Edit post data outside of loop [Approve/Reject system]
-
Hello everyone. I’m trying to create a PHP script that will allow my users to Approve or Reject a post. Users can click on an Approve or Reject button, which then counts the amount of approvals or rejections. Once one of the two reaches 5, it will Approve/Reject the post.
On approval it will change the post category to someone different. On rejection it will send the post to Trash.
I’m pretty sure the functions I used won’t work like this though. But I can’t figure out a way to edit a post without having the post_id in the URL. (as this would cause great security risks)
Do you guys have any idea?
My Work-In-Progress below:
<?php if ($_SERVER['REQUEST_METHOD'] == 'GET' ) { global $post; if ( in_category(2, $post->id) ) { $approve_count = get_post_meta($post->id, 'approves'); //get the amount of approves $reject_count = get_post_meta($post->id, 'rejects'); //get the amount of rejects if ( $_GET['ar_action'] == 'approve' ) { // User clicked Approve if ($approve_count) { // Check if there already is a count $approve_count++; // Add +1 to approve_count if ($approve_count == 5) { wp_set_post_categories($post->id, 3); // Set category to "Approved" delete_post_meta($post_id->id, 'approves'); // Remove meta data because post is already approved delete_post_meta($post_id->id, 'rejects'); // Remove meta data because post is already approved } else { update_post_meta($post->id, 'approves', $approve_count); // Update approves } } else { // No approve count set add_post_meta($ar_postid, 'approves', 1); // Create approve count and set to 1 } } // End Approving if ( $_GET['ar_action'] == 'reject' ) { // User clicked Reject if ($reject_count) { // Check if there already is a count $reject_count++; // Add +1 to reject_count if ($reject_count == 5) { wp_trash_post($post->id); } else { update_post_meta($post->id, 'rejects', $reject_count); // Update rejects } } else { // No reject count set add_post_meta($ar_postid, 'rejects', 1); // Create reject count and set to 1 } } // End Rejecting } } ?>
-
The click action should result in a form submit using the POST method, where the post ID is a hidden form field. The ID is still discoverable, but it is much less obvious than an URL parameter. In addition, the form should submit a nonce field so the server can confirm the request is from a valid form and not some user trying to game the system.
You may also want to consider a mechanism so that the same user cannot vote more than once, unless this is actually a “feature” of your scheme. It’s very difficult to make a voting scheme that cannot be cheated, but you can at least make cheating difficult for the average user.
Finally, consider using an AJAX-like technique to submit the vote, instead of requesting an entirely new page, unless again, this is a “feature” of your scheme.
Thanks for the pointers! I already finished the script with some of the features you recommended. I will also look into AJAX and the nonce fields.
Thanks for the reply!
- The topic ‘Edit post data outside of loop [Approve/Reject system]’ is closed to new replies.