kuckovic

Hi bcworkz!

As you say, whether I include the core-file, or a function includes it, it really doesen’t make any difference?…

Well well…
I’ve got my files, and my structure is like this:

pluginname.php (setting up connection to database etc.)
pluginname-admin.php (Creates a “optionspage” in the admin-section)
pluginname-dashboard.php (Creates a dashboardwidget, and outputs some results)
pluginname-delete.php (Handles the delete-link from “pluginname-admin.php”)
options.php (Handles the forminput from “pluginname-admin.php”)

Now, the files that requires “admin.php” are:

– pluginname-delete.php
– options.php

The other files does NOT include it.
And my “pluginname.php” are handling some MySQL queries aswell.

But if I delete the “require_once” line in the files – let’s say in the delete-file, it outputs an error, due to “wp_verify_nonce” …

What should I do?
I really can’t think of anything anymore.. 🙁

If you can, please give me some examples.

– Aris

Hi bcworkz!

Thanks!
I celebrated it with a full cheese pizza!

Now, I’ve read something about an admin_referer. It could check the nonce, but how? … Every time I try to put in “check_admin_referer” – i get the error “Are you sure you want to do that” And can only press “Back” …

Sanitizing my input would be a good idea ..
I could check the URL and Blogname textfield..
Lets say “max 30 chars” and sanitize that ..

Or do you have any other suggestions?
Cheers

Aris

Hi bcworkz!

Good news!
I’ve managed to create a nonce, and verify it!
Or at least I guess I did….

Heres my “Delete link”:

global $wpdb;
$table_name = $wpdb->prefix."comment_reminder";
$cremindsql = $wpdb->get_results("SELECT id, blogname, blogurl FROM $table_name ORDER BY id DESC");
$nonce= wp_create_nonce  ('my-nonce');
	foreach ($cremindsql as $cremind)
	{
		echo '<div class="cr_bloginfo"><strong><a href="/wp-content/plugins/comment-reminder/comment-reminder-delete.php?action=del&id='.$cremind->id .'_wpnonce='.$nonce .'">Delete</a></strong> - <a href="'.$cremind->blogurl .'" target="_blank">'.$cremind->blogname .'</a><br /></div>';
	}
}

And my delete.php:

<?php

require_once("../../../wp-admin/admin.php");
global $wpdb;

$table_name = $wpdb->prefix."comment_reminder";
$blogid=$_GET['id'];
$nonce=$_REQUEST['_wpnonce'];
if (! wp_verify_nonce($nonce, 'my-nonce') ) die('Security check'); 

$wpdb->query( $wpdb->query( "DELETE FROM $table_name WHERE id='$blogid'" ) );

header("location:/wp-admin/options-general.php?page=comment-reminder");

?>

At least now I get the “Security Check” ….
Thats progress for me.. 😛

Okay, so I will require admin.php instead og wp-config.

Can you please tell me how to do the rest?
Im really rabbish at MySQL and so, but I’ve “invented” this plugin for a personal use, but I would also like to share it.

I have a lot to learn I see.
But if I get the right guidance, I could learn it myself later on, because then I have a “protocol” to look at.

You’re talking about a sane value – how do I do that?
And the “nonce” you’re talking about?

I can paste my codes here, if you want?
And also, I will “credit” you in the plugin for your help 🙂

Oh I have another question.
WordPress.org tells me I can’t include wp-config
That there’s other ways to do it – this is what they write:

It’s best if you tie your processing functions (the ones that need but don’t have access to core functions) into an action hook, such as “init” or “admin_init”.

Can anyone help me out here?

Hi bcworkz,

This is what my form looks like:

<form method="post" action="options.php">
    <label>Blog URL</label>
    <input type="text" id="cr_url" name="cr_url">
    <label>Blog Name</label>
    <input type="text" id="cr_name" name="cr_name"><br><br>
    <input type="submit" class="button-primary" value="Save info" />
    </form>

So now, I have to put ID in a hidden field you say?
Or I can use a Delete link.¨¨

I more interested in the delete link – but I really dont know how. Can you help me out a bit? 🙂