Thanks to a variety of posts on here I’ve managed to put together a front end submission form. After about 24 hours of tweaking I’ve finally got everything working including a redirect to a ‘success’ page after submission, but I have no idea what to do with the nonce.
Here is the form page: http://pastebin.com/YWyXL3jY
And here is the success page: http://pastebin.com/3Usu0Pt6
They are both custom page templates (I know the formatting is a bit all over the place at the moment as different parts came from different sources, and I don’t think I’m going to use the file upload feature as I’d rather use a plugin for better security).
Does the nonce need to be processed before the user is redirected to the success page? I have no experience at all with nonce’s and am a ‘copy and paste’ php coder so please be gentle!
Huge thanks for any advice you can give 🙂
4 s
Use the following code inside just before tag on your front end code.
wp_nonce_field('name_of_your_action', 'name_of_your_nonce_field');
The above code will generate two hidden inputs inside your form tag. Now you can verify your nonce in the backend where you will process your form. Use the following code to verify the nonce you just created above.
if(wp_verify_nonce($_REQUEST['name_of_your_nonce_field'], 'name_of_your_action')){
// Nonce is matched and valid. do whatever you want now.
} else {
// Invalid nonce. you can throw an error here.
}
One note: see carefully how “name_of_your_action” is the first argument of ‘wp_nonce_field()‘ function and it is the second argument of ‘wp_verify_nonce()‘ function. 🙂 So, do not use it as the first argument in both functions. Many people make this mistake so I wanted to mention.
