md5(rand(0,100000)), 'timeout_value' => 30, 'template' => "", 'date_format' => 'F jS, Y \a\t g:i a', 'empty_string' => 'You must preview your comment before submitting.', 'button_value' => 'Preview' )); // create database table $create_table_statement = '' . 'create table if not exists '.$wpdb->prefix.'ajax_force_comment_preview (' . 'session_id varchar(255) not null primary key,' . 'timestamp int unsigned null' . ')'; $wpdb->query($create_table_statement); } function deactivate() { global $wpdb; // drop database table $drop_table_statement = 'drop table '.$wpdb->prefix.'ajax_force_comment_preview'; $wpdb->query($drop_table_statement); } function wp_print_scripts() { global $userdata; get_currentuserinfo(); if ( $userdata->user_level < 9 ) { if ( !is_single() && !is_page() || !comments_open() ) return; extract(get_option( 'ajax_force_comment_preview' )); wp_enqueue_script( 'ajax_force_comment_preview', Ajax_Force_Comment_Preview::htmldir() . '/ajax-force-comment-preview.js', array('sack'), Ajax_Force_Comment_Preview::version() . mt_rand() ); wp_localize_script( 'ajax_force_comment_preview', 'AjaxForceCommentPreviewVars', array( 'emptyString' => $empty_string, 'url' => Ajax_Force_Comment_Preview::htmldir() . '/ajax-force-comment-preview.php' ) ); } } function comment_form() { global $userdata; get_currentuserinfo(); if ( $userdata->user_level < 9 ) { $preview_vars = get_option( 'ajax_force_comment_preview' ); echo ''; echo '
'; echo ''; } } function send($nonce_only = false) { global $user_ID, $user_url, $user_identity, $user_email, $wpdb; $preview_vars = get_option( 'ajax_force_comment_preview' ); $salt_value = $preview_vars['salt_value']; $timeout_value = $preview_vars['timeout_value']; $author = trim($_POST['author']); if (!$author) $author = 'Anonymous'; $url = trim($_POST['url']); $text = trim($_POST['text']); $despaced_text = Ajax_Force_Comment_Preview::despace($text); $email = trim($_POST['email']); get_currentuserinfo(); if ( $user_ID ) : $author = addslashes($user_identity); $url = addslashes($user_url); $email = addslashes($user_email); endif; $text = apply_filters('pre_comment_content', $text); $text = apply_filters('post_comment_text', $text); // Deprecated $text = apply_filters('comment_content_presave', $text); // Deprecated $text = stripslashes($text); $text = apply_filters('get_comment_text', $text); $text = apply_filters('comment_text', $text); $author = apply_filters('pre_comment_author_name', $author); $author = stripslashes($author); $author = apply_filters('get_comment_author', $author); $email = apply_filters('pre_comment_author_email', $email); $email = stripslashes($email); $email = apply_filters('get_comment_author_email', $email); if ( $url && 'http://' !== $url ) : $url = apply_filters('pre_comment_author_url', $url); $url = stripslashes($url); $url = apply_filters('get_comment_url', $url); $author = '' . $author . ''; $author = apply_filters('get_comment_author_link', $author); $author = apply_filters('comment_author_link', $author); endif; $preview_vars = get_option( 'ajax_force_comment_preview' ); $preview_vars['template'] = str_replace( array('%author%', '%date%', '%content%', '%email%'), array($author, date_i18n($preview_vars['date_format'], time() + get_settings('gmt_offset') * 3600 - date('Z')), $text, $email), $preview_vars['template'] ); if ( false !== strpos($preview_vars['template'], '%email_hash%') ) $preview_vars['template'] = str_replace('%email_hash%', md5($email), $preview_vars['template']); // store wpdb $oldwpdb = $wpdb; // remove flush after finish debugging // $wpdb->flush(); $session_id = session_id(); $db_data = $wpdb->get_row("SELECT * FROM ".$wpdb->prefix."ajax_force_comment_preview WHERE session_id='".$session_id."'"); $now = time(); if ( $db_data ) { // if we found session data $timestamp = $db_data->timestamp; if ( $now - $timestamp > (60 * $timeout_value) ) { // if the last comment preview was more than 30 minutes, update timestamp. $wpdb->query("UPDATE ".