[Resolved] Prevent modification of form input fields
This support ticket is created 6 years ago. There's a good chance that you are reading advice that it now obsolete.
This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.
Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.
No supporters are available to work today on Toolset forum. Feel free to create tickets and we will handle it as soon as we are online. Thank you for your understanding.
1. I have added custom field age in post type posts
2. I have created a custom post personal details with following cusum field:
user id ,post id and age
3. I created a form for adding data in custom post type personal details and Created layout for single post and add this form to layout.
4. Form fields are filled automatically user-id with current logged in user id, post-id with current post and age with custom field age.
5. I made form fields read only to prevent editing by user.
Every this works fine. i have made form fields read only but user may edit it by inspect element. I want to prevent editing form by inspect element or any other method. I want to check after clicking submit button on form if form input data does not match means user id with form input field user id , post id with current post id, and input field age with cusum field age then prevent creating post in custom post personal details without javascript and without hiding input fields.
If you use the More button it will show examples of using the hook to check custom field values and setting form error messages if they fail some test.
I re-read your description and I want to clarify how this is set up before I propose a solution.
Standard posts have an age custom field.
The template to display single posts includes a form to publish "personal detail" posts.
That form includes fields for user-id (automatically set to the current user id), post-id (set to the id of the post where the form is displayed), and also age (the value of which comes from the same field of the standard post where the field is displayed).
Is that right?
Is there any user-entered data in the form or is all of the form content automatically set?
For your automatically set fields, you might not want to "validate" the form (which means sending an error message if one of the fields isn't correct). You could simply set the values automatically on the server (and you wouldn't need to even include the fields which are automatically set in the form in the first place).
1.Yes- Standard posts have an age custom field.
2. yes- That form includes fields for user-id (automatically set to the current user id), post-id (set to the id of the post where the form is displayed), and also age (the value of which comes from the
same field of the standard post where the field is displayed).
3. content automatically set No user entered data- Is there any user-entered data in the form or is all of the form content automatically set?
4. all fields are automatically set.
You could simply set the values automatically on the server (and you wouldn't need to even include the fields which are automatically set in the form in the first place).
I wrote a snippet of code that you can use which I tested and confirm works.
You can add this code at Toolset > Settings > Custom Code:
/**
* Update fields of personal details post
*/
function tssupp_set_personal_details($post_id, $form_data) {
if (in_array($form_data['id'], array(497))) {
// $post_id is the id of the new personal details post
// $source_post_id is the id of the post from where the form was submitted
$source_post_id = $form_data['container_id'];
$user_id = get_current_user_id();
$age = get_post_meta($source_post_id, 'wpcf-age', true);
update_post_meta( $post_id, 'wpcf-age', $age );
update_post_meta( $post_id, 'post_id', $source_post_id );
update_post_meta( $post_id, 'user_id', $user_id );
}
}
add_action('cred_save_data', 'tssupp_set_personal_details', 10, 2);
You will need to edit the id of the form ( 497 in my example), and I am also not sure what post meta keys you intend to use for the various fields you add to the personal details post, but it should be clear in the code where these are set so that you can change them as required.
post-url & post-title fields(not default title of personal details) updated successfully but title is auto generated like: CRED Auto Draft 87b2328fec107663840c1722f048e3ec
snapshot attached. i want to update title maked in black box in screenshot
I want to set title from server side not client side because user may modify even field is hidden or readonly like you already given solution for age custom field.
OK. Well, the post title isn't postmeta, you can't get it or update it using get_post_meta or update_post_meta.
You have the id of the source post, so you can get the post title using get_the_title(), and then you can update the new post (for which you also have the post id) using wp_update_post.
