public static function log_user_from_authenticated_action($app_id, $action, $auth_data, $to_check) { $result = array('ok' => false, 'auth_error' => ''); $auth_engine = AuthenticationSettings::get_auth_engine_instance(); //First check the validity of what was sent : $result = $auth_engine->check_authenticated_action($app_id, $action, $auth_data, $to_check); if ($result['ok']) { //OK, log the user in for the current script execution : $user_wp = get_user_by('login', $result['user']); self::$current_user = wp_set_current_user($user_wp->ID); } return $result; }
public static function create($service_answer, $data, $app_id) { $service_answer = array(); $service_answer['comment_ok'] = 0; if (!empty($data['comment'])) { $comment = $data['comment']; //Check authentication if (!empty($data['auth'])) { if (is_array($comment)) { $comment_content = trim(base64_decode($comment['content'])); if (!empty($comment_content)) { $to_check = array($comment['content'], $comment['post']); //TODO we could add a filter on this to add more comment data to control field //(and same must be applied on app side). $result = WpakUserLogin::log_user_from_authenticated_action($app_id, "comment-POST", $data['auth'], $to_check); if ($result['ok']) { if (empty($comment['id'])) { if (!empty($comment['post'])) { $post = get_post($comment['post']); if (!empty($post)) { if ($post->post_status === 'publish') { //Comments must be open for the given post: if (comments_open($post->ID)) { $post_type = get_post_type_object($post->post_type); //The logged in user must be able to read the post he's commenting on : if (current_user_can($post_type->cap->read_post, $post->ID)) { $comment['content'] = $comment_content; $logged_in_user = WpakUserLogin::get_current_user(); $comment['author'] = $logged_in_user->ID; $comment['author_name'] = $logged_in_user->user_login; $comment['author_email'] = $logged_in_user->user_email; $comment['author_url'] = $logged_in_user->user_url; //The following comment insertion is inspired from the WP API v2 :) $prepared_comment = self::prepare_comment_for_database($comment); if (is_array($prepared_comment)) { //Don't post the same comment twice : if (!self::is_duplicate($prepared_comment)) { $prepared_comment['comment_approved'] = wp_allow_comment($prepared_comment); /** * Use this filter to edit the comment fields before inserting it to database. * * @param array $prepared_comment Comment that is going to be inserted into db * @param WP_User $logged_in_user Currently logged in user * @param int $app_id Id of the current app */ $prepared_comment = apply_filters('wpak_comments_before_insert', $prepared_comment, $logged_in_user, $app_id); $comment_id = wp_insert_comment($prepared_comment); if ($comment_id) { $inserted_comment = get_comment($comment_id); if ($inserted_comment->comment_approved) { $comment_tree = self::get_post_comments($post->ID, $app_id); if (!empty($comment_tree[$comment_id])) { $service_answer['comment'] = self::get_comment_web_service_data($comment_tree[$comment_id]); $service_answer['comments'] = self::read_one(array(), $post->ID, $app_id); $service_answer['comment_ok'] = 1; $service_answer['waiting_approval'] = 0; } else { $service_answer['comment_error'] = 'wrong-comment-tree'; } } else { $comment_tree = self::get_post_comments($post->ID, $app_id, false); //false to get non approved comments too if (!empty($comment_tree[$comment_id])) { $service_answer['comment'] = self::get_comment_web_service_data($comment_tree[$comment_id]); $service_answer['comments'] = self::read_one(array(), $post->ID, $app_id); //Note : $service_answer['comments'] will not contain the inserted comment as //it is waiting for approval. $service_answer['comment_ok'] = 1; $service_answer['waiting_approval'] = 1; } else { $service_answer['comment_error'] = 'wrong-comment-tree'; } } } else { $service_answer['comment_error'] = 'wp-insert-comment-failed'; } } else { $service_answer['comment_error'] = 'already-said-that'; } } else { $service_answer['comment_error'] = $prepared_comment; //Contains error string } } else { $service_answer['comment_error'] = 'user-cant-comment-this-post'; } } else { $service_answer['comment_error'] = 'comments-closed'; } } else { $service_answer['comment_error'] = 'post-not-published'; } } else { $service_answer['comment_error'] = 'comment-post-not-found'; } } else { $service_answer['comment_error'] = 'no-comment-post'; } } else { $service_answer['comment_error'] = 'comment-already-exists'; } } else { $service_answer['comment_error'] = $result['auth_error']; } } else { $service_answer['comment_error'] = 'content-empty'; } } else { $service_answer['comment_error'] = 'wrong-comment-format'; } } else { $service_answer['comment_error'] = 'no-auth'; } } else { $service_answer['comment_error'] = 'no-comment'; } return (object) $service_answer; }