Jump to content
onjegolders

Create pages using the API

Recommended Posts

Sorry, but can find no reference to be able to create pages using the API but am sure it's possible. Is there a reference anywhere?

At present, I'm using guesswork..

$new_page = new Page();

How do you set the name, template and parent?

Any nod in the right direction would be much appreciated.

Share this post


Link to post
Share on other sites

Apologies, on my 10th google I found this link:

I find it quite hard to get my search right from within the forum, maybe it's easier through Google.

Thanks Reno, must've posted at the same time!

Share this post


Link to post
Share on other sites

yeah, google seems much better than the forum search. Glad you found something to get you started.

:)

Share this post


Link to post
Share on other sites

Thanks again, any ideas how to update a "page" field via the API?

I can use either a multi select or a checkbox in the form but not too sure how to send that to the newly created page.

My example is a new student who needs to be linked to one or more subjects (subjects are pages)

Share this post


Link to post
Share on other sites

You do it as with the other fields, but pass it a page object instead of a string

$p->page_field = $pages->get("/new/");

will replace the page tat is already there in a single page field, and add a new page to a multi pages field.

In a multi pages field you can also pass a page array:

$p->page_field = $pages->find("template=any");

Edit: to remove pages use remove():

$p->page_field->remove($pages->get("/new/"));

Ryan, would be nice if this page would be updated with API info

Share this post


Link to post
Share on other sites

Thanks Diogo, any idea on how to combine that with $input->post->type?

It would be coming from a front-end form, probably as the output of a multi select or checkbox.

At the moment I have this, which returns the first selected subject but cannot get more than 1. I'm imagining I have to input it somehow as an array?

<?php
 // user is authenticated and may change their password
 if($input->post->submit_pass) {
    if($input->post->pass !== $input->post->pass_confirm) {
	  echo "<h2>Passwords do not match!</h2>";
    } else if(strlen($input->post->pass) < 6) {
	  // if you want to enforce a minimum password length (recommended)
	  echo "<h2>Your password is too short. Must be 6 characters or more.</h2>";
    } else {
	  $student_page = new Page();
	  $student_page->of(false);
   $student_page->template = "student";
   $student_page->parent = $pages->get("/students/");
   $student_page->title = $input->post->first_name . " " . $input->post->last_name;
	  $student_page->set("first_name", $input->post->first_name);
	  $student_page->set("last_name", $input->post->last_name);
	  $student_page->set("email", $input->post->email);
	  $student_page->set("skype_name", $input->post->skype_name);
	  $student_page->set("subject", $input->post->subject);
	  $student_page->save();
	  $student_page->of(true);
	  echo "<h5>Student has been added</h5>";
    }
 }
?>
<form action="" id="add_user" method="post">
 <label for="username">Username</label>
 <input type="text" name="username">
 <label for="first_name">First Name</label>
 <input type="text" name="first_name">
 <label for="last_name">Last Name</label>
 <input type="text" name="last_name">
 <label for="email">Email address</label>
 <input type="text" name="email">
 <label for="skype_name">Skype name</label>
 <input type="text" name="skype_name">
 <label for="pass">New password</label>
 <input type="password" name="pass">
 <label for="pass_confirm">Confirm password</label>
 <input type="password" name="pass_confirm">
 <label for="subject">Subject</label>
 <select multiple name="subject">
  <?php foreach ($pages->get("template=subjects")->children() as $subject) { ?>
  <option name="subject" value="<?php echo $subject->id; ?>"><?php echo $subject->title; ?>
 <?php } ?>
 </select>
 <input type="submit" name="submit_pass">
</form>

Share this post


Link to post
Share on other sites

Think I've got it, for my select, it should read

<select multiple name="subject[]">

The square brackets create an array.

Is that the best way?

Share this post


Link to post
Share on other sites

That's the way to do it. And in pw you can:

foreach($input->post->subject as $subject_id){
   $student_page->subject = $pages->get($subject_id);
}

Share this post


Link to post
Share on other sites

It's also good to make sure that the input is a number

$student_page->subject = $pages->get((int)$subject_id);

Share this post


Link to post
Share on other sites

Since you are setting your text fields directly from $input->post variables without sanitization/validation, make sure that all of your text fields have the HTML Entities textformatter enabled. To illustrate the potential problem, try putting this into a text field that does not have an HTML Entities textformatter enabled:

<script>alert('gotcha!')</script>

If you get a "gotcha" alert box, then someone can basically take over the entire page and your site is vulnerable to cross-site scripting attacks. That's why it's really important to make sure any output coming from non-trusted users is always entity encoded.

  • Like 1

Share this post


Link to post
Share on other sites

Thanks Ryan, is there any reason why it's not on by default? Should I generally leave it on for all text fields?

Share this post


Link to post
Share on other sites

Should I generally leave it on for all text fields?

If any of the users who get to enter stuff into these fields are students then I'd say "Yes!" Make sure every field they can type into is encoded. Similarly, if input is coming from staff or contractors, any of whom may get disgruntled or leave with a grudge, then leave it on.

Share this post


Link to post
Share on other sites

If you mean it should be set on body field of demo profile - that isn't necessary since it's using tinymce inputfield which sanitizes it's content based on the editor settings.

Share this post


Link to post
Share on other sites

Sorry Apeisa I just meant should it not be automatically selected as "on" for all newly created text fields rather than having to manually turn it on?

Share this post


Link to post
Share on other sites
Thanks Ryan, is there any reason why it's not on by default? Should I generally leave it on for all text fields?

