/**
* Receives an ajax request to post a comment, returns comment's state
* Uses a lot of GLOBAL variables and functions
*/
public function lp_post_comment()
{
global $wpdb, $post;
$comment_post_ID = (int) $_POST['comment_post_ID'];
$post = get_post($comment_post_ID);
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
$this->die_post_status_to_json('error');
} elseif (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
$this->die_post_status_to_json('closed');
} elseif (in_array($post->post_status, array('draft', 'pending'))) {
$this->die_post_status_to_json('pending');
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
// If the user is logged in
$user = wp_get_current_user();
if ($user->ID) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = esc_sql($user->display_name);
$comment_author_email = esc_sql($user->user_email);
$comment_author_url = esc_sql($user->user_url);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
// start with a clean slate
kses_init_filters();
// set up the filters
}
}
} else {
if (get_option('comment_registration')) {
$this->die_post_status_to_json('not_allowed');
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->ID) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
$this->die_post_status_to_json('missing_fields');
} elseif (!is_email($comment_author_email)) {
$this->die_post_status_to_json('missing_fields');
}
}
if ('' == $comment_content) {
$this->die_post_status_to_json('missing_fields');
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
wp_set_comment_cookies($comment, $user);
$this->die_post_status_to_json(wp_get_comment_status($comment_id));
}
public static function process()
{
theme_features::check_referer();
theme_features::check_nonce();
$output = [];
/**
* Check the ajax comment post
*/
if (isset($_POST['comment_post_ID']) && is_string($_POST['comment_post_ID'])) {
$comment_post_ID = (int) $_POST['comment_post_ID'];
do_action('pre_comment_on_post', $comment_post_ID);
global $wp_query, $comment, $comments, $post, $wpdb;
$user = wp_get_current_user();
/**
* Define comment values
*/
$comment_author = isset($_POST['author']) && is_string($_POST['author']) ? trim($_POST['author']) : null;
$comment_author_email = isset($_POST['email']) && is_string($_POST['email']) && is_email($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) && is_string($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) && is_string($_POST['comment']) ? trim($_POST['comment']) : null;
$comment_parent = isset($_POST['comment_parent']) && is_numeric($_POST['comment_parent']) ? $_POST['comment_parent'] : null;
$output['status'] = 'success';
kses_remove_filters();
/**
* If logged
*/
if ($user->exists()) {
if (empty($use->nickname)) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
} else {
if (empty($user->display_name)) {
$user->display_name = $user->display_name;
}
}
$comment_author = wp_slash($user->display_name);
$comment_author_email = wp_slash($user->user_email);
$comment_author_url = wp_slash($user->user_url);
$user_id = $user->ID;
//if(theme_cache::current_user_can('unfiltered_html')){
// if ( ! isset( $_POST['_wp_unfiltered_html_comment'] )
// || ! wp_verify_nonce( $_POST['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_ID )
// ) {
//kses_remove_filters(); // start with a clean slate
//kses_init_filters(); // set up the filters
// }
//}
/**
* If not login, just visitor
*/
} else {
if ((int) theme_cache::get_option('comment_registration') === 1) {
$output['status'] = 'error';
$output['msg'] = ___('Sorry, you must be logged in to post a comment.');
die(theme_features::json_format($output));
}
}
/**
* Check required
*/
if (theme_cache::get_option('require_name_email') && !$user->exists()) {
if (empty($comment_author)) {
$output['status'] = 'error';
$output['code'] = 'invaild_name';
$output['msg'] = ___('Error: please fill your name.');
die(theme_features::json_format($output));
} else {
if (!$comment_author_email) {
$output['status'] = 'error';
$output['code'] = 'invaild_email';
$output['msg'] = ___('Error: please enter a valid email address.');
die(theme_features::json_format($output));
}
}
}
/**
* If no comment content
*/
if (empty($comment_content)) {
$output['status'] = 'error';
$output['code'] = 'invaild_content';
$output['msg'] = ___('Error: please type a comment.');
die(theme_features::json_format($output));
}
/**
* Compact the information
*/
$comment_type = null;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_id');
/**
* Insert new comment and get the comment ID
*/
$comment_id = wp_new_comment($commentdata);
/**
* Get new comment and set cookie
*/
$comment = get_comment($comment_id);
$post = theme_cache::get_post($comment_post_ID);
/**
* hook
*/
do_action('after_theme_comment_ajax', $comment, $post);
do_action('set_comment_cookies', $comment, $user);
/**
* set cookie
*/
wp_set_comment_cookies($comment, $user);
/**
* Class style
*/
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
/**
* Check if no error
*/
if ($output['status'] === 'success') {
$content = wp_list_comments(['type' => 'comment', 'callback' => 'theme_functions::theme_comment', 'echo' => false], [$comment]);
/**
* Check if Reply comment
*/
if ($comment_parent != 0) {
$output['comment_parent'] = $comment_parent;
$output['comment'] = '<ul id="children-' . $comment->comment_ID . '" class="children">' . $content . '</ul>';
} else {
$output['comment'] = $content;
}
$output['msg'] = ___('Commented successfully, thank you!');
$output['post_id'] = $comment_post_ID;
die(theme_features::json_format($output));
}
}
/**
* type
*/
$type = isset($_GET['type']) && is_string($_GET['type']) ? $_GET['type'] : null;
switch ($type) {
case 'get-comments':
/**
* comments page
*/
$cpage = isset($_GET['cpage']) && is_numeric($_GET['cpage']) ? $_GET['cpage'] : 1;
/**
* post id
*/
$post_id = isset($_GET['post-id']) && is_numeric($_GET['post-id']) ? $_GET['post-id'] : null;
if (!$post_id) {
$output['status'] = 'error';
$output['code'] = 'invaild_post_id';
$output['msg'] = ___('Post ID is invaild.');
die(theme_features::json_format($output));
}
global $post;
/**
* check post exists
*/
$post = theme_cache::get_post($post_id);
if (!$post || $post->post_type !== 'post' && $post->post_type !== 'page') {
$output['status'] = 'error';
$output['code'] = 'invaild_post';
$output['msg'] = ___('Post is not exist.');
die(theme_features::json_format($output));
}
setup_postdata($post);
$comments_str = self::get_comments_list($post_id, $cpage);
//var_dump($comments_str);
$output['status'] = 'success';
$output['msg'] = ___('Data sent.');
if ($cpage > 0) {
$output['pagination'] = theme_functions::get_comment_pagination(['cpaged' => $cpage]);
} else {
$output['pagination'] = theme_functions::get_comment_pagination(['cpaged' => 999]);
}
$output['comments'] = $comments_str;
$output['debug'] = ['cpage' => $cpage];
break;
}
die(theme_features::json_format($output));
}
/**
* @param string $email
* @param string $name
*/
protected static function set_subscriber_cookies($email, $name)
{
$commenter = wp_get_current_commenter();
$comment = new stdClass();
$comment->comment_author = $name;
$comment->comment_author_email = $email;
$comment->comment_author_url = $commenter['comment_author_url'];
wp_set_comment_cookies($comment, wp_get_current_user());
}