1

Writing a PHP plugin for Wordpress. It was an external PHP script. But now I'm having a problem. When I click submit on the page it redirects saying there are no permissions to go to that page.

Edit: Completely different query all together.

I have permission errors following some of the changes advised below. (View edits to see revisions).

Here is my code:

            <?php
            /*
            Plugin Name: ProfileDT-JobBoard
            Plugin URI: http://profiledt.co.uk
            Description: ProfileDT-JobBoard  
            Author: Bradly Spicer
            Version: 0.0.2
            Author URI: http://profiledt.co.uk
            */

            /*Installation of Plugin */
            /* What to do when the plugin is activated? */
            /*register_activation_hook(__FILE__,'JobBoard_install');*/
            register_activation_hook('jobboard-settings','JobBoard_install');

            /* What to do when the plugin is deactivated? */
            /*register_deactivation_hook( __FILE__, 'JobBoard_remove' );*/
            register_deactivation_hook('jobboard-settings', 'JobBoard_remove' );

            function JobBoard_install() {
            /* Create a new database field */
            add_option("JobBoard_data", 'Testing !! My Plugin is Working Fine.', 'This is my first plugin panel data.', 'yes');
            }

            function JobBoard_remove() {
            /* Delete the database field */
            delete_option('JobBoard_data');
            }

            /*Admin Menu of Plugin*/
            add_action('admin_menu', 'JobBoard_admin_menu');
            function JobBoard_admin_menu() {
            /*add_options_page('Plugin Admin Options', 'JobBoard Settings', 'manage_options',__FILE__, 'JobBoard_options_page');*/
            add_options_page('Plugin Admin Options', 'JobBoard Settings', 'manage_options','jobboard-settings', 'JobBoard_options_page');


            }
            /*Content inside the admin page*/
            function JobBoard_options_page() 
            {
            ?>

            <?php

            if(isset($_POST['submit_delete'])) {

                     $id=$_POST['ID'];
                        $sql= (mysqli_query($con, "Delete FROM details WHERE ID = '$id'"));
                        if($sql)
                        {
                       echo "Data Deleted";
                    } else {
                       echo "Data Not Deleted";
            }
            } elseif(isset($_POST['submit_add'])) {

            // Get values from form 
                $value_Employer = $_POST["Employer"];
                $value_LearningProvider = $_POST["LearningProvider"];
                $value_ContractedProvider = $_POST["ContractedProvider"];
                $value_LearningDeliverySite = $_POST["LearningDeliverySite"];
                $value_VacancyDescription = $_POST["VacancyDescription"];
                $value_VacancyTitle = $_POST["VacancyTitle"];
                $value_EmployerDescription = $_POST["EmployerDescription"];
                $value_VacancyLocation = $_POST["VacancyLocation"];
                $value_WorkingWeek = $_POST["WorkingWeek"];
                $value_WeeklyWage = $_POST["WeeklyWage"];
                $value_NoVacancies = $_POST["NoVacancies"];
                $value_VacancyRefNumber = $_POST["VacancyRefNumber"];
                $value_ClosingDateForApplications = $_POST["ClosingDateForApplications"];
                $value_InterviewBeginFrom = $_POST["InterviewBeginFrom"];
                $value_PossibleStartDate = $_POST["PossibleStartDate"];
                $value_TrainingToBeProvided = $_POST["TrainingToBeProvided"];
                $value_LearningProviderDescription = $_POST["LearningProviderDescription"];
                $value_ContactDetails = $_POST["ContactDetails"];
                $value_VacancyType = $_POST["VacancyType"];
                $value_ApprenticeshipFramework = $_POST["ApprenticeshipFramework"];
                $value_SkillsRequired = $_POST["SkillsRequired"];  
                $value_PersonalQualities = $_POST["PersonalQualities"];  
                 $value_ImportantOtherInformation = $_POST["ImportantOtherInformation"];  
                 $value_Website = $_POST["Website"];

            // Insert data into mysql 
            $sql="INSERT INTO $tbl_name(Employer, LearningProvider, ContractedProvider, LearningDeliverySite, VacancyDescription, VacancyTitle, EmployerDescription, VacancyLocation, WorkingWeek, WeeklyWage, NoVacancies, VacancyRefNumber, ClosingDateForApplications, InterviewBeginFrom, PossibleStartDate, TrainingToBeProvided, LearningProviderDescription, ContactDetails, VacancyType, ApprenticeshipFramework, SkillsRequired, PersonalQualities, ImportantOtherInformation, Website)VALUES('$value_Employer', '$value_LearningProvider', '$value_ContractedProvider', '$value_LearningDeliverySite', '$value_VacancyDescription', '$value_VacancyTitle', '$value_EmployerDescription', '$value_VacancyLocation', '$value_WorkingWeek', '$value_WeeklyWage', '$value_NoVacancies', '$value_VacancyRefNumber', '$value_ClosingDateForApplications', '$value_InterviewBeginFrom', '$value_PossibleStartDate', '$value_TrainingToBeProvided', '$value_LearningProviderDescription', '$value_ContactDetails', '$value_VacancyType', '$value_ApprenticeshipFramework', '$value_SkillsRequired', '$value_PersonalQualities', '$value_ImportantOtherInformation', '$value_Website')";
            $result=mysql_query($sql);

