Home

wp_verify_nonce

February 12, 2011 by Thorsten 0 Comments

Definition:
function wp_verify_nonce($nonce, $action = -1) {}

Verify that correct nonce was used with time limit.
The user is given an amount of time to use the token, so therefore, since the UID and $action remain the same, the independent variable is the time.

Parameters

  • string $nonce: Nonce that was used in the form to verify
  • string|int $action: Should give context to what is taking place and be the same when nonce was created.

Return values

returns:Whether the nonce check passed or failed.

Source code

function wp_verify_nonce($nonce, $action = -1) {

	$user = wp_get_current_user();

	$uid = (int) $user->ID;



	$i = wp_nonce_tick();



	// Nonce generated 0-12 hours ago

	if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce )

		return 1;

	// Nonce generated 12-24 hours ago

	if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) == $nonce )

		return 2;

	// Invalid nonce

	return false;

}

4259

/wp-includes/pluggable.php, Documentation, Files, Functions, Functions by letter w
, ,

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: