确认码页自动校验,无需输入
Confirmation code page is automatically verifying without input
我的自定义 Wordpress 插件允许用户从我网站上的表单提交 post 自定义 post 类型。他们输入信息,单击提交,然后他们将被带到验证页面。这会指示他们单击通过电子邮件发送给他们的 link 或输入代码,此时它会从 Draft 变为 Publish。
除了提交之后,这大部分都有效。当他们被带到 Verification 页面时,出于某种原因它会自动 approving/publishing post。我已经对代码进行了三重检查,它的意义绝对为零。
希望有人能指出错误,因为我不知所措...
提交页面功能
function slicer_profile_submit()
{
// if the submit button is clicked, submit
if (isset($_POST['slicer-profile-submitted']))
{
$xml = simplexml_load_file($_FILES['slicer-profile']['tmp_name']) or die("Error: Cannot upload file. Please contact the administrator.");
$contents = $xml->asXML();
//https://developer.wordpress.org/reference/functions/wp_insert_post/
// sanitize form values
$profile_author = sanitize_text_field( $_POST["slicer-profile-author"] );
$profile_email = sanitize_text_field( $_POST["slicer-profile-email"] );
$profile_name = sanitize_text_field( $_POST["slicer-profile-name"] );
$profile_description = sanitize_textarea_field( $_POST["slicer-profile-description"] );
$profile_model = intval($_POST["slicer-profile-model"]);
$profile_slicer = intval($_POST["slicer-profile-software"]);
// Create post object
$slicer_profile = array(
'post_title' => $profile_name,
'post_content' => $contents,
'post_type' => 'slicer_profiles',
'post_status' => 'draft',
'post_author' => 3,
'tax_input' => array(
'model' => array($profile_model),
'slicer' => array($profile_slicer)
),
'meta_input' => array(
'slicer_profile_author' => $profile_author,
'slicer_profile_description' => $profile_description
)
);
// Insert the post into the database
$post_id = wp_insert_post( $slicer_profile );
// Generate a hashed code for the confirmation URL
$hash = hash_hmac('sha256', $post_id, secret);
$confirm_url = site_url(). '/verification?id=' . $post_id . '&hash=' . $hash;
// Send a verification e-mail to the user to confirm publication
$subject = 'Please confirm your Slicer Profile submission';
$body = $confirm_url;
wp_mail( $profile_email, $subject, $body );
// Redirect the submitter to the post
wp_redirect( site_url(). "/verification" );
}
}
验证页功能
function slicer_profiles_verification_shortcode($atts = [], $content = null, $tag = '')
{
// Check that both parameters are set
if( isset($_GET['id']) && !empty($_GET['id']) && isset($_GET['hash']) && !empty($_GET['hash']) )
{
$post_id = $_GET['id'];
$hash = $_GET['hash'];
$target_hash = hash_hmac('sha256', $post_id, secret);
// Check if the hash code matches the provided Post ID
if ($hash != $target_hash)
{
echo 'The code provided is incorrect or has been mistyped.';
return;
}
// Get the Post data based on ID
$post_data = get_post( $post_id );
$post_type = $post_data->post_type;
$post_status = $post_data->post_status;
// Check to confirm this is a Slicer Profile post type
if ($post_type == 'slicer_profiles')
{
// If the post has already been published
if ($post_status == 'draft')
{
// Publish the Post by ID
wp_publish_post($post_id);
echo 'Thank you, the profile submission has been confirmed.';
}
else
{
echo 'The code provide has already been used.';
}
}
else
{
echo 'The code provide is not a valid submission. Please contact the Administrator.';
}
}
else
{
?>
<div style="align:center;text-align: center;">
<p>A confirmation e-mail has been sent to the address provided, containing the verification code to approve your submission. Please use the included link to approve and publish your slicer profile, or the form below the submit your code.</p>
<form name="confirmSub" method="GET" action="">
<input type="text" name="id" size="4" /> - <input type="text" name="hash" size="24" /></br></br>
<input type="submit" value="Confirm" />
</form>
<?php
echo '</div>';
}
}
add_shortcode('slicer_profile_verification', 'slicer_profiles_verification_shortcode');
这样试试。您拥有的代码没有通过所有条件或 else 语句。
function example() {
if(you have a post){
//analyse post value this way
if(){
}
elseif(){
}
elseif(){
}
else{
}
}
else{ // you dont have a post
}
}
我的自定义 Wordpress 插件允许用户从我网站上的表单提交 post 自定义 post 类型。他们输入信息,单击提交,然后他们将被带到验证页面。这会指示他们单击通过电子邮件发送给他们的 link 或输入代码,此时它会从 Draft 变为 Publish。
除了提交之后,这大部分都有效。当他们被带到 Verification 页面时,出于某种原因它会自动 approving/publishing post。我已经对代码进行了三重检查,它的意义绝对为零。
希望有人能指出错误,因为我不知所措...
