Front End Post Form For Custom Post Type

  • alanchrishughes

    (@alanchrishughes)


    12 years, 7 months ago

    After a lot of messing with a classifieds theme I’ve figured out a way to create a front end page for people to submit content, but I’d like it to $_POST to a custom post type instead of the default post. Is there a simple way to do this?

    <?php
if ($_POST){
$error = false;

if(cP("title") == "") {
$error = true;
$error_text .= __('* Please enter an event title.', "wpct")."<br />";
}		  

if(!isEmail(cP("FlyerEmail"))) {
$error = true;
$error_text .= __('* Please enter a valid email address', "wpct")."<br />";
}

if(cPR("description") == "") {
$error = true;
$error_text .= __('* Please enter a description.', "wpct")."<br />";
}

if(cPR("Location") == "") {
$error = true;
$error_text .= __('* Please enter a location.', "wpct")."<br />";
}

if(cPR("FlyerFirstName") == "") {
$error = true;
$error_text .= __('* Please enter your first name.', "wpct")."<br />";
}		  

if(cPR("FlyerLastName") == "") {
$error = true;
$error_text .= __('* Please enter your last name.', "wpct")."<br />";
}		  

//image check
if (get_option('EventFlyer_max_img_num','4')>0){
$image_check=true;
$image_upload=false;//nothing to upload
$types=split(",",get_option('EventFlyer_img_types','jpeg'));//creating array with the allowed types
for ($i=1;$i<=get_option('EventFlyer_max_img_num','4')&&$image_check;$i++){
$file_size = $_FILES["pic$i"]['size'];
$file_type = $_FILES["pic$i"]['type'];
if ($file_size > get_option('EventFlyer_max_img_size','1000000')) {//control the size

$image_check=false;//is to big then false
$error = true;
$error_text .=__('* Sorry, your flyer is too large (One mb max)<br />');
}

elseif ($file_type!=""){//the size is right checking type
$image_check=false;//not allowed
foreach ($types as $ac_type){//to find allowed types
if (strpos($file_type, $ac_type)) $image_check=true;//allowed one
}
}

if (!$image_check) {
$error = true;
$error_text .=__('* Sorry, you can only upload flyers in the jpeg format')." ".get_option('')."<br />";
}

if (file_exists($_FILES["pic$i"]['tmp_name'])) $image_upload=true;//there's someting to upload
}
}

if (!$error){
if (is_numeric(cP("price"))) $price=cP("price");

else unset($price);
// post information
$data = array

(
'post_title' => cP("title"),
'post_content' => cPR("description"),
'post_status' => "draft",
'post_category'	=> array(cP("category")),
'tags_input'	=> cP("tags")
);

// insert post
$published_id = wp_insert_post($data);

// add custom fields
if (cP(Location)!="") add_post_meta($published_id, 'Location', cP("Location"), true);
if (cP(FlyerFirstName)!="") add_post_meta($published_id, 'FlyerFirstName', cP("FlyerFirstName"), true);
if (cP(FlyerLastName)!="") add_post_meta($published_id, 'FlyerLastName', cP("FlyerLastName"), true);
if (cP(FlyerEmail)!="") add_post_meta($published_id, 'FlyerEmail', cP("FlyerEmail"), true);
if (cP(phone)!="") add_post_meta($published_id, 'phone', cP("phone"), true);

// images upload
if (get_option('EventFlyer_max_img_num','4')>0&&$image_upload){
$upload_array = wp_upload_dir();
$img_upload_dir = trailingslashit($upload_array['basedir']).get_option('EventFlyer_img_upload_dir','Event Flyer')."/".date("Y")."/".date("m")."/".date("d");
if (!file_exists($img_upload_dir)) mkdir($img_upload_dir, 0777, true);
for ($i=1;$i<=get_option('EventFlyer_max_img_num','4');$i++){
$img_upload_file = trailingslashit($img_upload_dir).$published_id."-".$i.strrchr($_FILES["pic$i"]['name'],'.');
if (move_uploaded_file($_FILES["pic$i"]['tmp_name'],$img_upload_file)){
$post_images .= get_option('EventFlyer_img_upload_dir','EventFlyer')."/".date("Y")."/".date("m")."/".date("d")."/".$published_id."-".$i.strrchr($_FILES["pic$i"]['name'],'.').",";
}
}
add_post_meta($published_id, 'EventFlyer', $post_images, true);
}

