craftcms / guest-entries
This plugin allows you to save guest entries from the front-end of your website.
Installs: 86 345
Dependents: 3
Suggesters: 0
Security: 0
Stars: 106
Watchers: 12
Forks: 26
Open Issues: 12
Type:craft-plugin
Requires
- craftcms/cms: ^4.0.0-RC3|^5.0.0-beta.1
Requires (Dev)
- craftcms/ecs: dev-main
- craftcms/phpstan: dev-main
- craftcms/rector: dev-main
README
Allow guests to create entries from your site’s front end.
Requirements
Guest Entries requires Craft CMS 4.0.0+ or 5.0.0+.
Installation
You can install Guest Entries from the Plugin Store or with Composer.
From the Plugin Store
Go to the Plugin Store in your project’s control panel (in an environment that allows admin changes), search for “Guest Entries,” then click Install.
With Composer
Open your terminal and run the following commands:
# Navigate to your project directory: cd /path/to/my-project # Require the plugin package with Composer: composer require craftcms/guest-entries -w # Install the plugin with Craft: php craft plugin/install guest-entries
Settings
From the plugin settings page, you can configure…
- …which sections should allow guest entry submissions;
- …the default entry authors and statuses;
- …and whether submissions should be validated before being accepted.
Usage
A basic guest entry template should look something like this:
{# Macro to help output errors: #} {% macro errorList(errors) %} {% if errors %} {{ ul(errors, { class: 'errors' }) }} {% endif %} {% endmacro %} {# Default value for the `entry` variable: #} {% set entry = entry ?? null %} <form method="post" action="" accept-charset="UTF-8"> {# Hidden inputs required for the form to work: #} {{ csrfInput() }} {{ actionInput('guest-entries/save') }} {# Custom redirect URI: #} {{ redirectInput('success') }} {# Section for new entries: #} {{ hiddenInput('sectionHandle', 'mySectionHandle') }} {# Entry properties and custom fields: #} <label for="title">Title</label> {{ input('text', 'title', entry ? entry.title, { id: 'title' }) }} {{ entry ? _self.errorList(entry.getErrors('title')) }} <label for="body">Body</label> {{ tag('textarea', { text: entry ? entry.body, id: 'body', name: 'fields[body]', }) }} {{ entry ? _self.errorList(entry.getErrors('body')) }} {# ... #} <button type="submit">Publish</button> </form>
Note
The process of submitting data and handling success and error states is outlined in the controller actions documentation.
Supported Params
The following parameters can be sent with a submission:
Form Tips
Specifying a Section + Entry Type
The plugin determines what section the new entry is created in by looking for a sectionHandle
, sectionUid
, or sectionId
param, in this order. Entry types, on the other hand, can only be defined by a typeId
param—but because IDs can be unstable between environments, you must look them up by a known identifier.
Granted you will already have a section (or at least a section handle), the easiest way to do this is via the section model:
{% set targetSection = craft.app.sections.getSectionByHandle('resources') %} {% set entryTypes = targetSection.getEntryTypes() %} {# Select a single type, identified by its handle: #} {% set targetEntryType = collect(entryTypes).firstWhere('handle', 'document') %} {{ hiddenInput('sectionId', targetSection.id) }} {{ hiddenInput('typeId', targetEntryType.id) }}
Sending Custom Fields
Custom field data should be nested under the fields
key, with the field name in [squareBrackets]
:
<input type="text" name="fields[myCustomFieldHandle]" value="{{ entry ? entry.myCustomFieldHandle }}">
If entries in the designated section are enabled by default, validation will occur on all custom fields, meaning those marked as required in the entry type’s field layout must be sent with the submission. Refer to the field types documentation to learn about the kinds of values that Craft accepts.
Warning
Omitting a field from your form does not mean it is safe from tampering! Clever users may be able to modify the request payload and submit additional field data. If this presents a problem for your site, consider using an event to clear values or reject submissions.
Validation Errors
If there are validation errors on the entry, the page will be reloaded with the populated craft\elements\Entry
object available under an entry
variable. You can access the posted values from that object as though it were a normal entry—or display errors with getErrors()
, getFirstError()
, or getFirstErrors()
.
