Currently writing a plugin for both WP and WPMU that uses ajax calls to do it's job.
It's coming along brilliantly, however I've hit a wall.
The plugin uses SQL inserts, and since the ajax calls to a page that isn't checked for security (ie: not auth_redirect'd), it's quite prone to sql-injection in it's current form.
Since the plugin uses the xjax responseText for a lot of the page layout, I'm not sure how to go about restricting access to the php file to only logged in users.
So, I guess what I need to know is:
- What's the best way to wp-admin authentications without affecting the layout?
- What files need to be included by the sql-insert file in order to have all the proper database functions declared?