php – WordPress管理面板中的简单上传表单字段

对于想要了解更多关于文件上传的人,这里有一个快速入门,涵盖主要主题和难点.这是在Linux盒子上用WordPress 3.0编写的,代码只是教授概念的基本概述 – 我相信这里的一些人可以提供改进实现的建议.
概述您的基本方法

至少有三种方法可以将图像与帖子相关联：使用post_meta字段存储图像路径,使用post_meta字段存储图像的媒体库ID(稍后详细介绍),或者将图像作为附件分配给帖子.此示例将使用post_meta字段来存储图像的媒体库ID.因人而异.
多部分编码

默认情况下,WordPress’创建&编辑表单没有enctype.如果要上传文件,则需要在表单标记中添加“enctype =’multipart / form-data’” – 否则$_FILES集合将无法完成.在WordPress 3.0中,有一个钩子.在某些先前版本中(不确定具体细节),您必须使用字符串替换表单标记.

function xxxx_add_edit_form_multipart_encoding() 
{

echo ' enctype="multipart/form-data"';

}
add_action('post_edit_form_tag','xxxx_add_edit_form_multipart_encoding');

创建元框和上传字段

我不会擅长创建元框,因为大多数人可能已经知道如何去做,但我只是说你只需要一个带有文件字段的简单元框.在下面的示例中,我已经包含了一些代码来查找现有图像,并在存在时显示它.我还提供了一些使用post_meta字段传递错误的简单错误/反馈功能.你想要改变这个以使用WP_Error类…它只是为了演示.

// If there is an existing image,show it
    if($existing_image) {

        echo '<div>Attached Image ID: ' . $existing_image . '</div>';

    } 

    echo 'Upload an image: <input type="file" name="xxxx_image" id="xxxx_image" />';

    // See if there's a status message to display (we're using this to show errors during the upload process,though we should probably be using the WP_error class)
    $status_message = get_post_meta($post->ID,'_xxxx_attached_image_upload_feedback',true);

    // Show an error message if there is one
    if($status_message) {

        echo '<div class="upload_status_message">';
            echo $status_message;
        echo '</div>';

    }

    // Put in a hidden flag. This helps differentiate between manual saves and auto-saves (in auto-saves,the file wouldn't be passed).
    echo '<input type="hidden" name="xxxx_manual_save_flag" value="true" />';

}



function xxxx_setup_meta_boxes() {

    // Add the box to a particular custom content type page
    add_meta_box('xxxx_image_box','Upload Image','xxxx_render_image_attachment_box','post','normal','high');

}
add_action('admin_init','xxxx_setup_meta_boxes');

处理文件上载

这是最重要的 – 实际上通过挂钩到save_post操作来处理文件上传.我在下面添加了一个评论很多的函数,但是我想要注意它使用的两个关键的WordPress函数：

wp_handle_upload()完成处理上传的所有魔力.你只需要在$_FILES数组中传递对你的字段的引用,以及一系列选项(不要过于担心这些 – 你需要设置的唯一重要的是test_form = false.相信我).但是,此功能不会将上载的文件添加到媒体库.它只是上传并返回新文件的路径(并且,同时也是完整的URL).如果出现问题,则会返回错误.

wp_insert_attachment()将图像添加到媒体库,并生成所有适当的缩略图.您只需将一系列选项(标题,帖子状态等)和LOCAL路径(不是URL)传递给您刚刚上传的文件.将图像放入媒体库的好处在于,您可以稍后通过调用wp_delete_attachment轻松删除所有文件,并将项目的媒体库ID传递给它(我在下面的函数中做了).使用此功能,您还需要使用wp_generate_attachment_metadata()和wp_update_attachment_metadata(),它们可以完全按照您的预期执行操作 – 为媒体项生成元数据.

function xxxx_update_post($post_id,$post) {

    // Get the post type. Since this function will run for ALL post saves (no matter what post type),we need to know this.
    // It's also important to note that the save_post action can runs multiple times on every post save,so you need to check and make sure the
    // post type in the passed object isn't "revision"
    $post_type = $post->post_type;

    // Make sure our flag is in there,otherwise it's an autosave and we should bail.
    if($post_id && isset($_POST['xxxx_manual_save_flag'])) { 

