Admin CP modules

Adding pages to the administration panel has an extremely simple API that, like many other events, must be called at the session_started hook. The method for adding admin CP pages is $paths->addAdminNode(). The parameters are as follows:

  • The category of pages; optionally, a localized string ID
  • The name of your page, also can be localized
  • The URL name (page_id) of your page
  • Optional: The URL or relative path to an icon for your page.

Administration pages are in the Admin namespace. Send your page content by creating a function using the same format as for special pages, page_Admin_Foo.

Security

Always check $session->auth_level to make sure that it is at least USER_LEVEL_ADMIN before processing anything in your page. Enano checks this for you in version 1.1.6, but you should have this protection in place anyway in case your plugin is installed on an older version of Enano. This is similar to the vulnerability that resulted in the release of Wordpress 2.8.1.

In Enano 1.1.6, if your administration page is loaded through the admin panel when the user is not properly identified (for example, due to an expired session), Enano will use Live Re-auth to obtain a new session key and your page will be loaded automatically upon successful authentication. This is a built-in feature so you don't need to worry about adding support for yourself.

Javascript

Because of how admin pages are loaded, attributes like onload do not work, and <script> tags are not parsed. To add Javascript code to the admin panel, use $template->preload_js() for Enano components and $template->add_header() for your own script files.

Example

$plugins->attachHook('session_started', "myplugin_add_admincp();");
 
function myplugin_add_admincp()
{
  global $paths;
 
  $paths->addAdminNode('adm_cat_general', 'My plugin configuration',
      'MyPluginConfig', cdnPath . '/plugins/myplugin/admin-icon.png');
}
 
function page_Admin_MyPluginConfig()
{
  // Security check
  global $session;
  if ( $session->auth_level < USER_LEVEL_ADMIN )
    return false;
 
  echo 'It works!';
}

Categories: (Uncategorized)