Wordpress注册新用户功能给出错误

时间:2017-11-09 06:14:31

标签: php wordpress

我正在使用register_new_user($user_login, $user_email)在我的wordpress网站上注册用户。但它给我的错误就像

  

{"错误":真,"消息" {"错误" {" registerfail":["缺少安全   来自提交的令牌。"]}," error_data":[]}}

我还在表单中使用了wp_nonce_field来保证安全性。 有人可以帮我修复此错误" 从提交中遗漏安全令牌。"

这是我的HTML表单 `

<form id="registration_form" action="<?php echo home_url( '/' ); ?>" method="POST">
<div class="form-field">
<span class="screen-reader-text"><?php _e('Username', 'wp-ajax-login'); ?></span>
<input class="form-control input-lg required" name="pt_user_login" type="text" placeholder="<?php _e('Username', 'wp-ajax-login'); ?>" />
</div>
<div class="form-field">
<span class="screen-reader-text"><?php _e('Email', 'wp-ajax-login'); ?></span>
<input class="form-control input-lg required" name="pt_user_email" id="pt_user_email" type="email" placeholder="<?php _e('Email', 'wp-ajax-login'); ?>" />
</div>

<div class="form-field">
<input type="hidden" name="action" value="pt_register_member"/>
<button class="btn btn-theme btn-lg" data-loading-text="<?php _e('Loading...', 'wp-ajax-login') ?>" type="submit"><?php _e('Sign up', 'wp-ajax-login'); ?></button>
</div>
<?php wp_nonce_field('ajax-register-nonce','user-register-security'); ?>
</form>

AJAX CODE: //获取变量

    $user_login = $_POST['pt_user_login'];  
    $user_email = $_POST['pt_user_email'];

    // Check CSRF token
    if( !check_ajax_referer( 'ajax-register-nonce', 'user-register-security', false) ){
        echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('Session token has expired, please reload the page and try again', 'wp-ajax-login').'</div>'));
        die();
    }

    // Check if input variables are empty
    elseif( empty($user_login) || empty($user_email) ){
        echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('Please fill all form fields', 'wp-ajax-login').'</div>'));
        die();
    }

    $errors = register_new_user($user_login, $user_email);  

    if( is_wp_error($errors) ){
      //Display errors
    }

`

4 个答案:

答案 0 :(得分:0)

替换ajax代码中的以下行

 if( !check_ajax_referer( 'ajax-register-nonce', 'user-register-security', false) )


if( !check_ajax_referer( 'user-register-security', 'ajax-register-nonce', false) )

注意:操作的名称是第二个参数,而不是第一个参数

参考:wp_nonce_field

答案 1 :(得分:0)

试试这个

$user_login = $_POST['pt_user_login'];  
$user_email = $_POST['pt_user_email'];

// Check CSRF token
if( !check_ajax_referer( 'user-register-security', 'ajax-register-nonce', false) ){
    echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('Session token has expired, please reload the page and try again', 'wp-ajax-login').'</div>'));
    die();
}

// Check if input variables are empty
elseif( empty($user_login) || empty($user_email) ){
    echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('Please fill all form fields', 'wp-ajax-login').'</div>'));
    die();
}

$errors = register_new_user($user_login, $user_email);  

if( is_wp_error($errors) ){
  //Display errors
}

示例 https://codex.wordpress.org/Function_Reference/wp_nonce_field 

<form method="post">
   <!-- some inputs here ... -->
   <?php wp_nonce_field( 'name_of_my_action', 'name_of_nonce_field' ); ?>
</form>


<?php

if ( 
    ! isset( $_POST['name_of_nonce_field'] ) 
    || ! wp_verify_nonce( $_POST['name_of_nonce_field'], 'name_of_my_action' ) 
) {

   print 'Sorry, your nonce did not verify.';
   exit;

} else {

   // process form data
}

答案 2 :(得分:0)

您也可以使用wp_verify_nonce()方法验证nonce变量。

以下应该是你的if条件

if (wp_verify_nonce( $_POST['user-register-security'], 'ajax-register-nonce' ) ) {
        // valid nonce. 
        // other code.
}
else{
     // invalid nonce, do appropriate action.
}

如果您需要任何进一步的帮助,请告知我们。

答案 3 :(得分:0)

我找到了register_new_user()函数的替代方法。以下是新用户注册的工作代码:

    // Get variables
    $user_login = $_POST['pt_user_login'];  
    $user_email = $_POST['pt_user_email'];

    // Check CSRF token
    if( !check_ajax_referer( 'ajax-register-nonce', 'user-register-security', false) ){
        echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('Session token has expired, please reload the page and try again', 'wp-ajax-login').'</div>'));
        die();
    }

    // Check if input variables are empty
    elseif( empty($user_login) || empty($user_email) ){
        echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('Please fill all form fields', 'wp-ajax-login').'</div>'));
        die();
    }


    if( null == email_exists( $user_email ) ) {
      // Generate the password and create the user
      $password = wp_generate_password( 12, false );
      $user_id = wp_create_user( $user_login, $password, $user_email );

      // Set the nickname
      wp_update_user(
        array(
          'ID'          =>    $user_id,
          'nickname'    =>    $user_email
        )
      );

      // Set the role
      $user = new WP_User( $user_id );
      $user->set_role( 'contributor' );

      // Email the user
      //wp_mail( $user_email 'Welcome!', 'Your Password: ' . $password );
        echo json_encode(array('error' => false, 'message' => '<div class="alert alert-success">'.__( 'Registration complete. Please check your e-mail.', 'wp-ajax-login').'</p>'));
            die();
    } // end if
    else
    {
        echo json_encode(array('error' => true, 'message'=> '<div class="alert alert-danger">'.__('This email already exists.Please use different email address.', 'wp-ajax-login').'</div>'));
        die();
    }

感谢所有回答我问题的人,我已经测试了您的代码,但wp_nonce没有问题或验证nonce值。我认为问题是由于某些插件使用registration_errors挂钩在其中添加错误。

相关问题
最新问题