Hi.
I want to add a nonce_field in the user registration form.
How can I do it?
You would need to use Custom Code.
The WordPress API functions are:
https://codex.wordpress.org/Function_Reference/wp_nonce_field
https://codex.wordpress.org/Function_Reference/wp_create_nonce
It then depends what form this is. You need to create the nonce when you submit the form and compare it when you are on the landing target.
This requires Custom Code, and CRED already is safely coded.
Can I ask for what you need to implement this, so we can eventually find another solution?
My implementation is this:
When the user register, he is redirected to a page with a post cred form to add a cpt.
I want to have access to this page only after the user registration.
Actually , I manage to do it using one time nonce with custom code, but it would by useful if the User Cred form had itself a nonce field by default. Or do I missed it? Post cred forms has one.
Why don't you just control that Page or it's content with Access?
You can exactly tell what role should be able to see what. Even use what, in relation to CREDF Forms.
Since Roles are only existing if an user is registered and logged in, this should solve your issue?
https://toolset.com/documentation/user-guides/access-control-for-cred-forms/
https://toolset.com/documentation/user-guides/access-control-texts-inside-page-content/
https://toolset.com/documentation/user-guides/limiting-read-access-specific-content/
Well, I don't know.
How, will I create a role "Newly registered user, in pending status, right after registration"?
I am not sure why you need to set the user to a pending status, if your requirement is to let the user add posts only if registered?
The CRED Forms use wp_nonce_field(), and that should be added to User as well as Post Fields.
Do you need to set Users to a pending status before you somehow "allow/publish" them?
Hi.
Yes, I 'm setting the users to pending state.
I don't understand what you mean with:
"The CRED Forms user wp_nonce_field(), and that should be added to User as well as Post Fields."
We do not support this.
But I contacted the CRED developer in regard of the wp_nonce so to clarify how to retrieve that.
Please await my updates here.
On a cred user form to register new users we have no nonce.
You also cannot add one, unless you use an AJAX call that gets a new value at runtime.
Technically, see our code:
if ( is_user_logged_in() ) {
$nonce_id = substr( $zebraForm->form_properties['name'], 0, strrpos( $zebraForm->form_properties['name'], '' ) );
$nonceobj = $zebraForm->add2form_content( 'hidden', CRED_StaticClass::NONCE . "" . $nonce_id, wp_create_nonce( $nonce_id ), array( 'style' => 'display:none;' ) );
}
The Nonce is only there if the user is logged in, which is probably not the case in your scenario.
You need to create a new hidden field, a wp_ajax_[nopriv] that calls a function to create a nonce, which you then insert in that field
On "save form" you then need to validate that field
But this is custom code that we cannot assist as such.
You might be interested in this Contractor platform:
https://toolset.com/contractors/