Function Reference/wp create nonce

来自WordPress中文文档
跳转至: 导航搜索

Description

Generates and returns a nonce. The nonce is generated based on the current time, the $action argument, and the current user ID.

Usage

%%%<?php wp_create_nonce( $action ); ?>%%%

Parameters

tt$action/tt
(string/int) (optional) Action name. Should give the context to what is taking place. Optional but recommended.
Default: -1noinclude

div class=template-description style=padding: 0 1.5em; border: 1px solid #eeeeee; background-color: #f9f9f9

Notes

This template is for standardizing how parameters look in the Function Reference and in Template Tags. Here is an example of this template being called: prenowiki检查到模板循环:模板:Parameter/nowiki/pre 检查到模板循环:模板:Parameter

The usage of this template is below: prenowiki检查到模板循环:模板:Parameter/nowiki/pre Let's take a closer look at the parameters..

name
The name of the parameter.
datatype
The datatype that should be given for this parameter when called.
  • string
  • integer
  • boolean
  • mixed
description
A short description of the parameter.
importance
Set this parameter to optional if the parameter is optional. Otherwise, do not declare this parameter—it defaults to required.
  • required
  • optional
default
If this parameter is optional, ttdefault/tt is the value that will be used if the parameter is not declared.

wordpress.org.cn /div /noinclude

Return Values

tt/tt
tt style=color:gray@return/tt (string) tt style=color:blue/tt: The one use form token.noinclude

div class=template-description style=padding: 0 1.5em; border: 1px solid #eeeeee; background-color: #f9f9f9

Description

This template is for standardizing how return values look in the Function Reference and in Template Tags.

Parameters

(1|param|param)
Return param or value (also can be: null, void...).
(2|datatype|datatype)
Datatype of return value.
(3|description|description)
Description of return value.

Usage

prenowiki检查到模板循环:模板:Return/nowiki/pre

Example

prenowiki检查到模板循环:模板:Return/nowiki/pre

Output

检查到模板循环:模板:Return /div /noinclude

Example

In this simple example, we create an nonce and use it as one of the GET query parameters in a URL for a link. When the user clicks the link they are directed to a page where a certain action will be performed (for example, a post might be deleted). On the target page the nonce is verified to insure that the request was valid (this user really clicked the link and really wants to perform this action).

<?php
// Create an nonce for a link.
// We pass it as a GET parameter.
// The target page will perform some action based on the 'do_something' parameter.
$nonce = wp_create_nonce( 'my-nonce' );
?>
<a href='myplugin.php?do_something=some_action&_wpnonce=<?php echo $nonce; ?>'>Do some action</a>

<?php 
// This code would go in the target page.
// We need to verify the nonce.
$nonce = $_REQUEST['_wpnonce'];
if ( ! wp_verify_nonce( $nonce, 'my-nonce' ) ) {
    // This nonce is not valid.
    die( 'Security check' ); 
} else {
    // The nonce was valid.
    // Do stuff here.
}
?>

In the above example we simply called our nonce 'my-nonce'. It is best to choose a name for the nonce that is specific to the action. For example, if we were to create an nonce that would be part of a request to delete a post, we might call it 'delete_post'. Then to make it more specific, we could append the ID of the particular post that the nonce was for. For example 'delete_post-5' for the post with ID 5.

wp_create_nonce( 'delete_post-' . $post_id );

Then we would verify the nonce like this:

wp_verify_nonce( $nonce, 'delete_post-' . $_REQUEST['post_id'] );

In general, it is best to make the name for the action as specific as possible.

Notes

Change Log

Source File

wp_create_nonce() is located in onlyincludecodewp-includes/pluggable.php/code/onlyinclude

div class=template-description style=padding: 0 1.5em; border: 1px solid #eeeeee; background-color: #f9f9f9

Template Description

Link to the source code on http://core.trac.wordpress.org/browser/.

Parameters

  1. filename
  2. (option) path to codetag/code (version) or codetrunk/code. This option is only used for a new function.br /Default: codetrunk/code -- trunk is the latest bleeding edge development version of WordPress.

Usage

Link to the stable version: pre检查到模板循环:模板:Trac/pre

Link to trunk: pre检查到模板循环:模板:Trac/pre

/div

wordpress.org.cn.

Related

模板:Nonces

Resources

includeonlydiv style=clear:both; background-color:#F7F7F7; border:1px solid #CCCCCC; color:#000000; padding:7px; margin:0.5em auto 0.5em auto; vertical-align:middle;See also index of Function Reference and index of Template Tags./div/includeonlynoinclude

Description

This Template is used by Codex:Template Messages.

Usage

pre 检查到模板循环:模板:Message /pre

Result

检查到模板循环:模板:Message

/noinclude