$wpdb->prefix."ajax_force_comment_preview SET timestamp=$now WHERE session_id='".$session_id."'"); } } else { // if we did not find session_id then record this session $wpdb->query("INSERT INTO ".$wpdb->prefix."ajax_force_comment_preview SET session_id='".$session_id."', timestamp=$now"); // since we're here, might as well clean up sessions that are older than 24 hours $wpdb->query("DELETE FROM ".$wpdb->prefix."ajax_force_comment_preview WHERE $now - timestamp > 60 * 60 * 24"); } $nonce = md5($salt_value . $despaced_text . $session_id); $nonce_html = ''; // restore wpdb $wpdb = $oldwpdb; if($nonce_only) return $nonce; else return $preview_vars['template'] . $nonce_html; } //Used to verify nonce before approving comment function verify($comment_data) { global $userdata; get_currentuserinfo(); if ( $userdata->user_level < 9 ) { global $wpdb; $preview_vars = get_option( 'ajax_force_comment_preview' ); $salt_value = $preview_vars['salt_value']; $timeout_value = $preview_vars['timeout_value']; $nonce = $_POST['afcp-nonce']; $session_id = session_id(); // store wpdb $oldwpdb = $wpdb; // remove flush after finish debugging // $wpdb->flush(); $db_data = $wpdb->get_row("SELECT * FROM ".$wpdb->prefix."ajax_force_comment_preview WHERE session_id='".$session_id."'"); if ( $db_data ) { // found session data $timestamp = $db_data->timestamp; $db_session_id = $db_data->session_id; $now = time(); if ( $now - $timestamp > (60 * $timeout_value) ) { // if it has been less than 30 minutes since comment preview wp_die( __('Your last comment preview was over 30 minutes ago. Please re-preview your comment before submitting.') ); } if ( $nonce == md5($salt_value . Ajax_Force_Comment_Preview::despace($comment_data['comment_content']) . $db_session_id) ) { // if nonce matches, then approve comment $wpdb = $oldwpdb; // restore wpdb before continuing return $comment_data; } } wp_die( __('Unable to approve comment. Please make sure you have Javascript+Cookies enabled and have previewed your comment before submitting.') ); return false; } else { return $comment_data; } } //Only works for files Ajax Force Comment Preview files function htmldir() { static $htmldir = false; if ( $htmldir ) return $htmldir; $plugins = get_option( 'active_plugins' ); $realfile = realpath( __FILE__ ); $ajax_force_comment_preview = false; foreach ( $plugins as $plugin ) { if ( realpath( ABSPATH . PLUGINDIR . '/' . $plugin ) == $realfile ) { $ajax_force_comment_preview = $plugin; break; } } $htmldir = get_option( 'siteurl' ) . '/' . dirname( PLUGINDIR . '/' . $ajax_force_comment_preview ); return $htmldir; } function admin_menu() { add_options_page( 'AJAX Force Comment Preview', 'AJAX Force Comment Preview', 'manage_options', 'afcp-admin', array('Ajax_Force_Comment_Preview', 'admin_page') ); } function admin_page() { if ( isset($_POST['ajax_force_comment_preview_options_submit']) ) { check_admin_referer( 'ajax_force_comment_preview' ); $ajax_force_comment_preview_options = stripslashes_deep($_POST['afcp']); if ( !$ajax_force_comment_preview_options['button_value'] ) $ajax_force_comment_preview_options['button_value'] = 'Preview'; $ajax_force_comment_preview_options['ver'] = time(); update_option( 'ajax_force_comment_preview', $ajax_force_comment_preview_options ); echo '

Ajax Force Comment Preview options updated.

'; } extract(get_option( 'ajax_force_comment_preview' )); ?>

Ajax Force Comment Preview Options

Enter the markup from your theme's comment template here. The following special tags are available.

%author%
The name of the comment author linked to the comment author's url.
%date%
The date formatted as .
%content%
The text of the comment.
%email%
The email of the comment author.
%email_hash%
The MD5 hash of the comment author's email address. Useful for gravatars.