Writing a PHP plugin for WordPress. It was an external PHP script. But now I’m having a problem. When I click submit on the page it redirects saying there are no permissions to go to that page.
Edit: Completely different query all together.
I have permission errors following some of the changes advised below. (View edits to see revisions).
Here is my code:
<?php
/*
Plugin Name: ProfileDT-JobBoard
Plugin URI: http://profiledt.co.uk
Description: ProfileDT-JobBoard
Author: Bradly Spicer
Version: 0.0.2
Author URI: http://profiledt.co.uk
*/
/*Installation of Plugin */
/* What to do when the plugin is activated? */
/*register_activation_hook(__FILE__,'JobBoard_install');*/
register_activation_hook('jobboard-settings','JobBoard_install');
/* What to do when the plugin is deactivated? */
/*register_deactivation_hook( __FILE__, 'JobBoard_remove' );*/
register_deactivation_hook('jobboard-settings', 'JobBoard_remove' );
function JobBoard_install() {
/* Create a new database field */
add_option("JobBoard_data", 'Testing !! My Plugin is Working Fine.', 'This is my first plugin panel data.', 'yes');
}
function JobBoard_remove() {
/* Delete the database field */
delete_option('JobBoard_data');
}
/*Admin Menu of Plugin*/
add_action('admin_menu', 'JobBoard_admin_menu');
function JobBoard_admin_menu() {
/*add_options_page('Plugin Admin Options', 'JobBoard Settings', 'manage_options',__FILE__, 'JobBoard_options_page');*/
add_options_page('Plugin Admin Options', 'JobBoard Settings', 'manage_options','jobboard-settings', 'JobBoard_options_page');
}
/*Content inside the admin page*/
function JobBoard_options_page()
{
?>
<?php
if(isset($_POST['submit_delete'])) {
$id=$_POST['ID'];
$sql= (mysqli_query($con, "Delete FROM details WHERE ID = '$id'"));
if($sql)
{
echo "Data Deleted";
} else {
echo "Data Not Deleted";
}
} elseif(isset($_POST['submit_add'])) {
// Get values from form
$value_Employer = $_POST["Employer"];
$value_LearningProvider = $_POST["LearningProvider"];
$value_ContractedProvider = $_POST["ContractedProvider"];
$value_LearningDeliverySite = $_POST["LearningDeliverySite"];
$value_VacancyDescription = $_POST["VacancyDescription"];
$value_VacancyTitle = $_POST["VacancyTitle"];
$value_EmployerDescription = $_POST["EmployerDescription"];
$value_VacancyLocation = $_POST["VacancyLocation"];
$value_WorkingWeek = $_POST["WorkingWeek"];
$value_WeeklyWage = $_POST["WeeklyWage"];
$value_NoVacancies = $_POST["NoVacancies"];
$value_VacancyRefNumber = $_POST["VacancyRefNumber"];
$value_ClosingDateForApplications = $_POST["ClosingDateForApplications"];
$value_InterviewBeginFrom = $_POST["InterviewBeginFrom"];
$value_PossibleStartDate = $_POST["PossibleStartDate"];
$value_TrainingToBeProvided = $_POST["TrainingToBeProvided"];
$value_LearningProviderDescription = $_POST["LearningProviderDescription"];
$value_ContactDetails = $_POST["ContactDetails"];
$value_VacancyType = $_POST["VacancyType"];
$value_ApprenticeshipFramework = $_POST["ApprenticeshipFramework"];
$value_SkillsRequired = $_POST["SkillsRequired"];
$value_PersonalQualities = $_POST["PersonalQualities"];
$value_ImportantOtherInformation = $_POST["ImportantOtherInformation"];
$value_Website = $_POST["Website"];
// Insert data into mysql
