Here's the context. I have a Joomla Backend with tons of custom code in a very old Joomla 1.X version. Everything is still surprisingly holding up well. The site owner wants a new front facing website and his company chose WordPress. Website was built, now we want to add a log in form to the Joomla backend from a WP page.
Here's what worked:
Go to Joomla login page (domain.com/administrator)
Copy the HTML form (including hidden input with token)
Paste the HTML and adjust the action attribute of the form
Went to the WP page (domain.com/wordpressFolder/page, entered credentials and it works perfectly!
Obviously these tokens can only be used once. Added a shortcode in WP that gets the form from Joomla and "extract" the token and returns it to the page.
function st_login_form( $atts ) {
$joomla = file_get_contents('http://www.example.com/administrator/index.php');
$doc = new DOMDocument();
$doc->loadHTML($joomla);
$inputs = $doc->getElementsByTagName('input');
$token = $inputs[5]->attributes[1]->nodeValue;
$html = '<form action="https://www.example.com/administrator/index.php" method="post" name="login" id="form-login" style="clear: both;">
<p id="form-login-username">
<label for="modlgn_username">Username</label>
<input name="username" id="modlgn_username" type="text" class="inputbox" size="15">
</p>
<p id="form-login-password">
<label for="modlgn_passwd">Password</label>
<input name="passwd" id="modlgn_passwd" type="text" class="inputbox" size="15">
</p>
<input type="submit" value="Connexion" />
<input type="hidden" name="option" value="com_login">
<input type="hidden" name="task" value="login">
<input type="hidden" name="'.$token.'" value="1">
</form>';
return $html;
}
The code behaves has expected and inspecting the form on the WP page with injected token looks fine, however when logging in it gives me an invalid token error.
I don't quite understand why it works when copy pasting but not when I retrieve the token from PHP. Any clue or potential solutions?
Found my first mistake. The GET is done over HTTP while the POST is sent over HTTPS. Obviously, CSRF token are domain-signed.
Now it simply redirects me to the login page but I'm not logged in.
Related
So, this is my first post on stack, if I missed something please let me know.
So I have project that's working well on localhost Dev but when i uploaded to the server the API given 405 method not allowed.
I have a login form:
<form #submit.prevent="login" method="POST">
<input type="hidden" name="_token" :value="form.csrf">
<p><input type="email" name="login" placeholder="Username or Email" v-model="form.email"></p>
<p><input type="password" placeholder="Please Enter Password" v-model="form.password"></p>
<p class="remember_me">
</p>
<p class="submit"><input type="submit" value="Login"></p>
</form>
The form has some inputs, a textarea and a file input. Those are my routes:
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
Route::controller(AuthController::class)->group(function(){
Route::post('/login', 'login');
});
When I submit the form I get the The GET method is not supported for this route. Supported methods: POST. error.
Here is my Route list :
enter image description here
after everything possible things updating still on same error.
enter image description here
In Chrome network tab showing this
enter image description here
Maybe you guys have any idea what is happening here and point me in the right direction.
Thanks!
I wrote my own WordPress Plugin and I am trying to just refresh the page after form submit.
My code looks like this:
<form method="post" action="<?php echo get_admin_url();?>admin-post.php">
<input type="hidden" name="action" value="send_nl">
<input type="text" name="nl_title" placeholder="Title">
<textarea type="text" name="nl_text" placeholder="Message"></textarea>
<input type="submit" name="submit_nl">
</form>
If I submit the form everything works fine. I get an Email with the right data, but I get redirected to a white page: to https://www.myurl.com/wp-admin/admin-post.php! Now I would need a hook or something similar to redirect to my plugin page again.
I searched a lot, but I couldn't find the right solution - god knows why.
Thank you.
After you have send, save your date you should the function wp_safe_redirect() from the WP API to redirect to your page. A source example below.
wp_safe_redirect(
// Sanitize.
esc_url(
// Retrieves the site url for the current site.
site_url( '/wp-admin/admin-post.php' )
)
);
exit();
You see this usage here in this repo in a function to import data from a json string in the database in the full context.
I am trying to update a custom table row.
Here is my form's code (page-vehicles.php)
<form action="<?php echo home_url( "update" ); ?>" method="post">
<input type="number" name="id">
<input type="number" name="number">
<input type="submit" value="submit">
</form>
When I submit the form to (page-update.php) it shows a 404 error. But if I open the page (page-update.php) directly it shows the page (without 404 error).
