admin管理员组文章数量:1415139
This question comes from an absolute non-coder - and has been asked in various forms several times befor (e.g. here).
To logout properly the URL that triggers it needs a nonce as e.g.:
http://xyz/wp-login.php?action=logout&redirect_to=http%3A%2F%2Fwww.spiegel.de&_wpnonce=d9d1a28ef2
We can get the nonce as described in the codex. BUT: what if I have to trigger a logout is by using a URL. More precisely: my CiviCRM plugin has forms that people can fill out and once completed let the user redirect somewhere else -> e.g. log out and go to another page. I can copy/paste the redirct URL in a form such as
http://xyz/wp-login.php?action=logout&redirect_to=http%3A%2F%2Fwww.spiegel.de
-> how do I get the nonce where it is supposed to go - or are there alternatives???
Cheers!
This question comes from an absolute non-coder - and has been asked in various forms several times befor (e.g. here).
To logout properly the URL that triggers it needs a nonce as e.g.:
http://xyz/wp-login.php?action=logout&redirect_to=http%3A%2F%2Fwww.spiegel.de&_wpnonce=d9d1a28ef2
We can get the nonce as described in the codex. BUT: what if I have to trigger a logout is by using a URL. More precisely: my CiviCRM plugin has forms that people can fill out and once completed let the user redirect somewhere else -> e.g. log out and go to another page. I can copy/paste the redirct URL in a form such as
http://xyz/wp-login.php?action=logout&redirect_to=http%3A%2F%2Fwww.spiegel.de
-> how do I get the nonce where it is supposed to go - or are there alternatives???
Cheers!
Share Improve this question edited Apr 13, 2017 at 12:37 CommunityBot 1 asked Oct 26, 2016 at 13:20 Abteilung GerontopsychiatrieAbteilung Gerontopsychiatrie 111 silver badge2 bronze badges 3- Nonces are time-based per-user - the only way to get them is through WordPress. You'd either have to "hook" into the CiviCRM and work out how you can dynamically pass it the redirect URL (as opposed to copy/pasting it in a setting), or remove nonce checking from the logout process (not recommended) – TheDeadMedic Commented Oct 26, 2016 at 14:08
- Thought so - thanks (will close the question then). Just out of interest - even though it's not recommended - how would I go about removing nonce-checking? Cheers! – Abteilung Gerontopsychiatrie Commented Oct 26, 2016 at 15:21
- I'll post an answer. – TheDeadMedic Commented Oct 26, 2016 at 15:30
1 Answer
Reset to default 2This will disable nonce checking for logging out - on your head be it:
add_action( 'login_form_logout', function () {
$user = wp_get_current_user();
wp_logout();
if ( ! empty( $_REQUEST['redirect_to'] ) ) {
$redirect_to = $requested_redirect_to = $_REQUEST['redirect_to'];
} else {
$redirect_to = 'wp-login.php?loggedout=true';
$requested_redirect_to = '';
}
/**
* Filters the log out redirect URL.
*
* @since 4.2.0
*
* @param string $redirect_to The redirect destination URL.
* @param string $requested_redirect_to The requested redirect destination URL passed as a parameter.
* @param WP_User $user The WP_User object for the user that's logging out.
*/
$redirect_to = apply_filters( 'logout_redirect', $redirect_to, $requested_redirect_to, $user );
wp_safe_redirect( $redirect_to );
exit;
});
本文标签: Logout using link (without nonce)
版权声明:本文标题:Logout using link (without nonce) 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745228539a2648719.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论