PHP WordPress - Create Lifetime Nonce

<?php function wp_create_lifetime_nonce($action = - 1) { $user = wp_get_current_user(); $uid = (int) $user->ID; if( ! $uid) { $uid = apply_filters('lifetime_nonce_user_logged_out', $uid, $action); } $token = wp_get_session_token(); $i = 0;//wp_nonce_tick(); -- time is not a factor anymore return substr(wp_hash($i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), - 12, 10); } function wp_verify_lifetime_nonce($nonce, $action = - 1) { $nonce = (string) $nonce; $user = wp_get_current_user(); $uid = (int) $user->ID; if( ! $uid) { $uid = apply_filters('lifetime_nonce_user_logged_out', $uid, $action); } if(empty($nonce)) { return false; } $token = wp_get_session_token(); $i = 0; //wp_nonce_tick(); -- time is not a factor anymore // Nonce generated anytime ago $expected = substr(wp_hash($i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), - 12, 10); if(hash_equals($expected, $nonce)) { return 1; } do_action('wp_verify_lifetime_nonce_failed', $nonce, $action, $user, $token); // Invalid nonce return false; } // --------------- USAGE $code = 'OI812'; $lifetime_nonce = wp_create_lifetime_nonce($code); $nonce = wp_create_nonce($code); echo "<pre>"; print_r( array( $code, $lifetime_nonce, $nonce, ! wp_verify_nonce($nonce, $code) ? 'FAILED' : 'WORKED', ! wp_verify_lifetime_nonce($lifetime_nonce, $code) ? 'FAILED' : 'WORKED', )); echo "</pre>";
Creates a nonce without a time limit for validation but is still tied to wp_get_session_token() and user->ID.

Be the first to comment

You can use [html][/html], [css][/css], [php][/php] and more to embed the code. Urls are automatically hyperlinked. Line breaks and paragraphs are automatically generated.