        // Logic to handle specific post types
        switch($post_type) {

            // If this is a post. You can change this case to reflect your custom post slug
            case 'post':

                // HANDLE THE FILE UPLOAD

                // If the upload field has a file in it
                if(isset($_FILES['xxxx_image']) && ($_FILES['xxxx_image']['size'] > 0)) {

                    // Get the type of the uploaded file. This is returned as "type/extension"
                    $arr_file_type = wp_check_filetype(basename($_FILES['xxxx_image']['name']));
                    $uploaded_file_type = $arr_file_type['type'];

                    // Set an array containing a list of acceptable formats
                    $allowed_file_types = array('image/jpg','image/jpeg','image/gif','image/png');

                    // If the uploaded file is the right format
                    if(in_array($uploaded_file_type,$allowed_file_types)) {

                        // Options array for the wp_handle_upload function. 'test_upload' => false
                        $upload_overrides = array( 'test_form' => false ); 

                        // Handle the upload using WP's wp_handle_upload function. Takes the posted file and an options array
                        $uploaded_file = wp_handle_upload($_FILES['xxxx_image'],$upload_overrides);

                        // If the wp_handle_upload call returned a local path for the image
                        if(isset($uploaded_file['file'])) {

                            // The wp_insert_attachment function needs the literal system path,which was passed back from wp_handle_upload
                            $file_name_and_location = $uploaded_file['file'];

                            // Generate a title for the image that'll be used in the media library
                            $file_title_for_media_library = 'your title here';

                            // Set up options array to add this file as an attachment
                            $attachment = array(
                                'post_mime_type' => $uploaded_file_type,'post_title' => 'Uploaded image ' . addslashes($file_title_for_media_library),'post_content' => '','post_status' => 'inherit'
                            );

                            // Run the wp_insert_attachment function. This adds the file to the media library and generates the thumbnails. If you wanted to attch this image to a post,you could pass the post id as a third param and it'd magically happen.
                            $attach_id = wp_insert_attachment( $attachment,$file_name_and_location );
                            require_once(ABSPATH . "wp-admin" . '/includes/image.php');
                            $attach_data = wp_generate_attachment_metadata( $attach_id,$file_name_and_location );
                            wp_update_attachment_metadata($attach_id,$attach_data);

                            // Before we update the post meta,trash any previously uploaded image for this post.
                            // You might not want this behavior,depending on how you're using the uploaded images.
                            $existing_uploaded_image = (int) get_post_meta($post_id,'_xxxx_attached_image',true);
                            if(is_numeric($existing_uploaded_image)) {
                                wp_delete_attachment($existing_uploaded_image);
                            }

                            // Now,update the post meta to associate the new image with the post
                            update_post_meta($post_id,$attach_id);

                            // Set the feedback flag to false,since the upload was successful
                            $upload_feedback = false;


                        } else { // wp_handle_upload returned some kind of error. the return does contain error details,so you can use it here if you want.

                            $upload_feedback = 'There was a problem with your upload.';
                            update_post_meta($post_id,$attach_id);

                        }

                    } else { // wrong file type

                        $upload_feedback = 'Please upload only image files (jpg,gif or png).';
                        update_post_meta($post_id,$attach_id);

                    }

                } else { // No file was passed

                    $upload_feedback = false;

                }

                // Update the post meta with any feedback
                update_post_meta($post_id,$upload_feedback);

            break;

            default:

        } // End switch

    return;

} // End if manual save flag

    return;

}
add_action('save_post','xxxx_update_post',1,2);

权限,所有权和安全性

如果您无法上传,则可能与权限有关.我不是服务器配置方面的专家,所以如果这部分不稳定,请纠正我.

首先,确保您的wp-content / uploads文件夹存在,并且由apache拥有：apache.如果是这样,您应该能够将权限设置为744,一切都应该正常工作.所有权很重要 – 如果目录没有正确拥有,即使将权限设置为777,有时也无济于事.

您还应该考虑使用htaccess文件限制上载和执行的文件类型.这可以防止人们上传不是图像的文件,也不会执行伪装成图像的脚本.你应该谷歌这个更权威的信息,但你可以这样做简单的文件类型限制：

<Files ^(*.jpeg|*.jpg|*.png|*.gif)>
order deny,allow
deny from all
</Files>