For those who want to know more about downloading files, here you can find a quick guide to the main topics and pains. This is written using WordPress 3.0 in the Linux block, and the code is just a basic overview for learning concepts - I am sure that some people can offer tips for improving the implementation. Describe your main approach
There are at least three ways to associate images with messages: using the post_meta field to save the image path, using the post_meta field to store the identifier of the image image library (more on this later) or assigning the image to the message as an application. In this example, the post_meta field will be used to store the image library identifier. YMMV. Multilateral coding
By default, WordPress creation and editing forms do not have enctype. If you want to upload a file, you need to add "enctype = 'multipart / form-data" to the form tag, otherwise the $ _FILES collection will not be skipped at all. WordPress 3.0 has a hook for this. In some previous versions (unsure of specifics) you should replace the form tag line.
function xxxx_add_edit_form_multipart_encoding() { echo ' enctype="multipart/form-data"'; } add_action('post_edit_form_tag', 'xxxx_add_edit_form_multipart_encoding');
Create metabox and download field
I will not go far in creating meta-fields, since most of you probably already know how to do this, but I will just say that you only need a simple meta-box with a file field in it. In the example below, I included some code to search for an existing image and display it if it exists. I also included some simple error / feedback functions that skip errors using the post_meta field. You will want to change this to use the WP_Error class ... this is just for demonstration.
// If there is an existing image, show it if($existing_image) { echo '<div>Attached Image ID: ' . $existing_image . '</div>'; } echo 'Upload an image: <input type="file" name="xxxx_image" id="xxxx_image" />'; // See if there a status message to display (we're using this to show errors during the upload process, though we should probably be using the WP_error class) $status_message = get_post_meta($post->ID,'_xxxx_attached_image_upload_feedback', true); // Show an error message if there is one if($status_message) { echo '<div class="upload_status_message">'; echo $status_message; echo '</div>'; } // Put in a hidden flag. This helps differentiate between manual saves and auto-saves (in auto-saves, the file wouldn't be passed). echo '<input type="hidden" name="xxxx_manual_save_flag" value="true" />'; } function xxxx_setup_meta_boxes() { // Add the box to a particular custom content type page add_meta_box('xxxx_image_box', 'Upload Image', 'xxxx_render_image_attachment_box', 'post', 'normal', 'high'); } add_action('admin_init','xxxx_setup_meta_boxes');
File Upload Processing
This is big - it actually handles the file upload, connecting to the save_post action. I have included a feature with a strong comment below, but I would like to point out two key WordPress features that it uses:
wp_handle_upload () does all the magic, well, handling the load. You just give it a link to your field in the $ _FILES array and an array of parameters (don't worry too much about this - the only thing you need to set is test_form = false. Trust me). However, this function does not add the downloaded file to the media library. It just downloads and returns a new file path (and, accordingly, the full URL). If a problem occurs, it returns an error.
wp_insert_attachment () adds an image to the media library and generates all the corresponding thumbnails. You just pass it a lot of parameters (name, message status, etc.) AND a LOCAL path (not a URL) to the file you just uploaded. The great thing about placing your images in a media library is that you can easily delete all files later by calling wp_delete_attachment and passing it the media library identifier of the item (which I do in the function below). With this function, you will also need to use wp_generate_attachment_metadata () and wp_update_attachment_metadata (), which will do exactly what you expect from them - to generate metadata for the media item.
function xxxx_update_post($post_id, $post) { // Get the post type. Since this function will run for ALL post saves (no matter what post type), we need to know this. // It also important to note that the save_post action can runs multiple times on every post save, so you need to check and make sure the // post type in the passed object isn't "revision" $post_type = $post->post_type; // Make sure our flag is in there, otherwise it an autosave and we should bail. if($post_id && isset($_POST['xxxx_manual_save_flag'])) { // Logic to handle specific post types switch($post_type) { // If this is a post. You can change this case to reflect your custom post slug case 'post': // HANDLE THE FILE UPLOAD // If the upload field has a file in it if(isset($_FILES['xxxx_image']) && ($_FILES['xxxx_image']['size'] > 0)) { // Get the type of the uploaded file. This is returned as "type/extension" $arr_file_type = wp_check_filetype(basename($_FILES['xxxx_image']['name'])); $uploaded_file_type = $arr_file_type['type']; // Set an array containing a list of acceptable formats $allowed_file_types = array('image/jpg','image/jpeg','image/gif','image/png'); // If the uploaded file is the right format if(in_array($uploaded_file_type, $allowed_file_types)) { // Options array for the wp_handle_upload function. 'test_upload' => false $upload_overrides = array( 'test_form' => false ); // Handle the upload using WP wp_handle_upload function. Takes the posted file and an options array $uploaded_file = wp_handle_upload($_FILES['xxxx_image'], $upload_overrides); // If the wp_handle_upload call returned a local path for the image if(isset($uploaded_file['file'])) { // The wp_insert_attachment function needs the literal system path, which was passed back from wp_handle_upload $file_name_and_location = $uploaded_file['file']; // Generate a title for the image that'll be used in the media library $file_title_for_media_library = 'your title here'; // Set up options array to add this file as an attachment $attachment = array( 'post_mime_type' => $uploaded_file_type, 'post_title' => 'Uploaded image ' . addslashes($file_title_for_media_library), 'post_content' => '', 'post_status' => 'inherit' ); // Run the wp_insert_attachment function. This adds the file to the media library and generates the thumbnails. If you wanted to attch this image to a post, you could pass the post id as a third param and it'd magically happen. $attach_id = wp_insert_attachment( $attachment, $file_name_and_location ); require_once(ABSPATH . "wp-admin" . '/includes/image.php'); $attach_data = wp_generate_attachment_metadata( $attach_id, $file_name_and_location ); wp_update_attachment_metadata($attach_id, $attach_data); // Before we update the post meta, trash any previously uploaded image for this post. // You might not want this behavior, depending on how you're using the uploaded images. $existing_uploaded_image = (int) get_post_meta($post_id,'_xxxx_attached_image', true); if(is_numeric($existing_uploaded_image)) { wp_delete_attachment($existing_uploaded_image); } // Now, update the post meta to associate the new image with the post update_post_meta($post_id,'_xxxx_attached_image',$attach_id); // Set the feedback flag to false, since the upload was successful $upload_feedback = false; } else { // wp_handle_upload returned some kind of error. the return does contain error details, so you can use it here if you want. $upload_feedback = 'There was a problem with your upload.'; update_post_meta($post_id,'_xxxx_attached_image',$attach_id); } } else { // wrong file type $upload_feedback = 'Please upload only image files (jpg, gif or png).'; update_post_meta($post_id,'_xxxx_attached_image',$attach_id); } } else { // No file was passed $upload_feedback = false; } // Update the post meta with any feedback update_post_meta($post_id,'_xxxx_attached_image_upload_feedback',$upload_feedback); break; default: } // End switch return; } // End if manual save flag return; } add_action('save_post','xxxx_update_post',1,2);
Rights, property rights and security
If you are having trouble downloading, it’s probably due to permissions. I am not an expert on server configuration, so please correct me if this part is inconvenient.
First, make sure your wp-content / uploads folder exists and belongs to apache: apache. If so, you should be able to set permissions to 744, and everything should work. Ownership is important - even installing perms on 777 sometimes will not help if the directory does not belong properly.
You should also consider restricting the types of files downloaded and executed using the htaccess file. This prevents users from downloading files that are not images, and from running scripts disguised as images. You should probably do this for more authoritative information, but you can make a simple file type, for example:
<Files ^(*.jpeg|*.jpg|*.png|*.gif)> order deny,allow deny from all </Files>