function can_edit($commentID = 0, $postID = 0) { global $wpdb, $aecomments; //Check if admin/editor/post author if (AECCore::is_comment_owner($postID)) { return 1; } //Get the current comment, if necessary $comment = AECCore::get_edit_comment($commentID); //Check to see if the user is logged in and can indefinitely edit if ($comment['user_id'] != 0) { if ($aecomments->get_admin_option('allow_registeredediting') == 'false') { return 'no_user_editing'; } } else { //Check to see if admin allows comment editing for anonymous users if ($aecomments->get_admin_option('allow_editing') == "false") { return 'no_user_editing'; } } if (!$comment) { return 'get_comment_failed'; } //Check to see if the comment is spam if ($comment['comment_approved'] === 'spam') { return 'comment_spam'; } //Check to see if the user is logged in and can indefinitely edit if (is_user_logged_in()) { global $current_user; $user_id = $current_user->ID; if ($user_id == $comment['user_id'] && AECCore::can_indefinitely_edit($comment['user_id'])) { return 1; } } //Now we check to see if there is any time remaining for comments $timestamp = $comment['time']; $time = current_time('timestamp', 1) - $timestamp; $minutesPassed = round($time % 604800 % 86400 % 3600 / 60); //Get the time the admin has set for minutes $minutes = $aecomments->get_admin_option('minutes'); if (!is_numeric($minutes)) { $minutes = $aecomments->get_minutes(); //failsafe } if ($minutes < 1) { $minutes = $aecomments->get_minutes(); } if ($minutesPassed - $minutes > 0) { return 'comment_time_elapsed'; } //Now check if options allow editing after an additional comment has been made if ($aecomments->get_admin_option('allow_editing_after_comment') == "false") { //Admin doesn't want users to edit - so now check if any other comments have been left $query = "SELECT comment_ID from {$wpdb->comments} where comment_post_ID = %d and comment_type <> 'pingback' and comment_type <> 'trackback' order by comment_ID DESC limit 1"; $newComment = $wpdb->get_row($wpdb->prepare($query, $postID), ARRAY_A); if (!$newComment) { return 'new_comment_posted'; } //Check to see if there is a higher comment ID if ($commentID != $newComment['comment_ID']) { return 'new_comment_posted'; } } //Check to see if cookie is set $hash = md5($comment['comment_author_IP'] . $comment['comment_date_gmt']); if (!isset($_COOKIE['WPAjaxEditCommentsComment' . $commentID . $hash])) { return 'comment_edit_denied'; } //Get post security key $postContent = $wpdb->get_row($wpdb->prepare("SELECT meta_value FROM {$wpdb->postmeta} WHERE post_id = %d and meta_key = '_%d'", $comment['comment_post_ID'], $comment['comment_ID']), ARRAY_A); //$wpdb->get_row("SELECT post_content from $wpdb->posts WHERE post_type = 'ajax_edit_comments' and guid = $commentID order by ID desc limit 1", ARRAY_A); if (!$postContent) { return 'comment_edit_denied'; } //Now check to see if there's a valid cookie if (!isset($GLOBALS['WPAjaxEditCommentsComment' . $commentID . $hash])) { //For compatability with CFORMS if (isset($_COOKIE['WPAjaxEditCommentsComment' . $commentID . $hash])) { if ($_COOKIE['WPAjaxEditCommentsComment' . $commentID . $hash] != $postContent['meta_value']) { return 'comment_edit_denied'; } } else { return 'comment_edit_denied'; } } else { if ($GLOBALS['WPAjaxEditCommentsComment' . $commentID . $hash] != $postContent['meta_value']) { return 'comment_edit_denied'; } } return 1; //Yay, user can edit }