garyc40 · October 3, 2012 15:32
diff --git a/ajax-permission.php b/ajax-permission.php
 // if both logged in and not logged in users can send this AJAX request,
 // add both of these actions, otherwise add only the appropriate one
 add_action( 'wp_ajax_nopriv_myajax-submit', 'myajax_submit' );
 add_action( 'wp_ajax_myajax-submit', 'myajax_submit' );

 function myajax_submit() {

 	$nonce = $_POST['postCommentNonce'];

 	// check to see if the submitted nonce matches with the
 	// generated nonce we created earlier
 	if ( ! wp_verify_nonce( $nonce, 'myajax-post-comment-nonce' ) )
 		die ( 'Busted!')

 	// ignore the request if the current user doesn't have
 	// sufficient permissions
 	if ( current_user_can( 'edit_posts' ) ) {
 		// get the submitted parameters
 		$postID = $_POST['postID'];

 		// generate the response
 		$response = json_encode( array( 'success' => true ) );

 		// response output
 		header( "Content-Type: application/json" );
 		echo $response;
 	}

 	// IMPORTANT: don't forget to "exit"
 	exit;
 }
	// if both logged in and not logged in users can send this AJAX request,
	// add both of these actions, otherwise add only the appropriate one
	add_action( 'wp_ajax_nopriv_myajax-submit', 'myajax_submit' );
	add_action( 'wp_ajax_myajax-submit', 'myajax_submit' );

	function myajax_submit() {

	$nonce = $_POST['postCommentNonce'];

	// check to see if the submitted nonce matches with the
	// generated nonce we created earlier
	if ( ! wp_verify_nonce( $nonce, 'myajax-post-comment-nonce' ) )
	die ( 'Busted!')

	// ignore the request if the current user doesn't have
	// sufficient permissions
	if ( current_user_can( 'edit_posts' ) ) {
	// get the submitted parameters
	$postID = $_POST['postID'];

	// generate the response
	$response = json_encode( array( 'success' => true ) );

	// response output
	header( "Content-Type: application/json" );
	echo $response;
	}

	// IMPORTANT: don't forget to "exit"
	exit;
	}