Forum Replies Created
-
AuthorPosts
-
March 7, 2013 at 4:03 am in reply to: wp_verify_nonce – Security Check – not sure why it errors #3309
Allbound
MemberHere’s one: http://www.ucibulldogs.com
I can tell you when it is happening: when a user keeps their browser open long enough to surpass the default WP session of 14 days. So at some point after 14 days they suddenly get logged out, but not completely. The system sort of thinks they are logged in, but they are not. They can then quit out of the browser completely (PC IC, Mac FF and Chrome tested so far) and the can then log right back in with no problem.
So now I need to see what is happening when the 14 days ends and the user is sent to log in, but some of elements of the old session still remain – specifically something related to the nonce and cookies.
I am going to do some testing and narrow this down. My theory is that I could just have the code do a refresh and clear out all session elements vs. die with error message. But it’s ajax so who knows I can do that there.
We’ll do some testing and report back.
Memberi don’t think this has been fulled fixed as of version pro 1.1.3rc1.
it works some of the time, but every now and then – like once a week – i get locked out of my site. everyone does.
the first time i reinstalled the plugin and that fixed it. no such luck today.
so today i just set function verifyNonce() to just return true all the time.
i’m sure that is a security hole and a bad thing, but right now it’s less of an issue than no one being able to log in at all – including me.
happy to help track it down if you need me.
Memberwell, you would need to know when to change this user’s role. you would not want to just update any user profile to a different role, any time they updated their profile.
so, how would you know when to update this role? only when the user fills out one specific form, right?
if so, then you could just use a custom field on the form as a trigger to update the user role.
that’s all i’m thinking is done here. but it could really work in a million different ways.
Memberi was just giving you some items to use. but you’d need to flush it out… to something like this…
add_action( ‘profile_update’, ‘my_profile_update’ );
function my_profile_update($user_id) {
// get the user object
$user = get_userdata($user_id);
// get the custom field you want to use to store your role
// change ‘role’ to your key value of your form field
$role = get_user_meta($user_id,’role’,true);// does it exist?
if($role != ”)
{
$user->remove_role(‘signataire’);
$user->add_role(‘membre’);
}
return true;
}you could actually store 2 things on the form… old and new role. you have lots of flexibility form here.
Membersorry, i should have explained out the add_role remove_role a little better…
you need to get the user object, then call the action on that…
$user = get_userdata($user_id);
$user->remove_role(‘signataire’);
$user->add_role(‘membre’);Memberi can’t get the user_meta_pre_user_register to ever work. so instead i use:
add_action(‘user_register’, ‘myfunctionname’);
in this case, however, you want to update the user role for an existing user, right?
in that case i’d do something simple like this: ask them the question you care about … like “membership level”. have that be a custom field on the profile. and then run an action on user_update to double check their role based on that field value.
add_action( ‘profile_update’, ‘my_profile_update’ );
function my_profile_update( $user_id, $old_user_data ) {
// get the user_meta field you care about here// get the user role
//remove_role( ‘whatever current role is’ );
// add_role( ‘whatever you want it to be’ );
return true;
}Memberalso looking for multisite registration…
Memberi’ve tried hooking the process, but i can’t get the hook to actually fire. and i’ve copied/pasted from the docs… this is my morning’s project so i’ll post back here in a few if i solve anything.
Memberwhat’s the url to the actual form on screen? i bet that’d help any of us look at the generated code and suggest a fix.
-
AuthorPosts
