Wordpress plugin: session based form processed after shortcode generation -


Enabled to use a shortcode code within a post / page inside a form in which I wrote a Wordpress plugin it was done.

I use PHP sessions for this form.

One of the uses is to store tokens, the form is displayed when the display is displayed, and then the form is also displayed in comparison to the hidden area of ​​the form, the form is displayed.

In this way, if the hidden value of the hidden field is similar to the stored value of the token in the session, then I know that it is a form that was generated by my plugin and further verification occurs.

A token is generated when I create a form, when the function is called by 'add_shortcode'. At this time its price is stored in both session array and as the value of the hidden area of ​​the form.

The problem is that it appears that the token stored in the session is overwritten, because it overwrites the hidden field value, in other words it appears that the generation of form (and token) Form arguments before (included in 'init').

Here are the relevant parts of my code:

Main plugin- file.php:

  // session function init_sessions () {if (! Session_id ()) {session_start (); }} Add_action ('init', 'init_sessions'); // Pharmacological Ad_Action ('init', 'include_formlogic'); Include functions_formogic () {include_once 'formlogic.php'; // $ _SESSION ['token'] and $ _POST ['token']} // shortcode add_shortcode (compare 'display_form', 'display_form'); Function display_form () {getForm (); }  

formlogic.php:

  // generate unique token function generates token () {$ token = uniqid (rand (), is true ); $ _SESSION ['token'] = $ token; Return token; } // Generated form function getForm () {$ token = generateToken ()); // is to check the form if (checkForm ()) {// variables get to be received in the form pages (); // Start with output buffering; ob_start (); Include 'form-template.php'; $ Output = ob_get_clean (); } Else {// In case of error optional HTML = output = 'error'; } Return $ Output; } // Compare $ _SESSION ['token'] and $ _POST ['token'] See if we go ahead: if ($ _SESSION ['DRAFS_token'] === $ _POST ['token']) { // validate form and process it} and {// display the form with errors}  


Comments