Support » Fixing WordPress » Front End Post Form For Custom Post Type

  • After a lot of messing with a classifieds theme I’ve figured out a way to create a front end page for people to submit content, but I’d like it to $_POST to a custom post type instead of the default post. Is there a simple way to do this?

    <?php
    if ($_POST){
    $error = false;
    
    if(cP("title") == "") {
    $error = true;
    $error_text .= __('* Please enter an event title.', "wpct")."<br />";
    }		  
    
    if(!isEmail(cP("FlyerEmail"))) {
    $error = true;
    $error_text .= __('* Please enter a valid email address', "wpct")."<br />";
    }
    
    if(cPR("description") == "") {
    $error = true;
    $error_text .= __('* Please enter a description.', "wpct")."<br />";
    }
    
    if(cPR("Location") == "") {
    $error = true;
    $error_text .= __('* Please enter a location.', "wpct")."<br />";
    }
    
    if(cPR("FlyerFirstName") == "") {
    $error = true;
    $error_text .= __('* Please enter your first name.', "wpct")."<br />";
    }		  
    
    if(cPR("FlyerLastName") == "") {
    $error = true;
    $error_text .= __('* Please enter your last name.', "wpct")."<br />";
    }		  
    
    //image check
    if (get_option('EventFlyer_max_img_num','4')>0){
    $image_check=true;
    $image_upload=false;//nothing to upload
    $types=split(",",get_option('EventFlyer_img_types','jpeg'));//creating array with the allowed types
    for ($i=1;$i<=get_option('EventFlyer_max_img_num','4')&&$image_check;$i++){
    $file_size = $_FILES["pic$i"]['size'];
    $file_type = $_FILES["pic$i"]['type'];
    if ($file_size > get_option('EventFlyer_max_img_size','1000000')) {//control the size
    
    $image_check=false;//is to big then false
    $error = true;
    $error_text .=__('* Sorry, your flyer is too large (One mb max)<br />');
    }
    
    elseif ($file_type!=""){//the size is right checking type
    $image_check=false;//not allowed
    foreach ($types as $ac_type){//to find allowed types
    if (strpos($file_type, $ac_type)) $image_check=true;//allowed one
    }
    }
    
    if (!$image_check) {
    $error = true;
    $error_text .=__('* Sorry, you can only upload flyers in the jpeg format')." ".get_option('')."<br />";
    }
    
    if (file_exists($_FILES["pic$i"]['tmp_name'])) $image_upload=true;//there's someting to upload
    }
    }
    
    if (!$error){
    if (is_numeric(cP("price"))) $price=cP("price");
    
    else unset($price);
    // post information
    $data = array
    
    (
    'post_title' => cP("title"),
    'post_content' => cPR("description"),
    'post_status' => "draft",
    'post_category'	=> array(cP("category")),
    'tags_input'	=> cP("tags")
    );
    
    // insert post
    $published_id = wp_insert_post($data);
    
    // add custom fields
    if (cP(Location)!="") add_post_meta($published_id, 'Location', cP("Location"), true);
    if (cP(FlyerFirstName)!="") add_post_meta($published_id, 'FlyerFirstName', cP("FlyerFirstName"), true);
    if (cP(FlyerLastName)!="") add_post_meta($published_id, 'FlyerLastName', cP("FlyerLastName"), true);
    if (cP(FlyerEmail)!="") add_post_meta($published_id, 'FlyerEmail', cP("FlyerEmail"), true);
    if (cP(phone)!="") add_post_meta($published_id, 'phone', cP("phone"), true);
    
