public static function comment_posted($commentID = 0)
{
global $wpdb, $aecomments;
//Get comment
$comment = get_comment($commentID, ARRAY_A);
//Some sanity checks
if (!$comment) {
return;
}
//if ($comment['comment_approved'] == "1") { return; }
if ($comment['comment_approved'] == "spam") {
return;
}
//If admin, exit since we don't want to add anything
if (AECCore::is_comment_owner($comment['comment_post_ID'])) {
return $commentID;
}
//Check to see if the user is logged in and can indefinitely edit
if ($comment['user_id'] != 0) {
if ($aecomments->get_admin_option('allow_registeredediting') == 'false') {
return 'no_user_editing';
}
} else {
//Check to see if admin allows comment editing for anonymous users
if ($aecomments->get_admin_option('allow_editing') == "false") {
return 'no_user_editing';
}
}
//Don't save data if user can indefinitely edit
if (AECCore::can_indefinitely_edit($comment['user_id'])) {
return;
}
//Get hash and random security key
$hash = md5($comment['comment_author_IP'] . $comment['comment_date_gmt']);
$rand = 'wpAjax' . $hash . md5(AECUtility::random()) . md5(AECUtility::random());
//Get the minutes allowed to edit
$minutes = $aecomments->get_admin_option('minutes');
if (!is_numeric($minutes)) {
$minutes = $aecomments->get_minutes();
}
if ($minutes < 1) {
$minutes = $aecomments->get_minutes();
}
//Insert the random key into the database
//todo - update to update_post_meta or use comment meta instead
$query = "INSERT INTO " . $wpdb->postmeta . "(post_id, meta_key, meta_value) " . "VALUES (%d,'_%d', %s)";
@$wpdb->query($wpdb->prepare($query, $comment['comment_post_ID'], $comment['comment_ID'], $rand));
//Set the cookie
$cookieName = 'WPAjaxEditCommentsComment' . $commentID . $hash;
$value = $rand;
$expire = time() + 60 * $minutes;
if (!isset($_COOKIE[$cookieName])) {
setcookie($cookieName, $value, $expire, COOKIEPATH, COOKIE_DOMAIN);
//setcookie($cookieName, $value, $expire, SITECOOKIEPATH,COOKIE_DOMAIN);
$GLOBALS[$cookieName] = $value;
//For compatability with CFORMS
}
//Read in security key count, delete keys if over 100
$securityCount = get_site_option('ajax-edit-comments_security_key_count');
if (!$securityCount) {
$securityCount = get_option('ajax-edit-comments_security_key_count');
}
//for upgrade/multi-site support
if (!$securityCount) {
$securityCount = 1;
update_site_option('ajax-edit-comments_security_key_count', $securityCount);
} else {
$securityCount = (int) $securityCount;
}
//Delete keys if over a 100
if ($securityCount >= 100) {
$metakey = "_" . $comment['comment_ID'];
@$wpdb->query($wpdb->prepare("delete from {$wpdb->postmeta} where left(meta_value, 6) = 'wpAjax' and meta_key <> '%s'", $metakey));
$securityCount = 0;
}
$securityCount += 1;
update_site_option('ajax-edit-comments_security_key_count', $securityCount);
return $commentID;
}
public static function is_logged_in($userID = 0)
{
if (AECUtility::get_user_id() == $userID) {
return true;
} else {
return false;
}
}
public static function save_comment($commentID, $postID, $commentarr)
{
global $wpdb, $aecomments;
//Save the old comment and build an undo spot
$undoComment = $commentarr;
//Make sure the comment has something in it
$response = array();
if ('' == $commentarr['comment_content'] || $commentarr['comment_content'] == "undefined") {
$response['error'] = $aecomments->get_error('content_empty');
return $response;
}
//Check to see if user can edit
$message = AECCore::can_edit($commentID, $postID);
if (is_string($message)) {
$response['error'] = $aecomments->get_error($message);
return $response;
}
//Sanity checks
if (!AECCore::is_comment_owner($postID)) {
//Make sure required fields are filled out
if (get_option('require_name_email') && (6 > strlen($commentarr['comment_author_email']) && AECCore::can_edit_email($commentID, $postID) || '' == $commentarr['comment_author'] && AECCore::can_edit_name($commentID, $postID))) {
$response['error'] = $aecomments->get_error('required_fields');
return $response;
}
}
// end comment_owner check
//Make sure the e-mail is valid - Skip if pingback or trackback
if (!($aecomments->admin && empty($commentarr['comment_author_email']))) {
if (!is_email($commentarr['comment_author_email']) && $commentarr['comment_type'] != "pingback" && $commentarr['comment_type'] != "trackback") {
if (!get_option('require_name_email') && empty($commentarr['comment_author_email'])) {
} else {
if (AECCore::can_edit_email($commentID, $postID)) {
$response['error'] = $aecomments->get_error('invalid_email');
return $response;
}
}
}
}
if (strtolower(get_option('blog_charset')) != 'utf-8') {
@$wpdb->query("SET names 'utf8'");
}
//comment out if getting char errors
//Save the comment
$commentarr['comment_ID'] = (int) $commentID;
$commentapproved = $commentarr['comment_approved'];
//Condition the data for returning
do_action('wp_ajax_comments_remove_content_filter');
//Do some comment checks before updating
if (!AECCore::is_comment_owner($postID)) {
//Preserve moderation/spam setting. Only check approved comments
if ($commentarr['comment_approved'] == 1) {
// Everyone else's comments will be checked.
