README

WP Easynonces is a PHP library in which all WordPress nonces are collected to be used in an object oriented fashion. Nonces protect WordPress sites against malicious exploits that are based primarily on Cross Site Request Forgery (CSRF). This technique of hacking involves transmitting unauthorized commands from a user that the website trusts. WordPress itself defines nonces as “a ‘number used once’ to help protect URLs and forms from certain types of misuse, malicious or otherwise"

Translation of Wp Nonces Function as provided by WordPress

• $this->en_create() is a conversion of wp_create_nonce
• $this->en_create_url() is a conversion of wp_nonce_url
• $this->en_create_field() is a conversion of wp_nonce_field
• $this->en_verify() is a conversion of wp_verify_nonce
• $this->en_admin_check() is a conversion of check_admin_referer
• $this->en_ajax_check() is a conversion of check_ajax_referer

Folder Structure

Add the package to your desrired folder you will get the following folder structure:

• Vendor (folder having composer library)
• src (folder) -- easyNonces (folder) --- easyNonces.php (file)
• composer.json (file)
• composer.lock (file)

How to Use

The include the autoload file in your required location by the below command:

<?php require_once 'vendor/autoload.php'; ?>

after including the autoload file you can use the nonces library as follows:

<?php 
use easyNonces\easyNonces;
echo easyNonces::check();
?>

The above function is to check the proper inclusion of package, if everything is properly included the above command will provide an output as:

easyNonces are active now !!!

Now, you can use other functions from the below list:

1. For wp_create_nonce

Generates and returns a nonce. The nonce is generated based on the current time, the $action argument, and the current user ID.

<?php 
use easyNonces\easyNonces;
echo easyNonces::en_create();
?>

Example:

<?php 
// create nonce
$nonce = easyNonces::en_create( 'my-nonce' );
// verify
$nonce = $_REQUEST['_wpnonce'];
if ( ! easyNonces::en_verify( $nonce, 'my-nonce' ) ) {
?>

2. For wp_nonce_url

Retrieve URL with nonce added to URL query.

<?php 
use easyNonces\easyNonces;
echo easyNonces::en_create_url();
?>

Example

<a href="<?php print easyNonces::en_create_url(admin_url('options.php?page=my_plugin_settings'), 'doing_something', 'my_nonce');?>"

3. For wp_nonce_field

Retrieves or displays the nonce hidden form field.

<?php 
use easyNonces\easyNonces;
echo easyNonces::en_create_field();
?>

Example

<form method="post">
   <!-- some inputs here ... -->
   <?php easyNonces::en_create_field( 'name_of_my_action', 'name_of_nonce_field' ); ?>
</form>

4. For wp_verify_nonce

Verify that a nonce is correct and unexpired with the respect to a specified action.

<?php 
use easyNonces\easyNonces;
echo easyNonces::en_verify();
?>

Example

<?php
$nonce = $_REQUEST['_wpnonce'];
if ( ! easyNonces::en_verify( $nonce, 'my-nonce' ) ) {
     die( 'Security check' ); 
} else {
     // Do stuff here.
}
?>

5. For check_admin_referer

Tests either if the current request carries a valid nonce, or if the current request was referred from an administration screen;

<?php 
use easyNonces\easyNonces;
echo easyNonces::en_admin_check();
?>

Exapmple

<?php 
easyNonces::en_admin_check( 'name_of_my_action', 'name_of_nonce_field' );
// process form data, e.g. update fields
// you can use it in a IF statement if you want, not mandatory because there is not "false" return, only true or die().

// Display the form
?>

6. For check_ajax_referer

<?php 
use easyNonces\easyNonces;
echo easyNonces::en_ajax_check();
?>

Example

<?php
add_action( 'wp_ajax_my_action', 'my_action_function' );
function my_action_function() {
    easyNonces::en_ajax_check( 'my-special-string', 'security' );
    echo sanitize_text_field( $_POST['my_string'] );
    wp_die();
}
?>

License

MIT

Free Software, Hell Yeah!