    // images upload
    if (get_option('EventFlyer_max_img_num','4')>0&&$image_upload){
    $upload_array = wp_upload_dir();
    $img_upload_dir = trailingslashit($upload_array['basedir']).get_option('EventFlyer_img_upload_dir','Event Flyer')."/".date("Y")."/".date("m")."/".date("d");
    if (!file_exists($img_upload_dir)) mkdir($img_upload_dir, 0777, true);
    for ($i=1;$i<=get_option('EventFlyer_max_img_num','4');$i++){
    $img_upload_file = trailingslashit($img_upload_dir).$published_id."-".$i.strrchr($_FILES["pic$i"]['name'],'.');
    if (move_uploaded_file($_FILES["pic$i"]['tmp_name'],$img_upload_file)){
    $post_images .= get_option('EventFlyer_img_upload_dir','EventFlyer')."/".date("Y")."/".date("m")."/".date("d")."/".$published_id."-".$i.strrchr($_FILES["pic$i"]['name'],'.').",";
    }
    }
    add_post_meta($published_id, 'EventFlyer', $post_images, true);
    }
    
    		  	  //EMAIL notify
    		  	  if (get_option('permalink_structure') != '' ) {
    		  	  	  $linkConfirm=get_permalink(get_option('wpClassifieds_edit_page_id'))."?post=$published_id&pwd=$post_password&action=confirm";
    		  	  	  $linkEliminate=get_permalink(get_option('wpClassifieds_edit_page_id'))."?post=$published_id&pwd=$post_password&action=delete";
    		  	  	  $linkEdit=get_permalink(get_option('wpClassifieds_edit_page_id'))."?post=$published_id&pwd=$post_password&action=edit";
    		  	  }
    		  	  else {
    		  	  	  $linkConfirm=get_permalink(get_option('wpClassifieds_edit_page_id'))."&post=$published_id&pwd=$post_password&action=confirm";
    		  	  	  $linkEliminate=get_permalink(get_option('wpClassifieds_edit_page_id'))."&post=$published_id&pwd=$post_password&action=delete";
    		  	  	  $linkEdit=get_permalink(get_option('wpClassifieds_edit_page_id'))."&post=$published_id&pwd=$post_password&action=edit";
    		  	  }
    
    		  	  $body= get_option('wpClassifieds_mail_confirm');
    		  	  $body= str_replace(array("{SITE_NAME}", "{TITLE_OF_AD}", "{CONFIRM_LINK}", "{EDIT_LINK}", "{ELIMINATE_LINK}"), array(get_bloginfo('name'), cP("title"), $linkConfirm, $linkEdit, $linkEliminate), $body);
    
                  $subject="[".get_bloginfo('name')."] ".__('Ad Confirmation', "wpct");
    		  	  $headers = 'From: no-reply '.get_bloginfo('name').' <'.get_the_author_meta('email',1).'>' . "\r\n\\";
    		  	  wp_mail(cP(email),$subject,$body,$headers);
    
    		  	  $error_text = __('Thank you! Check your email inbox to confirm your ad', "wpct");
    		  	  $submitted_ad = true;
    
    }
    
    }
    
    ?>
    
      	  <?php if (!$submitted_ad) : ?>
    
          <?php if (get_option("wpClassifieds_post_message") != "") : ?>
          <div class="intro">
            <?php echo get_option('wpClassifieds_post_message'); ?>
          </div>
          <?php endif; ?>
      	  <?php if ($error_text) { echo "<div class=\"error-msg\">$error_text</div>"; }?>
      	  <form action="" method="post" enctype="multipart/form-data">
    
    <div class="field">
    <div class="fieldLabel">
    Show Title:
    </div>
    <input id="title" name="title" type="text" value="<?php echo cP("title");?>" class="PublishField" />
    </div>
    
    <div class="field">
    <div class="fieldLabel">
    Show Location:
    </div>
    <input id="Location" name="Location" type="text" value="<?php echo cP("Location");?>" class="PublishField"/>
    </div>
    
    <div class="field">
    <div class="fieldLabel">
    Your First Name:<span class="fieldLabelSmall">(will not be published)</span>
    </div>
    <input id="FlyerFirstName" name="FlyerFirstName" type="text" value="<?php echo cP("FlyerFirstName");?>" class="PublishField" />
    </div>
    
