, $postID) || '' == $commentarr['comment_author'] && AECCore::can_edit_name($commentID, $postID))) { $response['error'] = $aecomments->get_error('required_fields'); return $response; } } // end comment_owner check //Make sure the e-mail is valid - Skip if pingback or trackback if (!($aecomments->admin && empty($commentarr['comment_author_email']))) { if (!is_email($commentarr['comment_author_email']) && $commentarr['comment_type'] != "pingback" && $commentarr['comment_type'] != "trackback") { if (!get_option('require_name_email') && empty($commentarr['comment_author_email'])) { } else { if (AECCore::can_edit_email($commentID, $postID)) { $response['error'] = $aecomments->get_error('invalid_email'); return $response; } } } } if (strtolower(get_option('blog_charset')) != 'utf-8') { @$wpdb->query("SET names 'utf8'"); } //comment out if getting char errors //Save the comment $commentarr['comment_ID'] = (int) $commentID; $commentapproved = $commentarr['comment_approved']; //Condition the data for returning do_action('wp_ajax_comments_remove_content_filter'); //Do some comment checks before updating if (!AECCore::is_comment_owner($postID)) { //Preserve moderation/spam setting. Only check approved comments if ($commentarr['comment_approved'] == 1) { // Everyone else's comments will be checked. if (check_comment($commentarr['comment_author'], $commentarr['comment_author_email'], $commentarr['comment_author_url'], $commentarr['comment_content'], $commentarr['comment_author_IP'], $commentarr['comment_agent'], $commentarr['comment_type'])) { $commentarr['comment_approved'] = 1; } else { $commentarr['comment_approved'] = 0; } } if (wp_blacklist_check($commentarr['comment_author'], $commentarr['comment_author_email'], $commentarr['comment_author_url'], $commentarr['comment_content'], $commentarr['comment_author_IP'], $commentarr['comment_agent'])) { $commentarr['comment_approved'] = 'spam'; } } //Update the comment wp_update_comment($commentarr); //If spammed, return error if (!$aecomments->admin && $commentarr['comment_approved'] === 'spam') { $response['error'] = $aecomments->get_error('comment_marked_spam'); return $response; } //If moderated, return error if ($commentarr['comment_approved'] == 0 && $commentapproved != 0) { $response['error'] = $aecomments->get_error('comment_marked_moderated'); return $response; } //Check for spam if (!AECCore::is_comment_owner($postID)) { if (AECCore::check_spam($commentID, $postID)) { $response['error'] = $aecomments->get_error('comment_marked_spam'); return $response; } } //Do actions after a comment has successfully been edited do_action_ref_array('wp_ajax_comments_comment_edited', array(&$commentID, &$postID)); //Get undo data if ($aecomments->admin) { $oldComment = $aecomments->get_admin_option('undo'); $undo = AECUtility::build_undo_url("undoedit", $commentID, $postID, __('Comment successfully saved', 'ajaxEdit')); } else { $undo = ''; } $approve_count = get_comment_count($postID); $comment_count = get_comment_count(); //For security, get the new comment if (isset($GLOBALS['comment'])) { unset($GLOBALS['comment']); } global $comment; $comment = get_comment($commentID); //Condition the data for returning do_action('wp_ajax_comments_remove_content_filter'); $response = array('content' => stripslashes(apply_filters('comment_text', apply_filters('get_comment_text', AECUtility::encode($comment->comment_content)))), 'comment_author' => stripslashes(apply_filters('comment_author', apply_filters('get_comment_author', AECUtility::encode($comment->comment_author)))), 'comment_author_url' => stripslashes(apply_filters('comment_url', apply_filters('get_comment_author_url', $comment->comment_author_url))), 'comment_date' => get_comment_date('F jS, Y'), 'comment_time' => get_comment_time(), 'comment_approved' => $comment->comment_approved, 'old_comment_approved' => isset($oldComment) ? $oldComment['comment_approved'] : false, 'undo_comment_approved' => isset($undoComment) ? $undoComment['comment_approved'] : false, 'approve_count' => $approve_count['approved'], 'moderation_count' => $comment_count['awaiting_moderation'], 'spam_count' => $comment_count['spam'], 'comment_links' => AECCore::build_admin_links($commentID, $postID), 'undo' => $undo); return $response; }
