我的自定义Wordpress插件允许用户从我网站上的表单提交自定义帖子类型的帖子。他们输入信息,单击提交,然后进入验证页面。这指示他们要么单击通过电子邮件发送给他们的链接,要么输入代码,然后从草稿开始发布。
除了提交后,这在大多数情况下都有效。当他们被带到
验证
页,它会出于某种原因自动批准/发布帖子。我已经对代码进行了三次检查,完全没有意义。
希望有人能发现错误,因为我不知所措。。。
提交页面功能
function slicer_profile_submit()
{
// if the submit button is clicked, submit
if (isset($_POST['slicer-profile-submitted']))
{
$xml = simplexml_load_file($_FILES['slicer-profile']['tmp_name']) or die("Error: Cannot upload file. Please contact the administrator.");
$contents = $xml->asXML();
//https://developer.wordpress.org/reference/functions/wp_insert_post/
// sanitize form values
$profile_author = sanitize_text_field( $_POST["slicer-profile-author"] );
$profile_email = sanitize_text_field( $_POST["slicer-profile-email"] );
$profile_name = sanitize_text_field( $_POST["slicer-profile-name"] );
$profile_description = sanitize_textarea_field( $_POST["slicer-profile-description"] );
$profile_model = intval($_POST["slicer-profile-model"]);
$profile_slicer = intval($_POST["slicer-profile-software"]);
// Create post object
$slicer_profile = array(
'post_title' => $profile_name,
'post_content' => $contents,
'post_type' => 'slicer_profiles',
'post_status' => 'draft',
'post_author' => 3,
'tax_input' => array(
'model' => array($profile_model),
'slicer' => array($profile_slicer)
),
'meta_input' => array(
'slicer_profile_author' => $profile_author,
'slicer_profile_description' => $profile_description
)
);
// Insert the post into the database
$post_id = wp_insert_post( $slicer_profile );
// Generate a hashed code for the confirmation URL
$hash = hash_hmac('sha256', $post_id, secret);
$confirm_url = site_url(). '/verification?id=' . $post_id . '&hash=' . $hash;
// Send a verification e-mail to the user to confirm publication
$subject = 'Please confirm your Slicer Profile submission';
$body = $confirm_url;
wp_mail( $profile_email, $subject, $body );
// Redirect the submitter to the post
wp_redirect( site_url(). "/verification" );
}
}
验证页面功能
function slicer_profiles_verification_shortcode($atts = [], $content = null, $tag = '')
{
// Check that both parameters are set
if( isset($_GET['id']) && !empty($_GET['id']) && isset($_GET['hash']) && !empty($_GET['hash']) )
{
$post_id = $_GET['id'];
$hash = $_GET['hash'];
$target_hash = hash_hmac('sha256', $post_id, secret);
// Check if the hash code matches the provided Post ID
if ($hash != $target_hash)
{
echo 'The code provided is incorrect or has been mistyped.';
return;
}
// Get the Post data based on ID
$post_data = get_post( $post_id );
$post_type = $post_data->post_type;
$post_status = $post_data->post_status;
// Check to confirm this is a Slicer Profile post type
if ($post_type == 'slicer_profiles')
{
// If the post has already been published
if ($post_status == 'draft')
{
// Publish the Post by ID
wp_publish_post($post_id);
echo 'Thank you, the profile submission has been confirmed.';
}
else
{
echo 'The code provide has already been used.';
}
}
else
{
echo 'The code provide is not a valid submission. Please contact the Administrator.';
}
}
else
{
?>
<div style="align:center;text-align: center;">
<p>A confirmation e-mail has been sent to the address provided, containing the verification code to approve your submission. Please use the included link to approve and publish your slicer profile, or the form below the submit your code.</p>
<form name="confirmSub" method="GET" action="">
<input type="text" name="id" size="4" /> - <input type="text" name="hash" size="24" /></br></br>
<input type="submit" value="Confirm" />
</form>
<?php
echo '</div>';
}
}
add_shortcode('slicer_profile_verification', 'slicer_profiles_verification_shortcode');
