Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Boris Kamp
16,660 PointsLet visitors post from frontend
Hi!
I would like visitors (no account necessary!) to be able to post a review (custom post type) of the website's company.
When I search for this type of stuff I only find plugins for Wordpress but I would like to code my own since I think it's not to difficult. Can anyone point me in the right direction? there's no course on this right?
Thanks!
3 Answers
Kevin Korte
28,149 PointsIt's going to be a fair bit complicated. If you want to build your own plugin, you're going to need a solid understanding in a few areas. I don't know what your experience is in so lets go over them. You're going to want to go heavy in the PHP and Wordpress courses.
Basically, you'll have to take your understanding of PHP and MySQL, and WP's ecosystem to code up a custom plugin. Wordpress has a unique structure you'll want to follow, but it's foundation is still PHP, and everything PHP offers (think functions!)
What you're going to have to watch out for is spam, malicious input, etc. What about duplicate reviews. What if an unsigned visitor whats to leave numerous one-star reviews? Is that a problem? Do you still need a way to track an anonymous users and their reviews. Some pissed off person will do this if you allow them to. There would be no way to completely prevent this, but think cookies or local storage to know if they already left a review. Most average users won't know/think about cookie or local storage tracking, and realize they could clear their browser's cache and go at the reviews again.
Just be comfortable sanitizing input and output (WP has functions to help here), and you should be good to go.
Sounds like a fun project!
Colin Marshall
32,861 PointsIn addition to Kevin Korte's post, check out these tutorials on front-end posting:
How to Add Front End Posting Functionality to WordPress by Building Your Own Plugin
Posting via the Front End: Inserting
Boris Kamp
16,660 PointsThanks Colin! Will look into these!
Boris Kamp
16,660 PointsI've read the tut Colin, seems pretty easy as long as a user is signed in.
What I want is a VISITOR (not registered member) to enter their email, name and review text, and then be able to submit this for pending review.
Will a simple nonce field check suffice for this security wise? I set the post_status to pending so I can review them manually.
Colin Marshall
32,861 PointsThe first tutorial has this function in the Front-End Submit class:
<?php
function handleFrontEndForm() {
//Check if the user has permission to publish the post.
if ( !current_user_can('publish_posts') ) {
echo "<h2>Please Login to post links.</h2>";
return;
}
$this->displayForm();
}
?>
That checks if the user is logged in. You can just omit the if statement in that function so it doesn't matter if they're logged in or not.
This plugin does almost exactly what you are trying to build. You could study the code to see how they handle the security and setting the post to pending:
Boris Kamp
16,660 PointsThanks Colin! I adjusted the guest posts plugin to my need and copied the code to my functions.php! It's all working great now!
Colin Marshall
32,861 PointsNo problem! Glad you got it working like you wanted.
Boris Kamp
16,660 PointsBoris Kamp
16,660 PointsThanks Kevin! Will look into this, if I have some specific code-related questions, can you help me out further?
Kevin Korte
28,149 PointsKevin Korte
28,149 PointsYou bet. I'll do what I can.