What am I doing wrong here? :(
You said the custom page where the update needs to happen is page-update.php but you are posting the form to form.action = "http://novits.com/5050/vedit"; Change the action to the proper link.
hi everybody i have my contact form ready in html and php (2 different files one html and one php file) and i want to use it in a worpress page.
the user fills the form, selects support department answers the captcha and presses submit button. the form sends all the form data through email to the administrator, a thank you email to the user and redirects to a thank you page.
the html form is
<html>
<body>
<head>
<script src="http://www.google.com/recaptcha/api.js" async defer> </script>
<script type="text/javascript" src="http://www.google.com/recaptcha/api/js/recaptcha_ajax.js"></script>
</head>
<i>Use the form to get in touch with us.</i>
<form action="form.php" method="POST">
<strong>Name:*</strong>
<input style="width:300px;" name="username" type="text" required />
<strong>E-mail Adress:*</strong>
<input style="width:300px;" name="useremail" type="text" required />
<strong>Subject:*</strong>
<input style="width:300px;" name="usersubject" type="text" required />
<strong>Message:*</strong>
<textarea style="width:300px;" cols="40" name="usermessage" rows="5" required></textarea>
<strong>Select Support Department </strong>
<select name="support">
<option style="width:200px;" value="" >Choose Service</option>
<option style="width:200px;" value="support#xxxxxxxx.com" required>Technical support</option>
<option style="width:200px;" value="sales#xxxxxxxxxx.com" required>Sales</option>
<option style="width:200px;" value="info#xxxxxxxxxxx.com" required>Press</option>
<option style="width:200px;" value="info#xxxxxxxxxxx.com" required>Other</option>
</select>
//recaptcha
<div class="g-recaptcha" data- sitekey="------my site key---------"></div>
<input type="submit" value="send" name="submit"/>
//it redirects when you hit submit
<?php
if ( isset( $_POST['submit'] ) ){
header("Location:http://xxxxxxxxx.com/thank-you-messasge/");
}
?>
</form>
</html>
</body>
my form.php is
<?
//set up the message for administrator
$msg="Name:".$_POST["username"]."\n";
$msg .="E-mail:".$_POST["useremail"]."\n";
$msg .="Subject:".$_POST["usersubject"]."\n";
$msg .="Usermessage:".$_POST["usermessage"]."\n";
//set up message for customer
$msg_customer="We received your request and we will answer you within 24 hours.";
$msg_customer.="\n"."xxxxxxxxxxxxxx";
//set up the email for the administrator
$recipient=$_POST["support"];
$subject= "Support Contact Form ";
$mailheaders="From: xxxxxxxx sales#xxxxxxxxx.com \n";
//set up the email for the customer
$recipient_customer=$_POST["useremail"];
$subject_customer= "Support Contact Form ";
$mailheaders_customer="From: xxxxxxxxxx sales#xxxxxxxxxxxxxxx.com \n";
//send the emails
mail($recipient,$subject,$msg, $mailheaders);
mail($recipient_customer,$subject_customer,$msg_customer, $mailheaders_customer);
?>
i want this form to appear in one page and be able to run the php code when the submit button is pressed.
i cannot run the form.php file even if i save it on the root directory.
it seems i am loosing something
thank you very much
To troubleshoot your form, press F12 in your browser to access the developer tools menu, and take a look at what happens on the Network panel when you submit the form. This should give you some clues about what is failing.
Also, you should not be using unfiltered $_POST variables directly, e.g.:
$name = sprintf("Name:%s\n", filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING) );
i found out the way:
i copy/pasted the html form inside the page code view and i linked absolutely to my php file
<form action="http://example.com/php_file_directory/form.php" method="POST">
I need to create a wordpress plugin to connect wordpress to a central login. But all I want is the user to be able to post comments with name and email filled. I don't think I need create a real loggin into wordpress because the user should not be able to write posts or do admin stuff. I want him only to post comments.
I search the documentation but could not find any action for comments.
How can I change the html of a comment form?
Maybe not good but it works...
Fill comment author and email from central login stored in session:
function portal_user_comment()
{
$_POST['author'] = $_SESSION['portal']['name'];
$_POST['email'] = $_SESSION['portal']['email'];
}
add_action('pre_comment_on_post', 'portal_user_comment');
Edit comments.php from the template. Look for:
<input type="text" name="author" id="author" value="<?php $comment_author; ?>" ...>
<input type="text" name="email" id="email" value="<?php $comment_author_email; ?>" ...>
Set both fields disabled="true" and replace the values with the author and email from the session.