Hello Guys
Not sure if this is the right place to ask.
If not can you point me to the right direction?
​
So I got a code to add different files to the user meta in the Backend of my WordPress/ Woocommerce site (also crossposted). The Fields should not get displayed in the frontend or be editable by the user itself. It is just to store some info about the user for admins.
My question is, do you guys see any problems with the code or problems that could occure in the future? I am not that big of a pro with this. Most of the Code was written by AI even.
I would really appreciate if you could share your thoughts on this.
Thank you so much.
The code basically adds a dropdown and three textfields to all users with a specific role. It also checks if another user with the same value in the “Vereinsname” textfield exists and warns you if so.
​
function add_custom_user_profile_fields($user) {
$cantons = [
‘AU’ => ‘Auswählen…’, ‘AG’ => ‘Aargau’, ‘AR’ => ‘Appenzell Ausserrhoden’, ‘AI’ => ‘Appenzell Innerrhoden’,
‘BL’ => ‘Basel-Landschaft’, ‘BS’ => ‘Basel-Stadt’, ‘BE’ => ‘Bern’,
‘FR’ => ‘Freiburg’, ‘GE’ => ‘Genf’, ‘GL’ => ‘Glarus’,
‘GR’ => ‘Graubünden’, ‘JU’ => ‘Jura’, ‘LU’ => ‘Luzern’,
‘NE’ => ‘Neuenburg’, ‘NW’ => ‘Nidwalden’, ‘OW’ => ‘Obwalden’,
‘SG’ => ‘St. Gallen’, ‘SH’ => ‘Schaffhausen’, ‘SZ’ => ‘Schwyz’,
‘SO’ => ‘Solothurn’, ‘TG’ => ‘Thurgau’, ‘TI’ => ‘Tessin’,
‘UR’ => ‘Uri’, ‘VS’ => ‘Wallis’, ‘VD’ => ‘Waadt’,
‘ZG’ => ‘Zug’, ‘ZH’ => ‘Zürich’
];
if (in_array(‘vereinskonto’, (array) $user->roles)) {
echo ‘<h3>Vereinsinformationen</h3><table class=”form-table”>’;
echo ‘<tr><th><label for=”club_name”>Vereinsname</label></th><td>’;
echo ‘<input type=”text” name=”club_name” id=”club_name” value=”‘ . esc_attr(get_the_author_meta(‘club_name’, $user->ID)) . ‘” class=”regular-text” />’;
echo ‘</td></tr>’;
echo ‘<tr><th><label for=”canton”>Kanton</label></th><td>’;
echo ‘<select name=”canton” id=”canton” class=”regular-text”>’;
foreach ($cantons as $abbr => $name) {
echo sprintf(‘<option value=”%s” %s>%s</option>’, esc_attr($abbr), selected(get_the_author_meta(‘canton’, $user->ID), $abbr, false), esc_html($name));
}
echo ‘</select></td></tr>’;
echo ‘<tr><th><label for=”club_website”>Webseite des Vereins</label></th><td>’;
echo ‘<input type=”text” name=”club_website” id=”club_website” value=”‘ . esc_attr(get_the_author_meta(‘club_website’, $user->ID)) . ‘” class=”regular-text” />’;
echo ‘</td></tr>’;
echo ‘<tr><th><label for=”club_instagram”>Instagram-Profil</label></th><td>’;
echo ‘<input type=”text” name=”club_instagram” id=”club_instagram” value=”‘ . esc_attr(get_the_author_meta(‘club_instagram’, $user->ID)) . ‘” class=”regular-text” />’;
echo ‘</td></tr>’;
echo ‘</table>’;
}
wp_nonce_field(‘update_profile_’ . $user->ID, ‘custom_user_profile_nonce’);
}
add_action(‘show_user_profile’, ‘add_custom_user_profile_fields’);
add_action(‘edit_user_profile’, ‘add_custom_user_profile_fields’);
function save_custom_user_profile_fields($user_id) {
if (!current_user_can(‘edit_user’, $user_id)) {
return false;
}
// Überprüfe das Nonce-Feld
if (!isset($_POST[‘custom_user_profile_nonce’]) || !wp_verify_nonce($_POST[‘custom_user_profile_nonce’], ‘update_profile_’ . $user_id)) {
wp_die(‘Sicherheitsüberprüfung fehlgeschlagen.’);
}
// Prüfen, ob Vereinsname eingegeben wurde und nicht leer ist. Füge Sanitization hinzu.
if (isset($_POST[‘club_name’]) && !empty(trim($_POST[‘club_name’]))) {
$existing_users = get_users(array(
‘meta_key’ => ‘club_name’,
‘meta_value’ => sanitize_text_field($_POST[‘club_name’]),
‘exclude’ => array($user_id),
‘fields’ => ‘ID’
));
if (!empty($existing_users)) {
$existing_user_id = $existing_users[0]; // ID des ersten gefundenen Benutzers
wp_die(‘Fehler: Dieser Vereinsname ist bereits bei Benutzer ID ‘ . $existing_user_id . ‘ hinterlegt.’);
return;
}
update_user_meta($user_id, ‘club_name’, sanitize_text_field($_POST[‘club_name’]));
}
// Sanitization für Kanton, Webseite und Instagram
if (isset($_POST[‘canton’])) {
update_user_meta($user_id, ‘canton’, sanitize_text_field($_POST[‘canton’]));
}
if (isset($_POST[‘club_website’])) {
update_user_meta($user_id, ‘club_website’, esc_url_raw($_POST[‘club_website’]));
}
if (isset($_POST[‘club_instagram’])) {
update_user_meta($user_id, ‘club_instagram’, sanitize_text_field($_POST[‘club_instagram’]));
}
}
add_action(‘personal_options_update’, ‘save_custom_user_profile_fields’);
add_action(‘edit_user_profile_update’, ‘save_custom_user_profile_fields’);
​
What is your question? If you aren’t a developer, why not just use ACF?