    <div class="field">
    <div class="fieldLabel">
    Your Last Name:<span class="fieldLabelSmall">(will not be published)</span>
    </div>
    <input id="FlyerLastName" name="FlyerLastName" type="text" value="<?php echo cP("FlyerLastName");?>" class="PublishField" />
    </div>
    
    <div class="field">
    <div class="fieldLabel">
    Your Email: <span class="fieldLabelSmall">(will not be published)</span>
    </div>
    
    <input id="FlyerEmail" name="FlyerEmail" type="text" value="<?php echo cP("FlyerEmail");?>" class="PublishField" />
    </div>
    
    <div class="field">
    <div class="fieldLabel">
    Show Description:
    </div>
    <textarea id="description" name="description" class="PublishFieldDescription">
    <?php echo cPR("description");?>
    </textarea>
    </div>
    
    <?php if (get_option('EventFlyer_max_img_num','1')>0) : ?>
    
    <?php for ($i=1;$i<=get_option('EventFlyer_max_img_num','1');$i++) : ?>
    
    <div class="pictures">
    Upload Flyer
    <input type="file" name="pic<?php echo $i?>" id="pic<?php echo $i?>" value="<?php echo $_POST["pic".$i];?>" />
    </div>
    
    <?php endfor; ?>
    <?php endif; ?>
    
    <div class="submitContainer">
    <input name="Submit" value="SUBMIT FOR APPROVAL" type="submit" class="submit" />
    </div>
    
    </form>
    
    <?php endif; ?>
    <?php if ($error_text and $submitted_ad) :  ?>
    
    <div class="error-msg"><?php echo $error_text; ?></div>
    
    <?php endif; ?>
Viewing 8 replies - 1 through 8 (of 8 total)
  • In your wp_insert_post array add this 'post_type' =>'custom_post_type'

    I would also make sure you add wp_nonce_field() to your form.

    Thank you. I’m not very knowledgeable in php though, could you be more specific? I’m not seeing wp_insert_post any where in the code above.

    I created a PasteBin for you with your code so we can refer to line numbers.
    http://pastebin.com/nYdbz6rg

    On line 71 you have an array with the variable $data. Add the 'post_type' => 'name_of_your_custom_post_type'. The wp_insert_post is on line 82.

    I would also take some time to read up on how to securely add content from the front end to avoid problems involving XSS and CSRF. The wp_nonce_field() will help. This video from WCSF with Mark Jaquith, Jon Cave, and Brad Williams provides a good look at security in WordPress.

    Please, in the future, limit your code in a topic to 10 lines or less as the forum help suggests.

    Thank you good sir. Like I said though I don’t know much of anything about php, so after about 10 minutes of that video I realized I haven’t understood anything they said besides the obvious point that hackers will getcha if you code stuff wrong.

    I don’t know what a nonce is but I remembered seeing them in the code from the tutorial on adding the back-end pages’ meta boxes and from looking at that I guessed it into the front end boxes like this

    <div class="field">
    <div class="fieldLabel">
    Show Title:
    </div>
    <?php echo '<input type="hidden" name="title_input_hidden" id="title_input_hidden" value="'.wp_create_nonce('title-nonce').'" />'; ?>
    <input id="title" name="title" type="text" value="<?php echo cP("title");?>" class="PublishField" />
    </div>

    Is that correct?

    Sorry the video was a bit confusing. Have you read the Codex regarding nonces yet? It has some good concrete code examples. Here is a small sample form.

    http://pastebin.com/6nTY9GSS

    So basically I just need to add

    <?php wp_nonce_field( 'my_nonce_action', 'my_favorite_nonce' ); ?>

    before the closing </form>

    And then copy and past the rest of what you have after the closing </form> ?

    Can the my_nonce_action and my_favorite_none be whatever I want as long as they match the names in the php after the form?

    Thanks again for your help, you have already answered my original question about the custom fields.

    Am I explaining that right?

    What could happen if I am unable to use nonces?

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Front End Post Form For Custom Post Type’ is closed to new replies.