public static function add_edit_links($content) { global $comment, $aecomments; if ($aecomments->skip) { $aecomments->skip = false; return $content; } if (empty($comment)) { return $content; } if (is_page() && $aecomments->get_admin_option('show_pages') != 'true') { return $content; } if (AECCore::can_edit_quickcheck($comment) != 1) { return $content; } //--ag if (AECCore::can_edit($comment->comment_ID, $comment->comment_post_ID) != 1) { return $content; } if ($aecomments->get_admin_option('comment_display_top') == 'true') { $aec_top = true; } $tempContent = $content; //temporary variable to store content $edit_admin = "edit-comment-admin-links"; $clearfix = $timer_class = ''; if ($aecomments->get_admin_option('icon_display') != 'classic' && $aecomments->get_admin_option('icon_display') != 'dropdown') { $edit_admin = "edit-comment-admin-links-no-icon"; $timer_class = "ajax-edit-time-left-no-icon"; } /*If you're wondering why the JS is inline, it's because people with 500+ comments were having their browsers lock up. With inline, the JS is run as needed. Not elegant, but the best solution.*/ if (!isset($aec_top)) { //Test to see if user wants interface on top or bottom $content = '<div class="edit-comment" id="edit-comment' . $comment->comment_ID . '" style="background: none">' . $content . '</div>'; $content .= "<div id='comment-undo-{$comment->comment_ID}' class='aec-undo' style='background: none'></div>"; } else { $content = ''; } if (!AECCore::is_comment_owner($comment->comment_post_ID)) { //For anonymous users $content .= "<div class='{$edit_admin} {$clearfix}' id='edit-comment-user-link-{$comment->comment_ID}' style='background:none'>"; $content .= AECCore::build_admin_links($comment->comment_ID, $comment->comment_post_ID); $content .= "</div>"; //Show custom content to users if (AECCore::show_affiliate_link()) { $message = do_shortcode(stripslashes($aecomments->get_admin_option('affiliate_text'))); $message = str_replace("[url]", "<a href='http://www.ajaxeditcomments.com/?affiliate_id=" . $aecomments->get_admin_option('affiliate_id') . "'>", $message); $message = str_replace("[/url]", "</a>", $message); $content .= "<div class='aec-custom-text'>{$message}</div><!--/aec-custom-text-->"; } //End for anonymous users } else { //Check if user is editor $role = AECUtility::get_user_role(); //todo change editor to capability if ($role == 'editor' && $aecomments->get_admin_option('allow_editing_editors') == 'false') { return $content; } if (is_admin() && $aecomments->get_admin_option('admin_editing') == "false") { //We're in the admin panel $content .= '<div class="' . $edit_admin . ' ' . $clearfix . '" id="edit-comment-admin-links' . $comment->comment_ID . '">'; $content .= AECCore::build_admin_links($comment->comment_ID, $comment->comment_post_ID); $content .= "</div>"; //End in the admin panel } elseif ($aecomments->get_user_option('comment_editing') == "true") { //We're in a post $content .= '<div class="' . $edit_admin . ' ' . $clearfix . '" id="edit-comment-admin-links' . $comment->comment_ID . '" style="background: none">'; $content .= AECCore::build_admin_links($comment->comment_ID, $comment->comment_post_ID); $content .= "</div>"; } } if (isset($aec_top)) { //Test to see if user wants interface on top or bottom $content .= "<div id='comment-undo-{$comment->comment_ID}' class='aec-undo' style='background: none'></div>"; $content .= '<div class="edit-comment" id="edit-comment' . $comment->comment_ID . '" style="background: none">' . $tempContent . '</div>'; } return $content; }
private function get_user_options() { if (empty($this->user_options)) { $this->user_options = $this->get_all_user_options(); } return $this->user_options[AECUtility::get_user_email()]; }
continue; break; case "blacklist": $classic[$info] = aec_classic_condition($value, $_POST['blacklist']); continue; break; } } $options['classic'] = $classic; //Update user setings $author_options['comment_editing'] = $_POST['comment_editing']; $author_options['admin_editing'] = $_POST['admin_editing']; $updated = true; } if ($updated && !$error) { $aecomments->set_user_option(AECUtility::get_user_email(), $author_options); $aecomments->save_admin_options($options); ?> <div class="updated"><p><strong><?php _e('Settings successfully updated.', 'ajaxEdit'); ?> </strong></p></div> <?php } ?> <div class="wrap"> <form id="aecadminpanel" method="post" action="<?php echo esc_attr($_SERVER["REQUEST_URI"]); ?> "> <?php