Make an own admin_plugin

jojje · Post by **jojje** » Sat Jan 28, 2006 6:04 pm

OK lets see if I can explain this.

I have a file with a form <form> that sends email to subscribers....
Now I have the leave s9y and log into that file to send emails.

Is it possible tha add a menu option i admininterface there I can put this form.
The form calls a php-file that sends away the mail.

Is there any easy why to do it?

judebert · Post by **judebert** » Sat Jan 28, 2006 11:05 pm

Kind of like an HTML nugget for the admin screen?

It sounds kind of insecure to just include another file from the admin page. After all, if someone managed to overwrite it with something malicious, you'd run it without even a chance to stop it. That's why the backend doesn't even use Smarty templating. Heck, it won't even run if it's in an IFRAME.

We might manage to convince Garvin that copy-and-pasting text into an Admin HTML Nugget isn't too insecure. Then you could put the contents of the form into a nugget. But I wouldn't count on it.

You can paste the <form> directly into your admin page by modifying serendipity_admin.php. The "New Entries" link is called NEW_ENTRIES, and you can figure out from there where you want your code to go.

jojje · Post by **jojje** » Sun Jan 29, 2006 7:00 am

A html-nugget for the admin screen sounds like something like it.

I think that if someone has manage to overwrite a php-file on my server I will have other problems than that they changed this sendmail file.

But thanks for the tip, I will look in the suggested files and see if I can make somethinh out.

Post by **garvinhicking** » Sun Jan 29, 2006 3:16 pm

You should write a plugin for that.

Something like this:

Code: Select all

<?php
class serendipity_event_adminform extends serendipity_event {
    function introspect(&$propbag) {
        global $serendipity;

        $propbag->add('name',         'Adminform');
        $propbag->add('version',      '1.0');
        $propbag->add('author',       'Garvin Hicking');
        $propbag->add('stackable',     true);
        $propbag->add('event_hooks',   array(
                                            'backend_sidebar_entries' => true,
                                            'backend_sidebar_entries_event_display_adminform' => true
                                        )
        );
    }

    function event_hook($event, &$bag, &$eventData) {
        global $serendipity;

        $hooks = &$bag->get('event_hooks');

        if (isset($hooks[$event])) {
            switch($event) {
                case 'backend_sidebar_entries':
                    if ($serendipity['serendipityUserlevel'] >= USERLEVEL_CHIEF) {
?>
                    <li><a href="?serendipity[adminModule]=event_display&serendipity[adminAction]=adminform">Adminform</a></li>
<?php
                    }
                    break;

                case 'backend_sidebar_entries_event_display_aggregator':
?>
<form action="">
Your form here
</form>
<?php
                    break;
            }
        }

        return true;
    }
}

You could abstract this plugin a bit more to make the FORM output configurable via a configuration option of the plugin.

Have fun,
Garvin

jojje · Post by **jojje** » Sun Jan 29, 2006 10:56 pm

Thx Garvin, you are the greatest!

The code generates a blank page but I think I have a great start to work with tomorrow. thanks!

Post by **garvinhicking** » Mon Jan 30, 2006 11:07 am

Hi!

I'm sorry, you'll need to replace

backend_sidebar_entries_event_display_aggregator

with

backend_sidebar_entries_event_display_adminform

Regards,
Garvin

judebert · Post by **judebert** » Mon Jan 30, 2006 9:53 pm

That's like a skeleton for any admin plugin (which, incidentally, I've been considering adding to the wiki).

jojje, please consider naming it something other than "Adminform"