I'm trying to create my own form in functions.php. I've done a lot of research and found it safest to do a form using Post / Redirect / Get to avoid Resubmits POST request. Everything works fine. The form sends POST, the action file processes everything, saves it to SESSION and redirects it back. The form is on the page: http://plovarnaluhacovice.icreation.cz/my-account/zustatek-kreditu/
But my problem is that I don't want the link "Send" to have a link: http://plovarnaluhacovice.icreation.cz/wp-content/themes/Divi_Child/process.php, but http://plovarnaluhacovice.icreation.cz/my-account/zustatek-kreditu/process.php for security reasons.
To make it a little complicated I use the WooCommerce plugin and this page (/zustatek-kreditu/) is added to the WooCommerce "My Account" page menu (photo).
Form:
<form action="http://plovarnaluhacovice.icreation.cz/wp-content/themes/Divi_Child/process.php" method="post">
<p>Uživatelské jméno: <br><input type="text" name="username" /></p>
<p>Heslo: <br><input type="password" name="password" /></p>
<br><button type="submit" name="save">Přidat</button>
</form>
File structure:
wp-content/themes/ 1. Divi_Child 2. functions.php 3. process.php
Custom WooCommerce menu:
//ZŮSTATEK KREDITU
// ------------------
// 1. Register new endpoint to use for My Account page
// Note: Resave Permalinks or it will give 404 error
function zustatek_kreditu_endpoint() {
add_rewrite_endpoint( 'zustatek-kreditu', EP_ROOT | EP_PAGES );
}
add_action( 'init', 'zustatek_kreditu_endpoint' );
// ------------------
// 2. Add new query var
function zustatek_kreditu_query_vars( $vars ) {
$vars[] = 'zustatek-kreditu';
return $vars;
}
add_filter( 'query_vars', 'zustatek_kreditu_query_vars', 0 );
// ------------------
// 3. Insert the new endpoint into the My Account menu
function zustatek_kreditu_link_my_account( $items ) {
$items['zustatek-kreditu'] = 'Zůstatek kreditu';
return $items;
}
add_filter( 'woocommerce_account_menu_items', 'zustatek_kreditu_link_my_account' );
// ------------------
// 4. Add content to the new endpoint
?>
<form action="http://plovarnaluhacovice.icreation.cz/wp-content/themes/Divi_Child/process.php" method="post">
<p>Uživatelské jméno: <br><input type="text" name="username" /></p>
<p>Heslo: <br><input type="password" name="password" /></p>
<br><button type="submit" name="save">Přidat</button>
</form>
<?php
add_action( 'woocommerce_account_zustatek-kreditu_endpoint', 'hlavniMetoda' );
process.php file:
<?php
require_once __DIR__ . '/../../../wp-config.php';
global $wp;
global $wpdb;
$current_user_id = wp_get_current_user()->ID;
if (isset($_POST['save'])) {
if($current_user_id > 0) {
$username = $_POST['username'];
$password = $_POST['password'];
$dotaz = "INSERT INTO {$wpdb->prefix}abonent(username, password, ID_users) VALUES('{$username}', '{$password}', {$current_user_id})";
$result = $wpdb->query($dotaz);
if($result) {
$_SESSION['zprava'] = "Přidáno";
}
else {
$_SESSION['zprava'] = "Chyba.";
}
}
header("Location: http://plovarnaluhacovice.icreation.cz/muj-ucet/zustatek-kreditu");
}
?>
The simplest solution is to create a page template in wp add it to your theme folder under the name "Page-process.php" and place all the coding of process.php into this template and add the following text to the top of this template:
Create a wp page and select this template on itas the page template on under the "Page Attributes" meta box.
On your form code replace the action URL tot the page you just created and linked to the new page template you created.
action="http://plovarnaluhacovice.icreation.cz/wp-content/themes/Divi_Child/process.php"
Recap: You are going to replace your "porcess.php" with a normal page on WordPress that is going to use the page PHP codes you placed on "process.php" but this privilege will allow you to run your code withing a wp page and not directly on a theme PHP file.
Thanks, let me know what happens!! :)