我正在创建一个用于用户注册的自定义插件,步骤如下:
创建 HTML 表单字段的函数
function render_registration_form() {
ob_start();
...
<input type="hidden" id="register_nonce" name="register_nonce" value="<?php wp_create_nonce('generate-nonce'); ?>" />
//Above line does not create a nonce at all
...
return ob_get_clean();
}
用作显示上述表单的简码的函数
function custom_user_registration_form() {
//Render registration form only if user is not logged in already!
if(!is_user_logged_in()) {
$registration_enabled = get_option('users_can_register');
if($registration_enabled) {
$output = render_registration_form(); (written above)
} else {
$output = __('User registration is not enabled');
}
return $output;
} else {
return _e('You are already logged in!');
}
}
add_shortcode('注册用户', 'custom_user_registration_form');
验证新用户并将其与元一起添加到数据库的函数:
function validate_and_create_user() {
if(isset($_POST['txt_username']) && wp_verify_nonce($_POST['register_nonce'], 'register-nonce')) {
$user_data = array(
'user_login' => $loginid,
'user_pass' => $password,
'user_nicename' => $first_name,
'display_name' => $first_name . ' ' . $last_name,
'user_email' => $email,
'first_name' => $first_name,
'last_name' => $last_name,
'user_registered' => date('Y-m-d H:i:s'),
'role' => 'subscriber'
);
$new_user_id = wp_insert_user($user_data);
...
}
add_action('init', 'validate_and_create_user');
由于在表单内没有创建 nonce 值,因此检查 wp_verify_nonce($_POST['register_nonce'], 'register-nonce') 总是失败并且没有用户数据正在保存在数据库中。
根据https://codex.wordpress.org/Pluggable_Functions :
Pluggable functions are no longer being added to WordPress core. All new functions instead use filters on their output to allow for similar overriding of their functionality.
我是 WordPress 新手。我该如何解决这个问题?
最佳答案
试试这个:
wp_nonce_field('register_nonce');
在输入的地方。
为了检索随机数,请使用以下内容
$retrieved_nonce = $_REQUEST['_wpnonce'];
if (!wp_verify_nonce($retrieved_nonce, 'register_nonce')) die( 'Failed security check' );
关于WordPress:wp_create_nonce() 未在自定义插件中创建值,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42624822/