我正在使用register_new_user($user_login, $user_email)在我的wordpress网站上注册用户。但它给了我错误 喜欢
{"error":true,"message":{"errors":{"registerfail":["缺少安全性 来自提交的令牌。"]},"error_data":[]}}
我还在表单中使用了wp_nonce_field以确保安全性。有人可以帮助我修复此错误"提交中缺少安全令牌"吗?
这是我的HTML表单`
<form id="registration_form" action="<?php echo home_url( '/' ); ?>" method="POST">
<div class="form-field">
<span class="screen-reader-text"><?php _e('Username', 'wp-ajax-login'); ?></span>
<input class="form-control input-lg required" name="pt_user_login" type="text" placeholder="<?php _e('Username', 'wp-ajax-login'); ?>" />
</div>
<div class="form-field">
<span class="screen-reader-text"><?php _e('Email', 'wp-ajax-login'); ?></span>
<input class="form-control input-lg required" name="pt_user_email" id="pt_user_email" type="email" placeholder="<?php _e('Email', 'wp-ajax-login'); ?>" />
</div>
<div class="form-field">
<input type="hidden" name="action" value="pt_register_member"/>
<button class="btn btn-theme btn-lg" data-loading-text="<?php _e('Loading...', 'wp-ajax-login') ?>" type="submit"><?php _e('Sign up', 'wp-ajax-login'); ?></button>
</div>
<?php wp_nonce_field('ajax-register-nonce','user-register-security'); ?>
</form>
AJAX CODE:
//获取变量
$user_login = $_POST['pt_user_login'];
$user_email = $_POST['pt_user_email'];
// Check CSRF token
if( !check_ajax_referer( 'ajax-register-nonce', 'user-register-security', false) ){
echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('Session token has expired, please reload the page and try again', 'wp-ajax-login').'</div>'));
die();
}
// Check if input variables are empty
elseif( empty($user_login) || empty($user_email) ){
echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('Please fill all form fields', 'wp-ajax-login').'</div>'));
die();
}
$errors = register_new_user($user_login, $user_email);
if( is_wp_error($errors) ){
//Display errors
}
'
替换 ajax 代码中的以下行
if( !check_ajax_referer( 'ajax-register-nonce', 'user-register-security', false) )
跟
if( !check_ajax_referer( 'user-register-security', 'ajax-register-nonce', false) )
注意:操作的名称是第二个参数,而不是第一个参数
参考: wp_nonce_field
试试这个
$user_login = $_POST['pt_user_login'];
$user_email = $_POST['pt_user_email'];
// Check CSRF token
if( !check_ajax_referer( 'user-register-security', 'ajax-register-nonce', false) ){
echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('Session token has expired, please reload the page and try again', 'wp-ajax-login').'</div>'));
die();
}
// Check if input variables are empty
elseif( empty($user_login) || empty($user_email) ){
echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('Please fill all form fields', 'wp-ajax-login').'</div>'));
die();
}
$errors = register_new_user($user_login, $user_email);
if( is_wp_error($errors) ){
//Display errors
}
例https://codex.wordpress.org/Function_Reference/wp_nonce_field
<form method="post">
<!-- some inputs here ... -->
<?php wp_nonce_field( 'name_of_my_action', 'name_of_nonce_field' ); ?>
</form>
<?php
if (
! isset( $_POST['name_of_nonce_field'] )
|| ! wp_verify_nonce( $_POST['name_of_nonce_field'], 'name_of_my_action' )
) {
print 'Sorry, your nonce did not verify.';
exit;
} else {
// process form data
}
您也可以使用 wp_verify_nonce() 方法验证随机变量。
所以以下应该是你的 if 条件
if (wp_verify_nonce( $_POST['user-register-security'], 'ajax-register-nonce' ) ) {
// valid nonce.
// other code.
}
else{
// invalid nonce, do appropriate action.
}
如果您需要任何进一步的帮助,请告诉我们。
我找到了 register_new_user() 函数的替代品。以下是新用户注册的工作代码:
// Get variables
$user_login = $_POST['pt_user_login'];
$user_email = $_POST['pt_user_email'];
// Check CSRF token
if( !check_ajax_referer( 'ajax-register-nonce', 'user-register-security', false) ){
echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('Session token has expired, please reload the page and try again', 'wp-ajax-login').'</div>'));
die();
}
// Check if input variables are empty
elseif( empty($user_login) || empty($user_email) ){
echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('Please fill all form fields', 'wp-ajax-login').'</div>'));
die();
}
if( null == email_exists( $user_email ) ) {
// Generate the password and create the user
$password = wp_generate_password( 12, false );
$user_id = wp_create_user( $user_login, $password, $user_email );
// Set the nickname
wp_update_user(
array(
'ID' => $user_id,
'nickname' => $user_email
)
);
// Set the role
$user = new WP_User( $user_id );
$user->set_role( 'contributor' );
// Email the user
//wp_mail( $user_email 'Welcome!', 'Your Password: ' . $password );
echo json_encode(array('error' => false, 'message' => '<div class="alert alert-success">'.__( 'Registration complete. Please check your e-mail.', 'wp-ajax-login').'</p>'));
die();
} // end if
else
{
echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('This email already exists.Please use different email address.', 'wp-ajax-login').'</div>'));
die();
}
感谢所有回答我问题的人,我已经测试了您的代码,但wp_nonce或验证随机数值没有问题。我认为问题是由于某些插件使用registration_errors钩子在其中添加错误。