Note
Theentry
variable can be renamed with the “Entry Variable Name” setting in the control panel. This might be necessary if you want to use a form on an entry page that already injects a variable of that name.
Redirection
Send a redirect
param to send the user to a specific location upon successfully saving an entry. In the example above, this is handled via the redirectInput('...')
function. The path is evaluated as an object template, and can include properties of the saved entry in {curlyBraces}
.
Submitting via Ajax
If you submit your form via Ajax with an Accept: application/json
header, a JSON response will be returned with the following keys:
success
(boolean) – Whether the entry was saved successfullyerrors
(object) – All of the validation errors indexed by field name (if not saved)id
(string) – the entry’s ID (if saved)title
(string) – the entry’s title (if saved)authorUsername
(string) – the entry’s author’s username (if saved)dateCreated
(string) – the entry’s creation date in ISO 8601 format (if saved)dateUpdated
(string) – the entry’s update date in ISO 8601 format (if saved)postDate
(string, null) – the entry’s post date in ISO 8601 format (if saved and enabled)url
(string, null) – the entry’s public URL (if saved, enabled, and in a section that has URLs)
Viewing Entries
Using a redirect
param allows you to show a user some or all of the content they just submitted—even if the entry is disabled, by default.
Warning
Take great care when displaying untrusted content on your site, especially when subverting moderation processes!
Enabled by Default
Entries in sections with URLs can be viewed immediately, with this redirect
param:
{{ redirectInput('{url}') }}
Disabled by Default
In order to display an entry that is disabled, you will need to set up a custom route…
<?php return [ // This route uses the special `{uid}` token, which will // match any UUIDv4 generated by Craft: 'submissions/confirmation/<entryUid:{uid}>' => ['template' => '_submissions/confirmation'], ];
…and direct users to it by including {{ redirectInput('submissions/confirmation/{uid}') }}
in the entry form. Your template (_submissions/confirmation.twig
) will be responsible for looking up the disabled entry and displaying it, based on the entryUid
route token that Craft makes available:
{% set preview = craft.entries() .status('disabled') .section('documents') .uid(entryUid) .one() %} {# Bail if it doesn’t exist: #} {% if not preview %} {% exit 404 %} {% endif %} {# Supposing the user’s name was recorded in the `title` field: #} <h1>Thanks, {{ preview.title }}!</h1> <p>Your submission has been recorded, and is awaiting moderation.</p>
This query selects only disabled
entries so that the “preview” is invalidated once the entry goes live. This “confirmation” URI does not need to match the actual URI of the entry.
Events
Guest Entries augments the normal events emitted during the entry lifecycle with a few of its own, allowing developers to customize the submission process.
The following snippets should be added to your plugin or module’s init()
method, per the official event usage instructions.
The beforeSaveEntry
event
Plugins can be notified before a guest entry is saved, using the beforeSaveEntry
event. This is also an opportunity to flag the submission as spam, and prevent it being saved:
use craft\helpers\StringHelper; use craft\guestentries\controllers\SaveController; use craft\guestentries\events\SaveEvent; use yii\base\Event; // ... Event::on( SaveController::class, SaveController::EVENT_BEFORE_SAVE_ENTRY, function(SaveEvent $e) { // Get a reference to the entry object: $entry = $e->entry; // Perform spam detection logic of your own design: if (StringHelper::contains($entry->title, 'synergy', false)) { // Set the event property: $e->isSpam = true; } } );
The afterSaveEntry
event
Plugins can be notified after a guest entry is saved, using the afterSaveEntry
event:
use craft\guestentries\controllers\SaveController; use craft\guestentries\events\SaveEvent; use yii\base\Event; // ... Event::on( SaveController::class, SaveController::EVENT_AFTER_SAVE_ENTRY, function(SaveEvent $e) { // Grab the entry $entry = $e->entry; // Was it flagged as spam? $isSpam = $e->isSpam; } );
The afterError
event
Plugins can be notified right after a submission is determined to be invalid using the afterError
event:
use craft\guestentries\controllers\SaveController; use craft\guestentries\events\SaveEvent; use yii\base\Event; // ... Event::on( SaveController::class, SaveController::EVENT_AFTER_ERROR, function(SaveEvent $e) { // Grab the entry $entry = $e->entry; // Get any validation errors $errors = $entry->getErrors(); } );