Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
<?php
function create_onetime_nonce( $action = -1 ) {
$time = time();
$nonce = wp_create_nonce( $time . $action );
set_transient( '_nonce_' . $time, 1, 60*60 ); // adjust the lifetime of the transient
return $nonce . '-' . $time;
}
function verify_onetime_nonce( $_nonce, $action = -1 ) {
@list( $nonce, $time ) = explode( '-', $_nonce );
// bad formatted onetime-nonce
if ( empty( $nonce ) || empty( $time ) )
return false;
$nonce_transient = get_transient( '_nonce_' . $time );
// nonce cannot be validated or has expired or was already used
if (
! wp_verify_nonce( $nonce, $time . $action ) ||
false === $nonce_transient ||
'used' === $nonce_transient
)
return false;
// mark this nonce as used
set_transient( '_nonce_' . $time, 'used', 60*60 );
// return true to mark this nonce as valid
return true;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.