            // if successfully insert data into database, displays message "Successful". 
            if($result){
            echo "Successful";
            echo "<BR>";
            }

            else {
            echo "ERROR";
            echo $sql;
            }


            } elseif(isset($_POST['submit_update'])) {
                // code for updating
            }

            ?>


            <?php screen_icon(); ?>
            <h2>ProfileDT JobBoard Settings</h2>

            <?php 

              // Connect to our DB with mysqli_connect(<server>, <username>, <password>, <database>)    
                    $con = mysqli_connect("localhost", "profiled_job","ZH8liJnG5pZR", "profiled_jobboard") or die(mysql_error());
                   // mysqli_select_db($con,"jobboard" ) or die(mysql_error());


                    //update
                        $sql_update = "SELECT ID,Employer FROM details";
                        $result_update =mysqli_query($con,$sql_update);
                    //delete
                        $sql_delete = "SELECT ID,Employer FROM details";
                        $result_delete =mysqli_query($con,$sql_update);
            ?>

            <div id="window" style="width:300px; border:solid 1px; float:left;">
                <div id="title_bar" style="background: #FFAE00; height: 25px; width: 100%;"> Add User
                </div>
                <div id="box" style="background: #DFDFDF;">

            <form method="post" action="<?php echo admin_url('options-general.php?page=jobboard-settings'); ?>"/>
            <?php
            echo "<label>Employer
            <span class=\"small\"></span>
            </label> <input type=\"text\" name=\"Employer\" /><br /><br>" .
            "<label>Learning Provider
            </label> <input type=\"text\" name=\"LearningProvider\" /><br>" .
            "<label>Contracted Provider
            </label> <input type=\"text\" name=\"ContractedProvider\" /><br>" .
            "<label>Learning Delivery Site:
            </label>  <input type=\"text\" name=\"LearningDeliverySite\" /><br>" .
            "<label style=\"display: inline-block\">Vacancy Description:
            </label> <textarea rows=\"5\" Cols=\"22\" name=\"VacancyDescription\" style=\"display: inline-block; margin-left:10px;\"/> </textarea><br>" .
            "<label>Vacancy Title:
            </label> <input type=\"text\" name=\"VacancyTitle\" /><br>" .
            "<label>Employer Description:
            </label> <textarea rows=\"5\" Cols=\"22\" name=\"EmployerDescription\" style=\"display: inline-block; margin-left:10px;\"/></textarea><br>" .
            "<label>Vacancy Location:
            </label> <input type=\"text\" name=\"VacancyLocation\" /><br>" .
            "<label> Working Week Hours:
            </label> <input type=\"number\" name=\"WorkingWeek\" /><br>" .
            "<label>Weekly Wage:
            </label> <input type=\"text\" name=\"WeeklyWage\" /><br>" .
            "<label>Vacancies:
            </label> <input type=\"text\" name=\"NoVacancies\" /><br>" .
            "<label>Reference Number:
            </label> <input type=\"text\" name=\"VacancyRefNumber\" /><br>" .
            "<label>Closing Application Date:
            </label> <input type=\"date\" name=\"ClosingDateForApplications\" /><br>" .
            "<label>Interview Start Date:
            </label> <input type=\"date\" name=\"InterviewBeginFrom\" /><br>" .
            "<label>Possible Start Date:
            </label> <input type=\"date\" name=\"PossibleStartDate\" /><br>" .
            "<label>Training to be provided:
            </label> <textarea rows=\"5\" Cols=\"22\" name=\"TrainingToBeProvided\" style=\"display: inline-block; margin-left:10px;\"/></textarea><br>" .
            "<label>Learning Provider Desc:
            </label> <textarea rows=\"5\" Cols=\"22\" name=\"LearningProviderDescription\" style=\"display: inline-block; margin-left:10px;\"/></textarea><br>" .
            "<label>Contact Details:
            </label> <textarea rows=\"5\" Cols=\"22\" name=\"ContactDetails\" style=\"display: inline-block; margin-left:10px;\"/> </textarea><br>" .
            "<label>Vacancy Type:
            </label> <input type=\"text\" name=\"VacancyType\" /><br>" .
            "<label>Apprenticeship Framework:
            </label> <input type=\"text\" name=\"ApprenticeshipFramework\" /><br>" .
            "<label>Skills Required:
            </label> <textarea rows=\"5\" Cols=\"22\" name=\"SkillsRequired\" style=\"display: inline-block; margin-left:10px;\"/></textarea><br>" .
            "<label>Personal Qualities:
            </label> <textarea rows=\"5\" Cols=\"22\" name=\"PersonalQualities\" style=\"display: inline-block; margin-left:10px;\"/></textarea><br>" .
            "<label>Other Information:
            </label> <textarea rows=\"5\" Cols=\"22\" name=\"ImportantOtherInformation\" style=\"display: inline-block; margin-left:10px;\"/></textarea><br>" .
            "<input type=\"text\" name=\"Website\" /><br>" .
            "<input type=\"submit\" value=\"Add Vacancy\" name=\"\" />";
            ?>
            </div>
            </div>
            <!-- SECOND -->
            <div id="window" style="margin-left: 10px; width:300px; border:solid 1px; float:left;">
                <div id="title_bar" style="background: #FFAE00; height: 25px; width: 100%;"> Delete User
                </div>
                <div id="box" style="background: #DFDFDF; margin-bottom: 10px;">
                <span class="warning" style="margin-left: 50px; width: 90%; background: #FFCCBA; color: #D63301; border-style:solid;
            border-color:red;">Warning: Once deleted it is gone forever</span>
            <form method="post" action="<?php echo admin_url('options-general.php?page=jobboard-settings'); ?>"/>
                <select name='ID'>

