If I want to get $_POST['username'] I write $this->request->getPost('username');. But how I must write to get $_POST['profile']['username']?
$this->request->getPost('profile')['username'];
To be certain to avoid invalid key errors:
$profile = $this->request->getPost('profile');
$username = isset($profile['username']) ? $profile['username'] : null;
It's important to setup your form properly. You don't use [ ] around 'profile.' The php side won't know what to do with it if you post [profile][username]. It has to be profile[username]
<input type="text" name="profile[username]" value="jsmith" />
<input type="text" name="profile[password]" value="******" />
<?php
$profile = $this->request->getPost('profile');
echo $profile['username'];
?>
Output: "jsmith"
For multidimensional you would add a key of your own to base it on.
<input type="text" name="profile[first][username]" value="jsmith" />
<input type="text" name="profile[first][password]" value="******" />
<?php
$profile = $this->request->getPost('profile');
echo $profile['first']['username'];
?>
Output: "jsmith"
This is no way. Because, I use $this->request->getPost('useremail', 'email') for checking post data.
Related
while my first steps with wp nonce field i tried the "Basic Examples" from https://developer.wordpress.org/reference/functions/wp_nonce_field/
it says there: "simplest implementation which omits all arguments"
at the bottom of my htdocs/wp-content/plugins/abcd-plugin/abcd-plugin.php
i wrote:
function hi_in_wp_head() {
?>
<form name="f1">
<input name="i1" value="hi_in_wp_head">
<input type="submit" name="s1">
<?php wp_nonce_field('name_of_your_action', 'name_of_your_nonce_field'); ?>
</form>
<?php
if(wp_verify_nonce($_REQUEST['name_of_your_nonce_field'], 'name_of_your_action')){
// Nonce is matched and valid. do whatever you want now.
} else {
// Invalid nonce. you can throw an error here.
die("ups 19-02-28_17-09");
}
}
function hi_in_footer() {
echo '<h1>hi_in_footer</h1>';
}
complete source:
https://gist.github.com/f9f0a853f0a71c5a2055b88802a1010c
this looks like this in the web browser:
<meta name="generator" content="WordPress 5.0.3" />
<form name="f1">
<input name="i1" value="hi_in_wp_head">
<input type="submit" name="s1">
<input type="hidden" id="name_of_your_nonce_field" name="name_of_your_nonce_field" value="5a82357118" /><input type="hidden" name="_wp_http_referer" value="/wordpress/alecaddd-plugin.php" /> </form>
<br />
<b>Notice</b>: Undefined index: name_of_your_nonce_field in <b>G:\Bitnami\wordpress-5.0.3-2\apps\wordpress\htdocs\wp-content\plugins\alecaddd-plugin\alecaddd-plugin.php</b> on line <b>89</b><br />
ups 19-02-28_17-09
Undefined index: name_of_your_nonce_field during first basic example with
I do not know where the error comes from. what i could do?
As the error message states, $_REQUEST['name_of_your_nonce_field'] isn't set. You need to make sure it's set before using it:
function hi_in_wp_head() {
?>
<form name="f1">
<input name="i1" value="hi_in_wp_head">
<input type="submit" name="s1">
<?php wp_nonce_field('name_of_your_action', 'name_of_your_nonce_field'); ?>
</form>
<?php
if(isset($_REQUEST['name_of_your_nonce_field']) {
if(wp_verify_nonce($_REQUEST['name_of_your_nonce_field'], 'name_of_your_action')){
// Nonce is matched and valid. do whatever you want now.
} else {
// Invalid nonce. you can throw an error here.
die("ups 19-02-28_17-09");
}
}
}
$_REQUEST['name_of_your_nonce_field'] will be set after your form gets submitted. That's why you need the extra check.
i am new to this matter. I am trying to create a search form, that allows searching a database via http api and display the result on a website. The call requires authorization:
$headers = array ('headers' => array(
'Authorization' => 'bearer' . $token ,
'Content-type' => 'application/json',
'Accept' => 'application/json'));
My search form looks like this:
<form method="GET" accept="application/json" action="https://example.xx/api/v1/products?page=1&size=5&direction=asc&search=value">
<input type="text" name="search" size="40" maxlength="256" value="" placeholder="testsearch">
<input type="submit" name="search_button" value="Search">
</form>
When i enter something into the input field and hit the submit button, the browser displays:
{"error":"unauthorized","error_description":"Full authentication is required to access this resource"}
And in the browsers address field i see:
https://example.xx/api/v1/products?search=testvalue&search_button=Search
Obviously the authorisation is ignored and the url shows that i have left my website.
Do i have to make this work with an action="somephp.php"?
How can i authorize the call from the form and display the response in a website?
Hints much appreciated. theo
Thanks to the german wordpress forum, i found the answer –
The Form:
<form method="post" id="api-result-searchform" action="">
<input type="text" class="search" placeholder="<?php echo esc_attr_x( 'Author?', 'placeholder' ) ?>" value="" name="searchauthor" id="s" title="api-search" />
<input class="button"type="submit" name="search_button" value="Search">
</form>
And the call:
<?php
$searchterm = $_POST['searchauthor'];
$url = 'https://example.de/api/v1/product?search=ti=' . $searchterm;
$response = wp_remote_get($url, $headers);
//etc.
