add an admin only javascript field in posts

[ciqala]

I have a dvd forum and when i create a post about a release i include a cover picture and a link to amazon.com

I now want to use the "buy it from amazon" buttons which creates an amazon style image and when its clicked you can add to your amazon cart instantly and carry on looking at the forum or go to checkout.

the problem is they give you a piece of javascript to insert and I understand putting the ability to post executable javascript in a post is a big big security no no.

the only apparent solution would be to add a new field to the page where you create your post which only appears for admins

you can then post the code into the fiels and have it appear in the top of the postbit or wherever you want.

it would need to be database driven so that it could store the code but my programming knowledge sadly only includes if...endif and include() when it comes to php. plus i'm not sure if it would be better to create a new table to store the info or if you should add it to the end of one of the other tables...

anyways i think this is a hack that would be very useful for a multitude of reasons not limited only to amazon buttons it would allow the admins to use any <script> code they wanted without fear of the users being able to do the same.

here is an example of the code i need to include...

Quote:

<script language="JavaScript">
function popUp(URL,NAME) {
amznwin=window.open(URL,NAME,'location=yes,scrollb ars=yes,status=yes,toolbar=yes,resizable=yes,width =380,height=450,screenX=10,screenY=10,top=10,left= 10');
amznwin.focus();}
document.open();
document.write("<a href=javascriptopUp('http://buybox.amazon.com/exec/obidos/redirect?tag=hiphopdvds-20&link_code=xsc&creative=23424&camp=2025&path=/dt/assoc/tg/aa/xml/assoc/-/B00005JKCH/hiphopdvds-20/ref=ac_bb5_,_amazon')><img src=http://rcm-images.amazon.com/images/G/01/associates/remote-buy-box/buy5.gif border=0 alt='Buy from Amazon.com' ></a>");
document.close();
</script>
<noscript>
<form method="POST" action="http://buybox.amazon.com/o/dt/assoc/handle-buy-box=B00005JKCH">
<input type="hidden" name="asin.B00005JKCH" value="1">
<input type="hidden" name="tag-value" value="hiphopdvds-20">
<input type="hidden" name="tag_value" value="hiphopdvds-20">
<input type="image" name="submit.add-to-cart" value="Buy from Amazon.com" border="0" alt="Buy from Amazon.com" src="http://rcm-images.amazon.com/images/G/01/associates/add-to-cart.gif">
</form>
</noscript>

if someone can do this or provide me with a similiar hack that i could use for guidance it would be very much appreciated.

Cheers

Ciq

[okrogius]

Create a new bb tag code with the parameter being the ASIN, then simply post as normal. No hacking needed.

[ciqala]

After realising that i basically only need html as it uses <script> I tried installing a hack to allow only admins to post html but it doesnt seem to like it still as the code i posted above shows as blank.

The bb code thing sounds interesting but wouldnt that mean that you would still only get a hardcoded link to the product page. my reason for doing this is to utilise a special amazon.com associates feature that creates an image based button which pops up a special amazon window which has built in cart functionality.

[okrogius]

No, it woudln't be hardcoded. Read my post.

[ciqala]

my apologies this head cold is not helping me think straight.

I created this vbcode but its still not working perhaps you can help me out.

vB code tag: amazon
vB code replacement: code as posted above with asin replaced by {option}
vB code example: [amazon=00000000][/amazon]
Use option = Yes

When i save this it messes up the display of the list of custom vBcodes in the adminCP and when i edit it I see that it cuts off the code about midway through. i'm assuming that its because the relevant column in the db has a 255 char limit.

I tried to change it to replace it with a php include that includes a basic php function that echos the text and fills in the asin with the variable i passed. the only problem is that this doesnt get parsed as php code so it just appears in the thread as <?php>include('some_file.php');</?>.

I'm thinking the only way to acheive it using vBcode is to create a .js that holds the code i need and then use a two-line piece of html that sets a variable with the asin and then calls the script whilst passing it the asin at the same time. but i dont know javascript.

am i on the right track?

thanks for your help

Ciqala