A new creating-content-form

  • wp_torturer

    (@wp_torturer)


    10 years, 4 months ago

    Hi everyone!
    I’m not good at English, it’ll be difficult to explain what i’m trying to do… I need users of my site to add new materials through a form looks like the one in administrative panel. Adding materials in admin-page doesn’t look stylistically appropriate. Could you give me a hint?

Viewing 4 replies - 1 through 4 (of 4 total)
  • AndreasN.OTGS

    (@andreasnotgs)

    10 years, 4 months ago

    Think in this case one of the plugins mentioned here could help -> https://premium.wpmudev.org/blog/wordpress-post-frontend-plugins/

    Thread Starter wp_torturer

    (@wp_torturer)

    10 years, 3 months ago

    Well, thank you, but I don’t like off-site plugins: they’re heavy and have too many functions which I don’t need. I’m looking for a way to create my own form for posting. Here is my solution:

    <?php /* Template Name: TestPost*/ ?>
<?php get_header(); ?>

<meta charset="utf-8" />

<form action="posting_page" method="post">
<label for="title">Заголовок: </label><input size="80" type="text" name="title" /><br />
<?php
$settings = array(
'textarea_name' => 'description',
'textarea_rows' => 5,
'quicktags' => false,
'media_buttons' => false,
'dfw' => true,
'tinymce' => array(
'toolbar1'=> 'bold,italic'
)
);
wp_editor($contentFromPage, 'editpost', $settings);
?>
<br /><input type="submit" name="submit" value="Send" />
<?php wp_nonce_field('some_action', 'sid'); ?>
</form>
<?php get_footer(); ?>

    posting_page:

    <?php get_header(); ?>

<meta charset="utf-8" />
 <?php
	if (isset($_POST['submit'])){
	check_admin_referer('some_action', 'sid');
	/*
		*
		* Here is posting code
		*
	*/
	echo "Your article has been posted";
}
  ?>
<?php get_footer(); ?>

    Is this solution acceptable or there’re possible security risks or it should not be applied by other reasons?

    AndreasN.OTGS

    (@andreasnotgs)

    10 years, 3 months ago

    Tried out your code with some wp_insert_post() in posting_page. Works, post is posted. Perhaps some other things to consider:

    1) Users will post via front-end, right?
    Better use wp_verify_nonce() instead of check_admin_referer(). As outlined in 3rd code example of -> https://codex.wordpress.org/Function_Reference/wp_nonce_field#Examples

    2) Make sure to prevent users submitting empty posts 🙂

    3) Use sanitize_text_field() for sanitizing your form text input https://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data

    4) To prevent accidental double-submitting you could add at end of posting_page a wp_redirect. Like..

    $post_id = wp_insert_post( $args );
if( $post_id ){
wp_redirect( url target );
exit();
}

    5) Is posting supposed to be totally anonymous, or do you need at least some info about poster?
    -> http://www.wpbeginner.com/wp-tutorials/how-to-display-a-users-ip-address-in-wordpress/

    6) Consider a captcha like https://www.google.com/recaptcha/intro/index.html

    Thread Starter wp_torturer

    (@wp_torturer)

    10 years, 3 months ago

    OK, thank you so much.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘A new creating-content-form’ is closed to new replies.