Acessing Options from External PHP File

  • Hi,

    I’m planning to write a plugin that uses iframe in the admin panel. The iframe tag includes a php file in the plugin folder which displays an external web site information with some form fields.

    So the user submits the form included in the iframe panel then I’d like to save the data somewhere. I thought I simply save it as text but I guess some users cannot change the permission if the directory is not writable.

    Then I wondered if it is possible for the iframed php page to access the WordPress database and save the submitted info in there as options which could be retrieved with get_option() from the main plugin execution.

    If it’s possible, could somebody give an example?

    Thanks in advance.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    It’s possible. The page that the iframed form points to as it’s action will need to require( '[correct path]' . '/wp-load.php'). Substitute the correct path for the [] segment. Require admin.php instead if the user must be logged in. This will load the WP environment and give the page access to the $wpdb object, as well as all other WP functions.

    Be sure to sanitize form content before storing in your DB to prevent SQL injection exploits. If the form must be from an authorized user, include a nonce in the form, then verify it when the form is submitted.

    Thread Starter umchal

    (@umchal)

    Thanks bsworkz,

    It seems to work and faster than loading the whole admin panel.

    I’m not sure about the part you mentioned sanitizing and including nonce. Would you mind giving an example?

    This is what I achieved so far. There are two files: the main plugin file and the target file for iframe. It’s working great. But I really like to know how to prevent SQL injection exploits.

    iframeadmin.php

    <?php
/*
	Plugin Name: Iframe Admin Panel Sample
	Description: This is a sample plugin to demonstrate an iframe administration page.
	Version: 1.0
	Author: umchal
*/

/* Option Menu and Panel */
add_action('admin_menu','iframe_admin_panel_menu');
function iframe_admin_panel_menu() {
	add_options_page(
		'Iframe Admin Panel Sample Setting Page',
		'Iframe Admin Panel',
		'manage_options',
		__FILE__,
		'iframe_admin_panel_optionpage'
	);
}
function iframe_admin_panel_optionpage()
{
	$frametarget = plugins_url('frame01.php', __FILE__);
	?>
	<div class="wrap">
		<div id="icon-themes" class="icon32"></div>
		<h2>Iframe Admin Panel Sample</h2>
		<iframe name="inlineframe" src="<?php echo $frametarget . '?abspath=' . ABSPATH ;?>" frameborder="0" scrolling="auto" width="500" height="600" marginwidth="5" marginheight="5" ></iframe>
	</div>
	<?php
}
?>

    frame01.php

    <?php
//	require( $_GET["abspath"] . '/wp-load.php');
	require( $_GET["abspath"] . '/wp-admin/admin.php');
	if(isset($_POST['submitform']) && $_POST['submitform'] == 1){
		update_option('iframeadmin_option1', $_POST['saved_option1']);
		update_option('iframeadmin_option2',$_POST['saved_option2']);
		echo '<div class="updated"><p>the options are updated.</p></div>';
	}
?>

<html>
	<body>
		<form action="" method="post">
			<input type="text" name="saved_option1" value="" />
			<input type="text" name="saved_option2" value="" />
			<input type="hidden" name="abspath" value="<?php $_GET["abspath"]; ?>" />
			<input type="hidden" name="submitform" value="1" />
			<input type="submit" value="save" class="button-primary" />
		</form>
		<p>Option1: <?php echo get_option('iframeadmin_option1');?></p>
		<p>Option2: <?php echo get_option('iframeadmin_option2');?></p>
	</body>
</html>

    Moderator bcworkz

    (@bcworkz)

    Here’s a couple places to start reading about input form security:
    Data Validation
    WordPress Nonces

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Acessing Options from External PHP File’ is closed to new replies.