Skip Navigation

[Resolved] How to add a nonce_field in CRED user form

The Toolset Community Forum is closed, for technical support questions, please head on to our Toolset Professional Support (for paid clients), with any pre-sale or admin question please contact us here.
This is the community support forum for Types plugin, which is part of Toolset. Toolset is a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients and people who registered for Types community support can post in it.

This topic contains 8 replies, has 2 voices.

Last updated by Beda 3 years, 10 months ago.

Assigned support staff: Beda.

Author
Posts
#585804

Hi.
I want to add a nonce_field in the user registration form.

How can I do it?

#585931

You would need to use Custom Code.
The WordPress API functions are:
https://codex.wordpress.org/Function_Reference/wp_nonce_field
https://codex.wordpress.org/Function_Reference/wp_create_nonce

It then depends what form this is. You need to create the nonce when you submit the form and compare it when you are on the landing target.

This requires Custom Code, and CRED already is safely coded.

Can I ask for what you need to implement this, so we can eventually find another solution?

#585948

My implementation is this:
When the user register, he is redirected to a page with a post cred form to add a cpt.
I want to have access to this page only after the user registration.

Actually , I manage to do it using one time nonce with custom code, but it would by useful if the User Cred form had itself a nonce field by default. Or do I missed it? Post cred forms has one.

#585951

Why don't you just control that Page or it's content with Access?

You can exactly tell what role should be able to see what. Even use what, in relation to CREDF Forms.

Since Roles are only existing if an user is registered and logged in, this should solve your issue?
https://toolset.com/documentation/user-guides/access-control-for-cred-forms/
https://toolset.com/documentation/user-guides/access-control-texts-inside-page-content/
https://toolset.com/documentation/user-guides/limiting-read-access-specific-content/

#586009

Well, I don't know.
How, will I create a role "Newly registered user, in pending status, right after registration"?

#586225

I am not sure why you need to set the user to a pending status, if your requirement is to let the user add posts only if registered?

The CRED Forms use wp_nonce_field(), and that should be added to User as well as Post Fields.

Do you need to set Users to a pending status before you somehow "allow/publish" them?

#586633

Hi.
Yes, I 'm setting the users to pending state.

I don't understand what you mean with:
"The CRED Forms user wp_nonce_field(), and that should be added to User as well as Post Fields."

#588015

We do not support this.

But I contacted the CRED developer in regard of the wp_nonce so to clarify how to retrieve that.

Please await my updates here.

#588533

On a cred user form to register new users we have no nonce.

You also cannot add one, unless you use an AJAX call that gets a new value at runtime.
Technically, see our code:

if ( is_user_logged_in() ) {
            $nonce_id = substr( $zebraForm->form_properties['name'], 0, strrpos( $zebraForm->form_properties['name'], '' ) );
            $nonceobj = $zebraForm->add2form_content( 'hidden', CRED_StaticClass::NONCE . "" . $nonce_id, wp_create_nonce( $nonce_id ), array( 'style' => 'display:none;' ) );
        }

The Nonce is only there if the user is logged in, which is probably not the case in your scenario.

You need to create a new hidden field, a wp_ajax_[nopriv] that calls a function to create a nonce, which you then insert in that field

On "save form" you then need to validate that field

But this is custom code that we cannot assist as such.

You might be interested in this Contractor platform:
https://toolset.com/contractors/

The forum ‘Types Community Support’ is closed to new topics and replies.