[Resolved] Editing a particular record on the frontend
This thread is resolved. Here is a description of the problem and solution.
Problem:
The customer wanted to allow coaches, defined as CPTs, to edit their own records using Toolset Forms. He explored two potential methods but was unsure how to implement them using Toolset, especially since he uses the legacy version of Views. The primary challenge was to ensure each coach could only edit their own record without using the standard WordPress authentication system.
Solution:
We suggested using a unique URL with a secret parameter to allow coaches to access and edit their records. The steps include:
Adding a custom field (coach_secret) to each coach's profile.
Generating and sending a unique URL to each coach containing the secret parameter.
Creating a custom shortcode to handle the secret verification and display the form pre-filled with the coach's details.
Implementing a custom function to validate the secret parameter against the coach_secret field.
Here is a simplified version of the custom code used:
I have a site that lists coaches. The Coaches are a defined as CPT's, not as Users.
I wish to allow the coaches to edit their own records, using Toolset Forms. I came up with 2 possible methods, but I'm not sure how to achieve them in Toolset.
Important: I'm using the LEGACY version of Views.
1) Display all coaches in a form (blocking this frontend page with a password), and let the coaches select their own record. The page will then reload with the coach's details, open for editing.
How do I do that?
2) Preferred method: The previous method practically allows each coach to edit *all other coaches* as well. Obviously, I prefer to allow each coach to edit *only* his/her own record.
One way to achieve this is to pass a "coach" parameter in the URL of the form page. This parameter must be unique and secret - it can't be a simple ID field - so I can add a "password" field and use this.
So in this scenario, each coach will receive a unique URL, e.g. "www.example.com/coach_edit_form?pwd=g4Ty6kS".
This link will use the pwd field to search for the corresponding coach, and return the form already filled with the coach's details, allowing them to edit it.
If no corresponding coach is found, an error message will appear.
Is this achievable with Toolset (Legacy Views)? How do I achieve it?
Obviously, if you have a better idea how to achieve what I seek, besides the above 2 solutions, please don't hesitate to share it 🙂
Before I approach the two scenarios you mentioned, I wanted to gather some more information to better understand your setup and requirements.
You described the coaches as being a CPT, but let's clarify the authentication process. For a specific coach to edit their record, do they need to be logged in as a regular WordPress user? Or are you trying to use this specific password system to allow access and edit a given coach's record, effectively replacing the standard WordPress authentication?
If coaches are also users of the site and are editing their posts from the CPT coaches, then you could use Toolset Access to limit what they can see and edit on the frontend. This would leverage WordPress's built-in user roles and capabilities to ensure secure and manageable access control.
I wish to implement the second option that you mentioned: "use this specific password system to allow access and edit a given coach's record, effectively replacing the standard WordPress authentication".
This is because the coaches are not registered as users... I understand that I can convert them to users and then use access, but this will be lots of work I believe, and will affect many parts of my current system.
So I really prefer something along the lines of the 2 options I suggested (or a better one, if you have any). Can you tell me how can I achieve both? I do prefer the 2nd option, however we might decide to go with the first one if the difference in implementation time between the two is significant.
You could use a unique URL with a secret parameter:
1- Go to Toolset -> Custom Fields and add a new field group for Coaches.
2- Add a custom field (e.g., coach_secret) and set it to a unique value for each coach.
3- When creating or updating a coach's profile, generate a unique secret value and save it in the coach_secret custom field.
4- Send this unique URL to each coach (e.g., hidden link).
5- Create a new page and insert a custom shortcode that will handle the secret verification.
6- Add a custom function to validate the secret parameter against the coach_secret custom field:
If a matching coach is found, display the form pre-filled with the coach's details.
If no matching coach is found, display an error message.
Here's some example code to achieve this validation (place this in your theme's functions.php and use the shortcode show_edit_coach_form to a given page after adjusting the CPT and field group):
add_shortcode('show_edit_coach_form', function() {
if(isset($_GET['secret'])) {
$secret = sanitize_text_field($_GET['secret']);
$args = array(
'post_type' => 'coach',
'meta_query' => array(
array(
'key' => 'wpcf-secret',
'value' => $secret,
'compare' => '='
)
)
);
$query = new WP_Query($args);
if($query->have_posts()) {
while($query->have_posts()) {
$query->the_post();
$post_id = get_the_ID();
// Display the form for the current post
echo do_shortcode('[cred_form form="edit-coach-form" post="' . $post_id . '"]');
}
wp_reset_postdata();
} else {
echo 'Invalid URL or no matching coach found.';
}
} else {
echo 'No URL parameter provided.';
}
});
Here's a working demo for you to check how I implemented it: hidden link
Example:
Coach 1: hidden link
Coach 2: hidden link
Invalid pass: hidden link
No pass: hidden link
Please give it a try and let me know if it aligns with what you need to accomplish.
