admin管理员组

文章数量:1336320

I want to use check_ajax_referer() to verify a WP_nonce field using AJAX. Here you can find my html element. 

<input type="hidden" name="login_nonce" value="<?= wp_create_nonce('login_nonce'); ?>"/>

Using jQuery I'm sending all the values from input fields to a POST request: 

request = $.ajax({
  type: 'POST',
  url: 'handle-login.php',
  data: {
    user: $('input[name="login_username"]').val(),
    pass: $('input[name="login_password"]').val(),
    security: $('input[name="login_nonce"]').val()
  },
  dataType: 'json'
});

In handle-login.php I'm try doing the following:

require_once $_SERVER['DOCUMENT_ROOT'].'/wp-load.php';

$return = array();
if( check_ajax_referer( 'login_nonce', $_POST['security'], false ) )
    $return['nonce'] = $_POST['login_nonce'];

echo $return

But in return I'll get nothing.. Someone knows what is up?

I want to use check_ajax_referer() to verify a WP_nonce field using AJAX. Here you can find my html element. 

<input type="hidden" name="login_nonce" value="<?= wp_create_nonce('login_nonce'); ?>"/>

Using jQuery I'm sending all the values from input fields to a POST request: 

request = $.ajax({
  type: 'POST',
  url: 'handle-login.php',
  data: {
    user: $('input[name="login_username"]').val(),
    pass: $('input[name="login_password"]').val(),
    security: $('input[name="login_nonce"]').val()
  },
  dataType: 'json'
});

In handle-login.php I'm try doing the following:

require_once $_SERVER['DOCUMENT_ROOT'].'/wp-load.php';

$return = array();
if( check_ajax_referer( 'login_nonce', $_POST['security'], false ) )
    $return['nonce'] = $_POST['login_nonce'];

echo $return

But in return I'll get nothing.. Someone knows what is up?

  • jquery
  • ajax
  • nonce
Share Improve this question edited Dec 7, 2015 at 10:42 ronnyrr asked Dec 7, 2015 at 10:08 ronnyrrronnyrr 3832 gold badges6 silver badges16 bronze badges
Add a comment  | 

3 Answers 3

Reset to default 8

Difficult to say for sure where the mistake is as you have not mentioned about your add_action('wp_ajax_my_function','whatever_callback');which I think you missed out on that. But your question is missing info in this respect.

This is how I would get on about this:

In your functions.php file or similar:

add_action(wp_ajax_handle_login, 'handle_login_ajax');
add_action(wp_ajax_nopriv_handle_login, 'handle_login_ajax');

Make sure your handle-login.php file is declared on your main php file from your plugin or theme such as functions.php

require_once plugin_dir_path(__FILE__) . 'handle-login.php';

You should declare nonce variables and the ajax url right after your js file hook, you will be able to access these after:

wp_enqueue_script('wccajs',plugin_dir_url( dirname(__FILE__) ) . 'login.js',array('jquery'),'1.0',false);

wp_localize_script('wccajs','MyAjax',array( 
    'ajax_url' => admin_url( 'admin-ajax.php' ),
    'security' => wp_create_nonce('handle_login')
) );

In your handle-login.php file:

function handle_login_ajax(){
    check_ajax_referer('handle_login', 'security');
    $return = array();
    echo $return;
    wp_die(); // You missed this too
}

Your Javascript file:

function send_stuff_to_server(){

var data = {
    'action': 'handle_login', // missed this same as your action hook wp_ajax_{handle_login}
    'security': MyAjax.security // We can access it this way
}

$.post(MyAjax.ajax_url, data, function (callBack) {
      console.log(callBack); // Will return nonce
});

}

Hope this helps.

I have been having the same problems and I solved using another related ajax function: Just changing your

check_ajax_referer( 'login_nonce', $_POST['security'], false )

to 

wp_verify_nonce( $_POST['security'], 'login_nonce' )

seems to work and return true / false correctly. About if it's more secure one way or other I have found this info:

wp_verify_nonce vs check_admin_referer

In the method check_ajax_referer(), the second parameter is not the nonce value, is the key of the post request param.

check_ajax_referer( 'login_nonce', 'security', false );

本文标签: jqueryAJAX nonce with checkajaxreferer()

版权声明:本文标题:jquery - AJAX nonce with check_ajax_referer() 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742335422a2455527.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。