		  	  //EMAIL notify
		  	  if (get_option('permalink_structure') != '' ) {
		  	  	  $linkConfirm=get_permalink(get_option('wpClassifieds_edit_page_id'))."?post=$published_id&pwd=$post_password&action=confirm";
		  	  	  $linkEliminate=get_permalink(get_option('wpClassifieds_edit_page_id'))."?post=$published_id&pwd=$post_password&action=delete";
		  	  	  $linkEdit=get_permalink(get_option('wpClassifieds_edit_page_id'))."?post=$published_id&pwd=$post_password&action=edit";
		  	  }
		  	  else {
		  	  	  $linkConfirm=get_permalink(get_option('wpClassifieds_edit_page_id'))."&post=$published_id&pwd=$post_password&action=confirm";
		  	  	  $linkEliminate=get_permalink(get_option('wpClassifieds_edit_page_id'))."&post=$published_id&pwd=$post_password&action=delete";
		  	  	  $linkEdit=get_permalink(get_option('wpClassifieds_edit_page_id'))."&post=$published_id&pwd=$post_password&action=edit";
		  	  }

		  	  $body= get_option('wpClassifieds_mail_confirm');
		  	  $body= str_replace(array("{SITE_NAME}", "{TITLE_OF_AD}", "{CONFIRM_LINK}", "{EDIT_LINK}", "{ELIMINATE_LINK}"), array(get_bloginfo('name'), cP("title"), $linkConfirm, $linkEdit, $linkEliminate), $body);

              $subject="[".get_bloginfo('name')."] ".__('Ad Confirmation', "wpct");
		  	  $headers = 'From: no-reply '.get_bloginfo('name').' <'.get_the_author_meta('email',1).'>' . "\r\n\\";
		  	  wp_mail(cP(email),$subject,$body,$headers);

		  	  $error_text = __('Thank you! Check your email inbox to confirm your ad', "wpct");
		  	  $submitted_ad = true;

}

}

?>

  	  <?php if (!$submitted_ad) : ?>

      <?php if (get_option("wpClassifieds_post_message") != "") : ?>
      <div class="intro">
        <?php echo get_option('wpClassifieds_post_message'); ?>
      </div>
      <?php endif; ?>
  	  <?php if ($error_text) { echo "<div class=\"error-msg\">$error_text</div>"; }?>
  	  <form action="" method="post" enctype="multipart/form-data">

<div class="field">
<div class="fieldLabel">
Show Title:
</div>
<input id="title" name="title" type="text" value="<?php echo cP("title");?>" class="PublishField" />
</div>

<div class="field">
<div class="fieldLabel">
Show Location:
</div>
<input id="Location" name="Location" type="text" value="<?php echo cP("Location");?>" class="PublishField"/>
</div>

<div class="field">
<div class="fieldLabel">
Your First Name:<span class="fieldLabelSmall">(will not be published)</span>
</div>
<input id="FlyerFirstName" name="FlyerFirstName" type="text" value="<?php echo cP("FlyerFirstName");?>" class="PublishField" />
</div>

<div class="field">
<div class="fieldLabel">
Your Last Name:<span class="fieldLabelSmall">(will not be published)</span>
</div>
<input id="FlyerLastName" name="FlyerLastName" type="text" value="<?php echo cP("FlyerLastName");?>" class="PublishField" />
</div>

<div class="field">
<div class="fieldLabel">
Your Email: <span class="fieldLabelSmall">(will not be published)</span>
</div>

<input id="FlyerEmail" name="FlyerEmail" type="text" value="<?php echo cP("FlyerEmail");?>" class="PublishField" />
</div>