This works well.
I created a front end registration form, I used the filters 'registration_errors' to customize the messages.
After WP detects the error and use 'wp-redirect' to return to the registration page and display an error if the email or the user exists for example.
My question is: how I can keep the previous values that generated the error.
¿JS?
Thanks in advance!
To keep values in the form after the error message:
function my_register_sesion (){
session_start();
$_SESSION['key_login']=$_REQUEST['user_login'];
$_SESSION['key_email']=$_REQUEST['user_email'];
}
add_action ('register_post', 'my_register_sesion');
My inputs form should be as follows:
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo $_SESSION['key_login'];?>">
<input type="text" name="user_email" id="user_email" class="input" value="<?php echo $_SESSION['key_email'];?>">
Thank you David!
I noticed a strange bug when testing out one of our Wordpress apps.
I have a form with an input field and if I type a number such as "3" anywhere in the input text Wordpress will throw a 404:
<input name="author" type="text" />
If I change the name attribute from author to anything else, it works fine:
<input name="bob" type="text" />
I'm not a Wordpress guru or even a PHP dev so I apologize if this is trivial. I've stripped out everything possible from this PHP page. Is there some Wordpress magic going on here where "author" is some sort of reserved word? Here's the entire PHP file (the header is a simple nav-bar and the footer just calls wp_footer()....):
<?php
/**
* Template Name: MyTemplate
*/
get_header();
if(isset($_POST['submitted'])):
echo "<H4>Submitted!</H4>";
else:
?>
<form id="my-form" action="<?php the_permalink(); ?>" method="post">
<input name="author" type="text" /><br/><br/>
<input type="hidden" name="submitted" id="submitted" value="true" />
<input type="submit" value="Submit"/>
</form>
<?php
endif;
get_footer();
OK wow.. So it looks like there are reserved words in form posts:
http://codex.wordpress.org/Function_Reference/register_taxonomy#Reserved_Terms
Sorry for such a novice question.
I have two files the one which hosts my actual contact form and then a file where i post the form to.
contactform.php (which is part of the footer template)
<form id="contact" action="<?php bloginfo('template_url'); ?>/sendmail.php" method="post">
<label for="name">Your name: *</label>
<input type="text" id="nameinput" name="name" value=""/>
<label for="email">Your email: *</label>
<input type="text" id="emailinput" name="email" value=""/>
<label for="comment">Your message: *</label>
<textarea cols="20" rows="7" id="commentinput" name="comment"> </textarea><br />
</form>
sendmail.php
<?PHP
if(isset($_POST['submit'])) {
error_reporting(E_NOTICE);
function valid_email($str)
{
return ( ! preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*#([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
}
if($_POST['name']!='' && $_POST['email']!='' && valid_email($_POST['email'])==TRUE && strlen($_POST['comment'])>1)
{
$to = preg_replace("([\r\n])", "", hexstr($_POST['receiver']));
$from = preg_replace("([\r\n])", "", $_POST['email']);
$subject = "Website contact message from ".$_POST['name'];
$message = $_POST['comment'];
$match = "/(bcc:|cc:|content\-type:)/i";
if (preg_match($match, $to) ||
preg_match($match, $from) ||
preg_match($match, $message)) {
die("Header injection detected.");
}
$headers = "From: ".$from."\r\n";
$headers .= "Reply-to: ".$from."\r\n";
if(wp_mail($to, $subject, $message, $headers,'',true))
{
echo 1; //SUCCESS
}
else {
echo 2; //FAILURE - server failure
}
}
else {
echo 3; //FAILURE - not valid email
}
}else{
die("Direct access not allowed!");
}
function hexstr($hexstr) {
$hexstr = str_replace(' ', '', $hexstr);
$hexstr = str_replace('\x', '', $hexstr);
$retstr = pack('H*', $hexstr);
return $retstr;
}
?>
The issue is that this does not know of wp_mail function. I know that I need to include something so wp_mail will be available but what do I add? The function does exist. The issue with including the file that has wp_mail defined is that inside that function it requires some core php functions (wp_mail is being overwritten by cimy_swift plugin)
hi why not try just submitting the form to the base wpurl? then within your header.php file copy and paste your code in?
ie: using a hidden field you can check to see if its been posts, in this case the hidden field is called 'action' and it has a value of 'sendemail'.
form
<form id="contact" action="<?php bloginfo('wpurl'); ?>" method="post">
//form stuff
<input type="hidden" name="action" value="sendemail" />
</form>
Header.php
within the header file we do a call to check and see if the form has been posted,
<html>
<head>
<title><?php wp_title();?></title>
<?php
if( isset($_POST['action']) && ($_POST['action']=='sendemail') ) {
// run your code
}
?>
</head>
if you dont want to go down that route, and wish to use your theme folder to hold the php script then what to is, include the below in your sendmail.php file
define('WP_USE_THEMES', FALSE);
require('../../../wp-blog-header.php');
//above is assuming your file is located in the theme root, not a sub folder.
this will give you access to all the wordpress functions and shortcodes etc..etc..
hope that helps a little..
Marty