Nonces
Nonces helps protect your actions from misuses by generating and verifying tokens. Nonces are used to verify if the person performing a specific action is entitled to do so.
Creating nonces
Create an instance of the Backyard\Nonces\Nonce
class by passing a slug.
$nonce = new Nonce( $slug );
You have to pass the nonce further and verify it before finalizing the operation. Usually, this token is transferred as part of the request, as URL query parameter or form hidden input.
Nonce field output
To add nonces to your forms, use the render()
method of the Nonce
class.
$nonce = new Nonce( $slug );
In your form's html:
<form action="#">
<label for="fname">First name:</label><br>
<input type="text" id="fname" name="fname" value="John"><br>
<?php echo $nonce->render(); ?>
<input type="submit" value="Submit">
</form>
Nonce URL generation
Use the url()
method of the Nonce
class to generate nonce urls. The method requires the url to which the nonce will be attached as query parameter.
$url = ( new Nonce( $slug ) )->url( admin_ur() );
Verifying nonces
You can validate nonces with the check()
method of the Nonce
class. The method requires the token to be passed as argument.
$nonce = new Nonce( $slug );
$valid = $nonce->check( $_POST[ $nonce->getKey() ] );
Verifying nonces with Factories
In some cases you may want to verify nonces using the NonceFactory
class.
if ( ! NonceFactory::verify( $slug ) ) {
return;
}