<div class="field">
<div class="fieldLabel">
Show Description:
</div>
<textarea id="description" name="description" class="PublishFieldDescription">
<?php echo cPR("description");?>
</textarea>
</div>

<?php if (get_option('EventFlyer_max_img_num','1')>0) : ?>

<?php for ($i=1;$i<=get_option('EventFlyer_max_img_num','1');$i++) : ?>

<div class="pictures">
Upload Flyer
<input type="file" name="pic<?php echo $i?>" id="pic<?php echo $i?>" value="<?php echo $_POST["pic".$i];?>" />
</div>

<?php endfor; ?>
<?php endif; ?>

<div class="submitContainer">
<input name="Submit" value="SUBMIT FOR APPROVAL" type="submit" class="submit" />
</div>

</form>

<?php endif; ?>
<?php if ($error_text and $submitted_ad) :  ?>

<div class="error-msg"><?php echo $error_text; ?></div>

<?php endif; ?>
Viewing 8 replies - 1 through 8 (of 8 total)
  • NateJacobs

    (@natejacobs)

    12 years, 7 months ago

    In your wp_insert_post array add this 'post_type' =>'custom_post_type'

    I would also make sure you add wp_nonce_field() to your form.

    Thread Starter alanchrishughes

    (@alanchrishughes)

    12 years, 7 months ago

    Thank you. I’m not very knowledgeable in php though, could you be more specific? I’m not seeing wp_insert_post any where in the code above.

    NateJacobs

    (@natejacobs)

    12 years, 7 months ago

    I created a PasteBin for you with your code so we can refer to line numbers.
    http://pastebin.com/nYdbz6rg

    On line 71 you have an array with the variable $data. Add the 'post_type' => 'name_of_your_custom_post_type'. The wp_insert_post is on line 82.

    I would also take some time to read up on how to securely add content from the front end to avoid problems involving XSS and CSRF. The wp_nonce_field() will help. This video from WCSF with Mark Jaquith, Jon Cave, and Brad Williams provides a good look at security in WordPress.

    Please, in the future, limit your code in a topic to 10 lines or less as the forum help suggests.

    Thread Starter alanchrishughes

    (@alanchrishughes)

    12 years, 7 months ago

    Thank you good sir. Like I said though I don’t know much of anything about php, so after about 10 minutes of that video I realized I haven’t understood anything they said besides the obvious point that hackers will getcha if you code stuff wrong.

    I don’t know what a nonce is but I remembered seeing them in the code from the tutorial on adding the back-end pages’ meta boxes and from looking at that I guessed it into the front end boxes like this

    <div class="field">
<div class="fieldLabel">
Show Title:
</div>
<?php echo '<input type="hidden" name="title_input_hidden" id="title_input_hidden" value="'.wp_create_nonce('title-nonce').'" />'; ?>
<input id="title" name="title" type="text" value="<?php echo cP("title");?>" class="PublishField" />
</div>

    Is that correct?

    NateJacobs

    (@natejacobs)

    12 years, 7 months ago

    Sorry the video was a bit confusing. Have you read the Codex regarding nonces yet? It has some good concrete code examples. Here is a small sample form.

    http://pastebin.com/6nTY9GSS

    Thread Starter alanchrishughes

    (@alanchrishughes)

    12 years, 7 months ago

    So basically I just need to add

    <?php wp_nonce_field( 'my_nonce_action', 'my_favorite_nonce' ); ?>

    before the closing </form>

    And then copy and past the rest of what you have after the closing </form> ?

    Can the my_nonce_action and my_favorite_none be whatever I want as long as they match the names in the php after the form?

    Thread Starter alanchrishughes

    (@alanchrishughes)

    12 years, 7 months ago

    Thanks again for your help, you have already answered my original question about the custom fields.

    Thread Starter alanchrishughes

    (@alanchrishughes)

    12 years, 7 months ago

    Am I explaining that right?

    What could happen if I am unable to use nonces?

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Front End Post Form For Custom Post Type’ is closed to new replies.