                <?php

                while ($data=mysqli_fetch_assoc($result_delete)){ ?>

                  <option value ="<?php echo $data['ID'] ?>"><?php echo $data['Employer'] ?></option>
                <?php } ?>

                    </select>
                    <p>
                        <input type="submit" value="Delete User" name='submit'></p> 
                </form>
            </div>
            </div> 

            <div id="window" style="margin-left: 10px; width:300px; border:solid 1px; float:left;">
                <div id="title_bar" style="background: #FFAE00; height: 25px; width: 100%;"> Update User
                </div>
                <div id="box" style="background: #DFDFDF;">
            <form method="post" action="<?php echo admin_url('options-general.php?page=jobboard-settings'); ?>"/>
                <select name='ID'>

                <?php

                while ($data=mysqli_fetch_assoc($result_update)){ ?>

                  <option value ="<?php echo $data['ID'] ?>"><?php echo $data['Employer'] ?></option>

                <?php } ?>

                    </select>
                    <p>
                        <input type="submit" value="Update User" name='submit'></p> 
                </form>
            </div>
            </div>
            <?php } ?>
Improve this question

1 Answer 1

Reset to default
1

Your form is not including any additional parameters. $_SERVER['PHP_SELF'] is only the file name, not the ?page=job-board/adduser.php part. The script is going precisely where you are telling it to go.

You need to alter your form to push those values though. You need to include that GET component into the action attribute.

But give your page a proper slug instead of using __FILE__. Something like:

add_options_page('Plugin Admin Options', 'JobBoard Settings', 'manage_options','jobboard-settings', 'JobBoard_options_page');

That way, it will always have the same "location" on the backend.

Then use <form method="post" action="<?php echo admin_url('options-general.php?page=jobboard-settings'); ?>"/> instead of that $_SERVER mess.

And you really should be using Core functionality where possible, such as $wpdb.

Per information from comments below, and further edits to the question, you are trying to submit the form to a .php file named adduser.php located in your plugin folder (I assume) by telling the application to look at options-general.php?page=jobboard-settings/adduser.php. You can't do that. WordPress doesn't know where to find that file. That page parameter isn't a file path. It the slug you used to register the page, and you didn't register a page with that slug. You should be able to load the file by using the actual path-- something like wp-content/plugins/pluginname/adduser.php but you have to jump through hoops to get WordPress functions working, and that is the wrong way to do it.

You could create a new page with add_options_page or add_submenu_page but I doubt you want another page. Just use the page you have. Submit the form to itself and process it inside the add_options_page('Plugin Admin Options', 'JobBoard Settings', 'manage_options','jobboard-settings callback or on one of these hooks-- for example, settings_page_jobboard-settings.

Improve this answer
8
  • Oh, because I'm using POST and not GET it doesn't follow through with the url. And I also need to change PHP_SELF with the actual URL extension? Commented Jul 15, 2013 at 13:59
  • It is just that PHP_SELF does not have any of the GET parameters that you need. When testing your code though I noticed that the page you want is page=temp-hacks.php and not page=job-board Commented Jul 15, 2013 at 14:10
  • I don't understand what you mean by temp-hacks.php? I'm fairly new to this. I've fixed the url issue with $_SERVER['PHP_SELF']; I still have permission errors though. If I change the method to GET for the add_user.php I get this url on submition: /options-general.php?Employer=&LearningProvider=&ContractedProvider=&LearningDeliverySite=&VacancyDescription=+&VacancyTitle=&EmployerDescription=&VacancyLocation=&WorkingWeek=&WeeklyWage=&NoVacancies=&VacancyRefNumber Commented Jul 15, 2013 at 14:20
  • Maybe temp-hacks is an artifact of how I tested that. Look at the URL on the page that does load and make sure the url you pass through matches exactly. Commented Jul 15, 2013 at 14:22
  • When I do <form method="post" action="?page=job-board/adduser.php"/> it sends to the page correctly. But I still have permission errors: "You do not have sufficient permissions to access this page." Commented Jul 15, 2013 at 14:27

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.