I don't want to make assumptions about what people are using the text field for. If you are planning to use HTML, Textile, Markdown, BBCode, etc., then you don't want this Textformatter on. I usually make most of my text fields use Textile or Markdown (rather than HTML Entities) so that I can still have the ability to insert links and have basic formatting when I need it (even for single line text fields like 'title'). If the fields will contain untrusted user input, then I would choose TextileRestricted or BBCode (Markdown is not safe here, as it still allows HTML). Though if you don't need them to have any formatting ability, then I would just stick with HTML Entities, to exclude that possibility.

There are just so many legitimate uses of tags in a field that I'd rather someone decide what they plan to use it for rather than us assuming what they will use it for. Still, I can see someone skipping over this not really understanding the security risks, so what may be warranted is for me to have it show a warning when no Textformatter is selected. There are plenty of cases where you actually don't want any Textformatters, but something containing untrusted user input is not one of them.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By quickjeff
      Hi Guys, 
      I have been debugging a site for the last 2 hours and cannot solve the issue. 
      I have a site running on 3.0.148. 
      I installed the Kongondo Blog module and was updating the templates to include the website style. 
      Once everything was set and done, I checked the page tree to see an error appear. 
      Template must be assigned a name before 'filename' can be accessed
      The same error appears in templates. 
      Debugging Steps
      I checked the templates in the server to ensure I didnt accidentally delete the namespace.  Deleted cache in browser and server under assets Still no go. 
      Any help is appreciated. 
      Thanks! 
    • By Spyros
      Hello
      I'm having a strange issue with the $page->find(), for some reason I'm missing some of the pages from the results. I found then that I was missing all the pages with the same "PAGE NAME". Is it a bug or am I missing something?
      PS 
      If I change the "PAGE NAME" of one of the missing ones then I'm retrieving the page without any problem.
      Thank you
    • By Guy Incognito
      This short script loops through some images from an XML feed and pushes new ones to an image field. It all works perfectly, except for some reason the last image (only) in the loop each time doesn't receive the image description... can everyone spot why? TIA! 🙂 
      foreach ($propertyImages as $img) { $fileName = trim($img[0]); if ( !empty($fileName) ) { $imgPath = '../property_data/'.$fileName; if(file_exists($imgPath) && !in_array(strtolower($fileName),$currentImages)) { $p->property_images->add($imgPath); $p->save(); $newImg = $p->property_images->last(); $newImg->description = $img[1]; $p->save(); } } }  
    • By MateThemes
      Hello everyone!
      I am working with Processwire since some time. But some topics are quite hard for me.
      I have a Portfolio (Gallery) Page.
      I am build a template with Portfolio Index and pages with portfolio entries.
      Structure:
      Portfolio Index
      -- Portfolio Entry
      -- Portfolio Entry
      and so on.
      Portfolio Entry has an Image field with max 12 images and are accessible Templates. 
      Now I want to display the single Portfolio Entry on the Portfolio Index and Paginate them. In the index page all images of a single Entry page should be displayed (I should not be organized as albums, where a random image of the portfolio entry should be displayed). 
      I have no clue to achieve this. May someone could give me an advice.
      Thank you in advance!
    • By ngrmm
      I have a page with a table. Each table row has a page-reference field and a checkbox.
      The Page sends emails to all users (page-refrence->email-field) and change the value of the checkbox in a row to 1.
      It works with this:
      <?php // event ID fron url query $eventID = $input->get('eventID','int'); // get event-page $event = $pages->get($eventID); // config $fromEmail = $event->event_mail_from; $fromName = $event->event_mail_from_name; $emailSubject = $event->event_subject; // email html body ob_start(); include('./_inc/emailbody.inc'); $emailBody = ob_get_clean(); // make event-page editable $event->of(false); // loop through table and send out emails foreach($event->event_clients_list as $event_table_row) { // get client page $clientPage = $event_table_row->client_name; // get client email $clientEmail = $clientPage->email; // if client isn't invited yet (checkbox not checked) if($event_table_row->client_invited == '') { // send email $m = new WireMail(); $m->to($clientEmail); $m->from($fromEmail, $fromName); $m->subject($emailSubject); $m->bodyHTML($emailBody); $m->send(); // mark client as invited $event_table_row->client_invited = 1; $event->save('event_clients_list'); } } ?> But i have to use a variable in my emailbody.inc which i'm able to get in the table-loop.
      So i do the including of the body inside my loop. But this doesn't work anymore. Page sends out the emails but is unable to change the value of the checkbox.
      I get no errors!
      I'm using ProTable
      <?php // event ID fron url query $eventID = $input->get('eventID','int'); // get event-page $event = $pages->get($eventID); // config $fromEmail = $event->event_mail_from; $fromName = $event->event_mail_from_name; $emailSubject = $event->event_subject; // loop through table and send out emails foreach($event->event_clients_list as $event_table_row) { // get client page $clientPage = $event_table_row->client_name; // get client email $clientEmail = $clientPage->email; // email html body ob_start(); include('./_inc/emailbody.inc'); $emailBody = ob_get_clean(); // make event-page editable $event->of(false); // if client isn't invited yet (checkbox not checked) if($event_table_row->client_invited == '') { // send email $m = new WireMail(); $m->to($clientEmail); $m->from($fromEmail, $fromName); $m->subject($emailSubject); $m->bodyHTML($emailBody); $m->send(); // mark client as invited $event_table_row->client_invited = 1; $event->save('event_clients_list'); } } ?>  
×
×
  • Create New...