Home Explore Help
Sign In
niconiconi
/
PhilNa-NG
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
PhilNa-NG
/
comments-ajax.php

comments-ajax.php 4.9 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. <?php
    2. 

  2. if ($_SERVER["REQUEST_METHOD"] != "POST") {
    3. 

  3.     header('Allow: POST');
    4. 

  4.     header("HTTP/1.1 405 Method Not Allowed");
    5. 

  5.     header("Content-type: text/plain");
    6. 

  6.     exit;
    7. 

  7. }
    8. 

  8. $db_check = true;
    9. 

  9. function kill_data() {
    10. 

  10.     return '';
    11. 

  11. }
    12. 

  12. function check_db() {
    13. 

  13.     global $wpdb, $db_check;
    14. 

  14.     if($db_check) {
    15. 

  15.         // Check DB
    16. 

  16.         if(!$wpdb->dbh) {
    17. 

  17.             echo('Our database has issues. Try again later.');
    18. 

  18.         } else {
    19. 

  19.             echo('We\'re currently having site problems. Try again later.');
    20. 

  20.         }
    21. 

  21.         die();
    22. 

  22.     }
    23. 

  23. }
    24. 

  24. ob_start('kill_data');
    25. 

  25. register_shutdown_function('check_db');
    26. 

  26. require_once(dirname(__FILE__)."/../../../wp-config.php");
    27. 

  27. $db_check = false;
    28. 

  28. ob_end_clean();
    29. 

  29. nocache_headers();
    30. 

  30. function fail($s) {
    31. 

  31.     header('HTTP/1.0 500 Internal Server Error');
    32. 

  32.     echo $s;
    33. 

  33.     exit;
    34. 

  34. }
    35. 

  35. $comment_post_ID = (int) $_POST['comment_post_ID'];
    36. 

  36. $status = $wpdb->get_row("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = '$comment_post_ID'");
    37. 

  37. if ( empty($status->comment_status) ) {
    38. 

  38.     do_action('comment_id_not_found', $comment_post_ID);
    39. 

  39.     fail('The post you are trying to comment on does not currently exist in the database.');
    40. 

  40. } elseif ( 'closed' ==  $status->comment_status ) {
    41. 

  41.     do_action('comment_closed', $comment_post_ID);
    42. 

  42.     fail('Sorry, comments are closed for this item.');
    43. 

  43. } elseif ( in_array($status->post_status, array('draft', 'pending') ) ) {
    44. 

  44.     do_action('comment_on_draft', $comment_post_ID);
    45. 

  45.     fail('The post you are trying to comment on has not been published.');
    46. 

  46. }
    47. 

  47. $comment_author       = trim(strip_tags($_POST['author']));
    48. 

  48. $comment_author_email = trim($_POST['email']);
    49. 

  49. $comment_author_url   = trim($_POST['url']);
    50. 

  50. $comment_content      = trim($_POST['comment']);
    51. 

  51. // If the user is logged in
    52. 

  52. $user = wp_get_current_user();
    53. 

  53. if ( $user->ID ) {
    54. 

  54.     $comment_author       = $wpdb->escape($user->display_name);
    55. 

  55.     $comment_author_email = $wpdb->escape($user->user_email);
    56. 

  56.     $comment_author_url   = $wpdb->escape($user->user_url);
    57. 

  57.     if ( current_user_can('unfiltered_html') ) {
    58. 

  58.         if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
    59. 

  59.             kses_remove_filters(); // start with a clean slate
    60. 

  60.             kses_init_filters(); // set up the filters
    61. 

  61.         }
    62. 

  62.     }
    63. 

  63. } else {
    64. 

  64.     if ( get_option('comment_registration') )
    65. 

  65.         fail('Sorry, you must be logged in to post a comment.');
    66. 

  66. }
    67. 

  67. $comment_type = '';
    68. 

  68. if ( get_option('require_name_email') && !$user->ID ) {
    69. 

  69.     if ( 6> strlen($comment_author_email) || '' == $comment_author )
    70. 

  70.         fail('Sorry: please fill the required fields (name, email).');
    71. 

  71.     elseif ( !is_email($comment_author_email))
    72. 

  72.         fail('Sorry: please enter a valid email address.');
    73. 

  73. }
    74. 

  74. if ( '' == $comment_content )
    75. 

  75.     fail('Sorry: please type a comment.');
    76. 

  76. // Simple duplicate check
    77. 

  77. $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' ";
    78. 

  78. if ( $comment_author_email ) $dupe .= "OR comment_author_email = '$comment_author_email' ";
    79. 

  79. $dupe .= ") AND comment_content = '$comment_content' LIMIT 1";
    80. 

  80. if ( $wpdb->get_var($dupe) ) {
    81. 

  81.     fail('Duplicate comment detected; it looks as though you\'ve already said that!');
    82. 

  82. }
    83. 

  83. $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID');
    84. 

  84. $comment_id = wp_new_comment( $commentdata );
    85. 

  85. $comment = get_comment($comment_id);
    86. 

  86. if ( !$user->ID ) {
    87. 

  87.     setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
    88. 

  88.     setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
    89. 

  89.     setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
    90. 

  90. }
    91. 

  91. @header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
    92. 

  92. ?>
    93. 

  93. 

  94. 

  95. <li class="comment <?php if($comment->comment_author_email == get_the_author_email()) {echo 'admincomment';} else {echo 'regularcomment';} ?>" id="comment-<?php comment_ID() ?>">
    96. 

  96. <div class="comment-meta">
    97. 

  97. <? printf( __('%1$s at %2$s', 'philna'), get_comment_time(__('F jS, Y', 'philna')), get_comment_time(__('H:i', 'philna')) ); ?>| 
    98. 

  98. #<span class="nub"></span>
    99. 

  99. <?php edit_comment_link(__('Edit', 'philna'), ' | ', ''); ?></div>
    100. 

  100. <div class="comment-author">
    101. 

  101. <?php if (function_exists('get_avatar') && get_option('show_avatars')) { echo get_avatar($comment, 32); } ?>				
    102. 

  102. 

  103. <?php if (get_comment_author_url()) : ?>
    104. 

  104. <span class="fn"><a id="commentauthor-<?php comment_ID() ?>" href="<?php comment_author_url() ?>"><?php comment_author(); ?></a></span>
    105. 

  105. <?php else : ?>
    106. 

  106. <span class="fn" id="commentauthor-<?php comment_ID() ?>"><?php comment_author(); ?></span>
    107. 

  107. <?php endif; ?>
    108. 

  108. </div>
    109. 

  109. <?php if ($comment->comment_approved == '0') : ?>
    110. 

  110. <p><small class="waiting">Your comment is awaiting moderation.</small></p>
    111. 

  111. <?php endif; ?>
    112. 

  112. <?php comment_text();?>
    113. 

  113. </li>
    114.