if (check_comment($commentarr['comment_author'], $commentarr['comment_author_email'], $commentarr['comment_author_url'], $commentarr['comment_content'], $commentarr['comment_author_IP'], $commentarr['comment_agent'], $commentarr['comment_type'])) {
$commentarr['comment_approved'] = 1;
} else {
$commentarr['comment_approved'] = 0;
}
}
if (wp_blacklist_check($commentarr['comment_author'], $commentarr['comment_author_email'], $commentarr['comment_author_url'], $commentarr['comment_content'], $commentarr['comment_author_IP'], $commentarr['comment_agent'])) {
$commentarr['comment_approved'] = 'spam';
}
}
//Update the comment
wp_update_comment($commentarr);
//If spammed, return error
if (!$aecomments->admin && $commentarr['comment_approved'] === 'spam') {
$response['error'] = $aecomments->get_error('comment_marked_spam');
return $response;
}
//If moderated, return error
if ($commentarr['comment_approved'] == 0 && $commentapproved != 0) {
$response['error'] = $aecomments->get_error('comment_marked_moderated');
return $response;
}
//Check for spam
if (!AECCore::is_comment_owner($postID)) {
if (AECCore::check_spam($commentID, $postID)) {
$response['error'] = $aecomments->get_error('comment_marked_spam');
return $response;
}
}
//Do actions after a comment has successfully been edited
do_action_ref_array('wp_ajax_comments_comment_edited', array(&$commentID, &$postID));
//Get undo data
if ($aecomments->admin) {
$oldComment = $aecomments->get_admin_option('undo');
$undo = AECUtility::build_undo_url("undoedit", $commentID, $postID, __('Comment successfully saved', 'ajaxEdit'));
} else {
$undo = '';
}
$approve_count = get_comment_count($postID);
$comment_count = get_comment_count();
//For security, get the new comment
if (isset($GLOBALS['comment'])) {
unset($GLOBALS['comment']);
}
global $comment;
$comment = get_comment($commentID);
//Condition the data for returning
do_action('wp_ajax_comments_remove_content_filter');
$response = array('content' => stripslashes(apply_filters('comment_text', apply_filters('get_comment_text', AECUtility::encode($comment->comment_content)))), 'comment_author' => stripslashes(apply_filters('comment_author', apply_filters('get_comment_author', AECUtility::encode($comment->comment_author)))), 'comment_author_url' => stripslashes(apply_filters('comment_url', apply_filters('get_comment_author_url', $comment->comment_author_url))), 'comment_date' => get_comment_date('F jS, Y'), 'comment_time' => get_comment_time(), 'comment_approved' => $comment->comment_approved, 'old_comment_approved' => isset($oldComment) ? $oldComment['comment_approved'] : false, 'undo_comment_approved' => isset($undoComment) ? $undoComment['comment_approved'] : false, 'approve_count' => $approve_count['approved'], 'moderation_count' => $comment_count['awaiting_moderation'], 'spam_count' => $comment_count['spam'], 'comment_links' => AECCore::build_admin_links($commentID, $postID), 'undo' => $undo);
return $response;
}
public static function add_edit_links($content)
{
global $comment, $aecomments;
if ($aecomments->skip) {
$aecomments->skip = false;
return $content;
}
if (empty($comment)) {
return $content;
}
if (is_page() && $aecomments->get_admin_option('show_pages') != 'true') {
return $content;
}
if (AECCore::can_edit_quickcheck($comment) != 1) {
return $content;
}
//--ag
if (AECCore::can_edit($comment->comment_ID, $comment->comment_post_ID) != 1) {
return $content;
}
if ($aecomments->get_admin_option('comment_display_top') == 'true') {
$aec_top = true;
}
$tempContent = $content;
//temporary variable to store content
$edit_admin = "edit-comment-admin-links";
$clearfix = $timer_class = '';