提交页面功能
function slicer_profile_submit()
{
// if the submit button is clicked, submit
if (isset($_POST['slicer-profile-submitted']))
{
$xml = simplexml_load_file($_FILES['slicer-profile']['tmp_name']) or die("Error: Cannot upload file. Please contact the administrator.");
$contents = $xml->asXML();
//https://developer.wordpress.org/reference/functions/wp_insert_post/
// sanitize form values
$profile_author = sanitize_text_field( $_POST["slicer-profile-author"] );
$profile_email = sanitize_text_field( $_POST["slicer-profile-email"] );
$profile_name = sanitize_text_field( $_POST["slicer-profile-name"] );
$profile_description = sanitize_textarea_field( $_POST["slicer-profile-description"] );
$profile_model = intval($_POST["slicer-profile-model"]);
$profile_slicer = intval($_POST["slicer-profile-software"]);
// Create post object
$slicer_profile = array(
'post_title' => $profile_name,
'post_content' => $contents,
'post_type' => 'slicer_profiles',
'post_status' => 'draft',
'post_author' => 3,
'tax_input' => array(
'model' => array($profile_model),
'slicer' => array($profile_slicer)
),
'meta_input' => array(
'slicer_profile_author' => $profile_author,
'slicer_profile_description' => $profile_description
)
);
// Insert the post into the database
$post_id = wp_insert_post( $slicer_profile );
// Generate a hashed code for the confirmation URL
$hash = hash_hmac('sha256', $post_id, secret);
$confirm_url = site_url(). '/verification?id=' . $post_id . '&hash=' . $hash;
// Send a verification e-mail to the user to confirm publication
$subject = 'Please confirm your Slicer Profile submission';
$body = $confirm_url;
wp_mail( $profile_email, $subject, $body );
// Redirect the submitter to the post
wp_redirect( site_url(). "/verification" );
}
}
验证页功能
function slicer_profiles_verification_shortcode($atts = [], $content = null, $tag = '')
{
// Check that both parameters are set
if( isset($_GET['id']) && !empty($_GET['id']) && isset($_GET['hash']) && !empty($_GET['hash']) )
{
$post_id = $_GET['id'];
$hash = $_GET['hash'];
$target_hash = hash_hmac('sha256', $post_id, secret);
// Check if the hash code matches the provided Post ID
if ($hash != $target_hash)
{
echo 'The code provided is incorrect or has been mistyped.';
return;
}
// Get the Post data based on ID
$post_data = get_post( $post_id );
$post_type = $post_data->post_type;
$post_status = $post_data->post_status;
// Check to confirm this is a Slicer Profile post type
if ($post_type == 'slicer_profiles')
{
// If the post has already been published
if ($post_status == 'draft')
{
// Publish the Post by ID
wp_publish_post($post_id);
echo 'Thank you, the profile submission has been confirmed.';
}
else
{
echo 'The code provide has already been used.';
}
}
else
{
echo 'The code provide is not a valid submission. Please contact the Administrator.';
}
}
else
{
?>
<div style="align:center;text-align: center;">
<p>A confirmation e-mail has been sent to the address provided, containing the verification code to approve your submission. Please use the included link to approve and publish your slicer profile, or the form below the submit your code.</p>
<form name="confirmSub" method="GET" action="">
<input type="text" name="id" size="4" /> - <input type="text" name="hash" size="24" /></br></br>
<input type="submit" value="Confirm" />
</form>
<?php
echo '</div>';
}
}
add_shortcode('slicer_profile_verification', 'slicer_profiles_verification_shortcode');
这样试试。您拥有的代码没有通过所有条件或 else 语句。
function example() {
if(you have a post){
//analyse post value this way
if(){
}
elseif(){
}
elseif(){
}
else{
}
}
else{ // you dont have a post
}
}