php


Wordpress guest can see unauthorized comments


i created a wordpress comment site with the help of a template for my blog.
The Problem is. If i'm logged in i can see only the approved comments as it should be.
But if i'm logged out, like a Guest, i can see all comments including all unauthorized comments.
This is my code:
<?php if (!empty($post->post_password) && $_COOKIE['wp-postpass_'.COOKIEHASH]!=$post->post_password) : ?>
<p id="comments-locked">Please log in to see the comments.</p>
<?php return; endif; ?>
<?php if ($comments) : ?>
<?php
$author = array(
"highlight" => "highlight",
"email" => "YOUR EMAIL HERE",
"name" => "YOUR NAME HERE"
);
$numPingBacks = 0;
$numComments = 0;
foreach ($comments as $comment) {
if (get_comment_type() != "comment") { $numPingBacks++; }
else { $numComments++; }
}
$thiscomment = 'odd';
?>
<?php
if ($numPingBacks != 0) : ?>
<h3 class="comments-header"><?php _e($numPingBacks); ?> Trackbacks/Pingbacks</h3>
<ol id="trackbacks">
<?php foreach ($comments as $comment) : ?>
<?php if (get_comment_type()!="comment") : ?>
<li id="comment-<?php comment_ID() ?>" class="<?php _e($thiscomment); ?>">
<?php comment_type(__('Comment'), __('Trackback'), __('Pingback')); ?>:
<?php comment_author_link(); ?> on <?php comment_date(); ?>
</li>
<?php if('odd'==$thiscomment) { $thiscomment = 'even'; } else { $thiscomment = 'odd'; } ?>
<?php endif; endforeach; ?>
</ol>
<?php endif; ?>
<?php
if ($numComments != 0) : ?>
<h3 class="comments-header"><?php _e($numComments); ?> Comments</h3>
<ol id="comments">
<?php foreach ($comments as $comment) : ?>
<?php if (get_comment_type()=="comment") : ?>
<li id="comment-<?php comment_ID(); ?>" class="<?php
$this_name = $comment->comment_author;
$this_email = $comment->comment_author_email;
if (strcasecmp($this_name, $author["name"])==0 && strcasecmp($this_email, $author["email"])==0)
_e($author["highlight"]);
else
_e($thiscomment);
?>">
<div class="comment-meta">
<span class="comment-author"><?php comment_author_link() ?></span>,
<span class="comment-date"><?php comment_date() ?></span>:
</div>
<div class="comment-text">
<?php comment_text(); ?>
</div>
</li>
<?php if('odd'==$thiscomment) { $thiscomment = 'even'; } else { $thiscomment = 'odd'; } ?>
<?php endif; endforeach; ?>
</ol>
<?php endif; ?>
<?php else :
?>
<h3 class="comments-header noPandM">There are no comments!</h3>
<p class="noPandM">Write the first Comment!</p>
<br />
<?php endif; ?>
<?php if (comments_open()) : ?>
<div id="comments-form">
<h3 id="comments-header">Write a Comment</h3>
<p class="commentsSmall"> Your E-Mail will not be published. Required fields are marked. </p>
<br />
<?php if (get_option('comment_registration') && !$user_ID ) : ?>
<p id="comments-blocked">You must be <a href="<?php echo get_option('siteurl'); ?>/wp-login.php?redirect_to=
<?php the_permalink(); ?>">Login</a> to write a Comment.</p>
<?php else : ?>
<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">
<?php if ($user_ID) : ?>
<p>Logged in as <a href="<?php echo get_option('siteurl'); ?>/wp-admin/profile.php">
<?php echo $user_identity; ?></a>.
<a href="<?php echo get_option('siteurl'); ?>/wp-login.php?action=logout"
title="Log out of this account">Logout</a>
</p>
<?php else : ?>
<p class="commentformlabel"><label for="author">Name<?php if ($req) _e(' (*)'); ?></label></p>
<p><input type="text" class="commentText" name="author" id="author" value="<?php echo $comment_author; ?>" size="22" /></p>
<p class="commentformlabel"><label for="email">E-mail <?php if ($req) _e(' (*)'); ?></label></p>
<p><input type="text" class="commentText" name="email" id="email" value="<?php echo $comment_author_email; ?>" size="22" /></p>
<p class="commentformlabel"><label for="url">Website</label></p>
<p><input type="text" class="commentText" name="url" id="url" value="<?php echo $comment_author_url; ?>" size="22" /></p>
<?php endif; ?>
<br />
<p class="commentformlabel"><label for="comment">Comment</label></p>
<p><textarea name="comment" style="width:80% !important;" id="comment" rows="8"></textarea></p>
<br />
<p><button type="submit" name="submit" id="sub">Submit</button>
<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>"></p>
<?php do_action('comment_form', $post->ID); ?>
</form>
</div>
<?php endif; ?>
<?php else : ?>
<p id="comments-closed">Sorry, but the Comments are closed in this Area!</p>
<?php endif; ?>
Thank you for reading!
Daniel
I think your problem is when you're requesting the comments.
If you are using get_comments() try this:
$args = array(
'status' => 'approve',
'post_id' => get_the_ID(),
);
$comments = get_comments( $args );
// pay attention for existing variables with the same name as defined here

Related Links

How to use ajax data-table in drupal module?
pChart DisplayValues for only one series
How to work with aws-sdk-php in zf2 project?
Button submit, gets the other buttons from the database
Pulling in image from custom taxonomy with ACF
Laravel reporting errors
Foreach loop, show X odd items , then X even items
PHP - Count how many days ago
PHP - Count lines containing specified string [closed]
transfer file from path to path in ftp using php
Multiple shell commands via php
Finding latest message from table, grouped by user in mysql
CentOS ODBC MSSQL + codeigniter cannot perform query
combine two foreach statements( image& text)
Phalcon database migration revert/rollback
Android JSON Problems

Categories

HOME
rust
generics
opencart
yii
kendo-dropdown
paypal-ipn
foaf
compilation
hid
message-queue
code-formatting
android-emulator
informatica
nsis
mithril.js
firebase-database
wagtail
sharepoint-online
hspi
eddystone
alljoyn
erd
bootstrap-switch
grocery-crud
smartgwt
spring-jpa
trace32
jqxgrid
pe
animated-gif
es6-modules
dreamfactory
nppexec
landscape
ftp-server
jade4j
widestring
swfupload
game-center
vungle-ads
dbcc
doctrine-extensions
sonarqube5.2
head.js
nivo-slider
dex
petsc
multi-touch
logical
system.web.optimization
cdo.message
noclassdeffounderror
univocity
self
ruby-on-rails-4.1
ora-04091
gql
web-api
nssortdescriptor
html-escape-characters
incron
tkx
fat32
microsoft-expression-web
lumia-imaging-sdk
siena
commenting
zend-search-lucene
jchartfx
property-injection
lsa
strdup
grails-2.3
yii-booster
tnt4j
aero
asp.net-mvc-3-areas
xmlwriter
office-app
xcode4.5
workflow-manager-1.x
monocross
expression-web
drawimage
will-paginate
groovy-console
fragment-identifier
aptitude
raw-data
iphone-sdk-4.3
dm
accumulator
remote-working

Resources

Encrypt Message



code
soft
python
ios
c
html
jquery
cloud
mobile