if ($aecomments->get_admin_option('icon_display') != 'classic' && $aecomments->get_admin_option('icon_display') != 'dropdown') {
$edit_admin = "edit-comment-admin-links-no-icon";
$timer_class = "ajax-edit-time-left-no-icon";
}
/*If you're wondering why the JS is inline, it's because people with 500+ comments were having their browsers lock up. With inline, the JS is run as needed. Not elegant, but the best solution.*/
if (!isset($aec_top)) {
//Test to see if user wants interface on top or bottom
$content = '<div class="edit-comment" id="edit-comment' . $comment->comment_ID . '" style="background: none">' . $content . '</div>';
$content .= "<div id='comment-undo-{$comment->comment_ID}' class='aec-undo' style='background: none'></div>";
} else {
$content = '';
}
if (!AECCore::is_comment_owner($comment->comment_post_ID)) {
//For anonymous users
$content .= "<div class='{$edit_admin} {$clearfix}' id='edit-comment-user-link-{$comment->comment_ID}' style='background:none'>";
$content .= AECCore::build_admin_links($comment->comment_ID, $comment->comment_post_ID);
$content .= "</div>";
//Show custom content to users
if (AECCore::show_affiliate_link()) {
$message = do_shortcode(stripslashes($aecomments->get_admin_option('affiliate_text')));
$message = str_replace("[url]", "<a href='http://www.ajaxeditcomments.com/?affiliate_id=" . $aecomments->get_admin_option('affiliate_id') . "'>", $message);
$message = str_replace("[/url]", "</a>", $message);
$content .= "<div class='aec-custom-text'>{$message}</div><!--/aec-custom-text-->";
}
//End for anonymous users
} else {
//Check if user is editor
$role = AECUtility::get_user_role();
//todo change editor to capability
if ($role == 'editor' && $aecomments->get_admin_option('allow_editing_editors') == 'false') {
return $content;
}
if (is_admin() && $aecomments->get_admin_option('admin_editing') == "false") {
//We're in the admin panel
$content .= '<div class="' . $edit_admin . ' ' . $clearfix . '" id="edit-comment-admin-links' . $comment->comment_ID . '">';
$content .= AECCore::build_admin_links($comment->comment_ID, $comment->comment_post_ID);
$content .= "</div>";
//End in the admin panel
} elseif ($aecomments->get_user_option('comment_editing') == "true") {
//We're in a post
$content .= '<div class="' . $edit_admin . ' ' . $clearfix . '" id="edit-comment-admin-links' . $comment->comment_ID . '" style="background: none">';
$content .= AECCore::build_admin_links($comment->comment_ID, $comment->comment_post_ID);
$content .= "</div>";
}
}
if (isset($aec_top)) {
//Test to see if user wants interface on top or bottom
$content .= "<div id='comment-undo-{$comment->comment_ID}' class='aec-undo' style='background: none'></div>";
$content .= '<div class="edit-comment" id="edit-comment' . $comment->comment_ID . '" style="background: none">' . $tempContent . '</div>';
}
return $content;
}
private function get_user_options()
{
if (empty($this->user_options)) {
$this->user_options = $this->get_all_user_options();
}
return $this->user_options[AECUtility::get_user_email()];
}
continue;
break;
case "blacklist":
$classic[$info] = aec_classic_condition($value, $_POST['blacklist']);
continue;
break;
}
}
$options['classic'] = $classic;
//Update user setings
$author_options['comment_editing'] = $_POST['comment_editing'];
$author_options['admin_editing'] = $_POST['admin_editing'];
$updated = true;
}
if ($updated && !$error) {
$aecomments->set_user_option(AECUtility::get_user_email(), $author_options);
$aecomments->save_admin_options($options);
?>
<div class="updated"><p><strong><?php
_e('Settings successfully updated.', 'ajaxEdit');
?>
</strong></p></div>
<?php
}
?>
<div class="wrap">
<form id="aecadminpanel" method="post" action="<?php
echo esc_attr($_SERVER["REQUEST_URI"]);
?>
">
<?php
