function can_edit($commentID = 0, $postID = 0)
{
global $wpdb, $aecomments;
//Check if admin/editor/post author
if (AECCore::is_comment_owner($postID)) {
return 1;
}
//Get the current comment, if necessary
$comment = AECCore::get_edit_comment($commentID);
//Check to see if the user is logged in and can indefinitely edit
if ($comment['user_id'] != 0) {
if ($aecomments->get_admin_option('allow_registeredediting') == 'false') {
return 'no_user_editing';
}
} else {
//Check to see if admin allows comment editing for anonymous users
if ($aecomments->get_admin_option('allow_editing') == "false") {
return 'no_user_editing';
}
}
if (!$comment) {
return 'get_comment_failed';
}
//Check to see if the comment is spam
if ($comment['comment_approved'] === 'spam') {
return 'comment_spam';
}
//Check to see if the user is logged in and can indefinitely edit
if (is_user_logged_in()) {
global $current_user;
$user_id = $current_user->ID;
if ($user_id == $comment['user_id'] && AECCore::can_indefinitely_edit($comment['user_id'])) {
return 1;
}
}
//Now we check to see if there is any time remaining for comments
$timestamp = $comment['time'];
$time = current_time('timestamp', 1) - $timestamp;
$minutesPassed = round($time % 604800 % 86400 % 3600 / 60);
//Get the time the admin has set for minutes
$minutes = $aecomments->get_admin_option('minutes');
if (!is_numeric($minutes)) {
$minutes = $aecomments->get_minutes();
//failsafe
}
if ($minutes < 1) {
$minutes = $aecomments->get_minutes();
}
if ($minutesPassed - $minutes > 0) {
return 'comment_time_elapsed';
}
//Now check if options allow editing after an additional comment has been made
if ($aecomments->get_admin_option('allow_editing_after_comment') == "false") {
//Admin doesn't want users to edit - so now check if any other comments have been left
$query = "SELECT comment_ID from {$wpdb->comments} where comment_post_ID = %d and comment_type <> 'pingback' and comment_type <> 'trackback' order by comment_ID DESC limit 1";
$newComment = $wpdb->get_row($wpdb->prepare($query, $postID), ARRAY_A);
if (!$newComment) {
return 'new_comment_posted';
}
//Check to see if there is a higher comment ID
if ($commentID != $newComment['comment_ID']) {
return 'new_comment_posted';
}
}
//Check to see if cookie is set
$hash = md5($comment['comment_author_IP'] . $comment['comment_date_gmt']);
if (!isset($_COOKIE['WPAjaxEditCommentsComment' . $commentID . $hash])) {
return 'comment_edit_denied';
}
//Get post security key
$postContent = $wpdb->get_row($wpdb->prepare("SELECT meta_value FROM {$wpdb->postmeta} WHERE post_id = %d and meta_key = '_%d'", $comment['comment_post_ID'], $comment['comment_ID']), ARRAY_A);
//$wpdb->get_row("SELECT post_content from $wpdb->posts WHERE post_type = 'ajax_edit_comments' and guid = $commentID order by ID desc limit 1", ARRAY_A);
if (!$postContent) {
return 'comment_edit_denied';
}
//Now check to see if there's a valid cookie
if (!isset($GLOBALS['WPAjaxEditCommentsComment' . $commentID . $hash])) {
//For compatability with CFORMS
if (isset($_COOKIE['WPAjaxEditCommentsComment' . $commentID . $hash])) {
if ($_COOKIE['WPAjaxEditCommentsComment' . $commentID . $hash] != $postContent['meta_value']) {
return 'comment_edit_denied';
}
} else {
return 'comment_edit_denied';
}
} else {
if ($GLOBALS['WPAjaxEditCommentsComment' . $commentID . $hash] != $postContent['meta_value']) {
return 'comment_edit_denied';
}
}
return 1;
//Yay, user can edit
}