$sql="INSERT INTO $tbl_name(Employer, LearningProvider, ContractedProvider, LearningDeliverySite, VacancyDescription, VacancyTitle, EmployerDescription, VacancyLocation, WorkingWeek, WeeklyWage, NoVacancies, VacancyRefNumber, ClosingDateForApplications, InterviewBeginFrom, PossibleStartDate, TrainingToBeProvided, LearningProviderDescription, ContactDetails, VacancyType, ApprenticeshipFramework, SkillsRequired, PersonalQualities, ImportantOtherInformation, Website)VALUES('$value_Employer', '$value_LearningProvider', '$value_ContractedProvider', '$value_LearningDeliverySite', '$value_VacancyDescription', '$value_VacancyTitle', '$value_EmployerDescription', '$value_VacancyLocation', '$value_WorkingWeek', '$value_WeeklyWage', '$value_NoVacancies', '$value_VacancyRefNumber', '$value_ClosingDateForApplications', '$value_InterviewBeginFrom', '$value_PossibleStartDate', '$value_TrainingToBeProvided', '$value_LearningProviderDescription', '$value_ContactDetails', '$value_VacancyType', '$value_ApprenticeshipFramework', '$value_SkillsRequired', '$value_PersonalQualities', '$value_ImportantOtherInformation', '$value_Website')";
$result=mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "Successful";
echo "<BR>";
}
else {
echo "ERROR";
echo $sql;
}
} elseif(isset($_POST['submit_update'])) {
// code for updating
}
?>
<?php screen_icon(); ?>
<h2>ProfileDT JobBoard Settings</h2>
<?php
// Connect to our DB with mysqli_connect(<server>, <username>, <password>, <database>)
$con = mysqli_connect("localhost", "profiled_job","ZH8liJnG5pZR", "profiled_jobboard") or die(mysql_error());
// mysqli_select_db($con,"jobboard" ) or die(mysql_error());
//update
$sql_update = "SELECT ID,Employer FROM details";
$result_update =mysqli_query($con,$sql_update);
//delete
$sql_delete = "SELECT ID,Employer FROM details";
$result_delete =mysqli_query($con,$sql_update);
?>
<div id="window" style="width:300px; border:solid 1px; float:left;">
<div id="title_bar" style="background: #FFAE00; height: 25px; width: 100%;"> Add User
</div>
<div id="box" style="background: #DFDFDF;">
<form method="post" action="<?php echo admin_url('options-general.php?page=jobboard-settings'); ?>"/>
<?php
echo "<label>Employer
<span class="small"></span>
</label> <input type="text" name="Employer" /><br /><br>" .
"<label>Learning Provider
</label> <input type="text" name="LearningProvider" /><br>" .
"<label>Contracted Provider
</label> <input type="text" name="ContractedProvider" /><br>" .
"<label>Learning Delivery Site:
</label> <input type="text" name="LearningDeliverySite" /><br>" .
"<label style="display: inline-block">Vacancy Description:
</label> <textarea rows="5" Cols="22" name="VacancyDescription" style="display: inline-block; margin-left:10px;"/> </textarea><br>" .
"<label>Vacancy Title:
</label> <input type="text" name="VacancyTitle" /><br>" .
"<label>Employer Description:
</label> <textarea rows="5" Cols="22" name="EmployerDescription" style="display: inline-block; margin-left:10px;"/></textarea><br>" .
"<label>Vacancy Location:
</label> <input type="text" name="VacancyLocation" /><br>" .
"<label> Working Week Hours:
</label> <input type="number" name="WorkingWeek" /><br>" .
"<label>Weekly Wage:
</label> <input type="text" name="WeeklyWage" /><br>" .
"<label>Vacancies:
</label> <input type="text" name="NoVacancies" /><br>" .
"<label>Reference Number:
</label> <input type="text" name="VacancyRefNumber" /><br>" .
"<label>Closing Application Date:
</label> <input type="date" name="ClosingDateForApplications" /><br>" .
"<label>Interview Start Date:
</label> <input type="date" name="InterviewBeginFrom" /><br>" .
"<label>Possible Start Date:
</label> <input type="date" name="PossibleStartDate" /><br>" .
"<label>Training to be provided:
</label> <textarea rows="5" Cols="22" name="TrainingToBeProvided" style="display: inline-block; margin-left:10px;"/></textarea><br>" .
"<label>Learning Provider Desc:
</label> <textarea rows="5" Cols="22" name="LearningProviderDescription" style="display: inline-block; margin-left:10px;"/></textarea><br>" .
"<label>Contact Details:
</label> <textarea rows="5" Cols="22" name="ContactDetails" style="display: inline-block; margin-left:10px;"/> </textarea><br>" .
"<label>Vacancy Type:
</label> <input type="text" name="VacancyType" /><br>" .
"<label>Apprenticeship Framework:
</label> <input type="text" name="ApprenticeshipFramework" /><br>" .
"<label>Skills Required:
</label> <textarea rows="5" Cols="22" name="SkillsRequired" style="display: inline-block; margin-left:10px;"/></textarea><br>" .
"<label>Personal Qualities:
</label> <textarea rows="5" Cols="22" name="PersonalQualities" style="display: inline-block; margin-left:10px;"/></textarea><br>" .
"<label>Other Information:
</label> <textarea rows="5" Cols="22" name="ImportantOtherInformation" style="display: inline-block; margin-left:10px;"/></textarea><br>" .
"<input type="text" name="Website" /><br>" .
"<input type="submit" value="Add Vacancy" name="" />";
?>
</div>
</div>
<!-- SECOND -->
<div id="window" style="margin-left: 10px; width:300px; border:solid 1px; float:left;">
<div id="title_bar" style="background: #FFAE00; height: 25px; width: 100%;"> Delete User
</div>
<div id="box" style="background: #DFDFDF; margin-bottom: 10px;">
<span class="warning" style="margin-left: 50px; width: 90%; background: #FFCCBA; color: #D63301; border-style:solid;
border-color:red;">Warning: Once deleted it is gone forever</span>
<form method="post" action="<?php echo admin_url('options-general.php?page=jobboard-settings'); ?>"/>
<select name='ID'>
<?php
while ($data=mysqli_fetch_assoc($result_delete)){ ?>
<option value ="<?php echo $data['ID'] ?>"><?php echo $data['Employer'] ?></option>
<?php } ?>
</select>
<p>
<input type="submit" value="Delete User" name='submit'></p>
</form>
</div>
</div>
<div id="window" style="margin-left: 10px; width:300px; border:solid 1px; float:left;">
<div id="title_bar" style="background: #FFAE00; height: 25px; width: 100%;"> Update User
</div>
<div id="box" style="background: #DFDFDF;">
<form method="post" action="<?php echo admin_url('options-general.php?page=jobboard-settings'); ?>"/>
<select name='ID'>
<?php
while ($data=mysqli_fetch_assoc($result_update)){ ?>
<option value ="<?php echo $data['ID'] ?>"><?php echo $data['Employer'] ?></option>
<?php } ?>
</select>
<p>
<input type="submit" value="Update User" name='submit'></p>
</form>
</div>
</div>
<?php } ?>
Your form is not including any additional parameters.
$_SERVER['PHP_SELF']is only the file name, not the?page=job-board/adduser.phppart. The script is going precisely where you are telling it to go.You need to alter your form to push those values though. You need to include that
GETcomponent into theactionattribute.But give your page a proper slug instead of using
__FILE__. Something like:That way, it will always have the same “location” on the backend.
Then use
<form method="post" action="<?php echo admin_url('options-general.php?page=jobboard-settings'); ?>"/>instead of that$_SERVERmess.And you really should be using Core functionality where possible, such as
$wpdb.Per information from comments below, and further edits to the question, you are trying to submit the form to a
.phpfile namedadduser.phplocated in your plugin folder (I assume) by telling the application to look atoptions-general.php?page=jobboard-settings/adduser.php. You can’t do that. WordPress doesn’t know where to find that file. Thatpageparameter isn’t a file path. It theslugyou used to register the page, and you didn’t register a page with that slug. You should be able to load the file by using the actual path– something likewp-content/plugins/pluginname/adduser.phpbut you have to jump through hoops to get WordPress functions working, and that is the wrong way to do it.You could create a new page with
add_options_pageoradd_submenu_pagebut I doubt you want another page. Just use the page you have. Submit the form to itself and process it inside theadd_options_page('Plugin Admin Options', 'JobBoard Settings', 'manage_options','jobboard-settingscallback or on one of these hooks— for example,settings_page_jobboard-settings.