wp_verify_nonce( string $nonce, string|int $action = -1 )
Verify that correct nonce was used with time limit.
Description Description
The user is given an amount of time to use the token, so therefore, since the UID and $action remain the same, the independent variable is the time.
Parameters Parameters
- $nonce
-
(string) (Required) Nonce that was used in the form to verify
- $action
-
(string|int) (Optional) Should give context to what is taking place and be the same when nonce was created.
Default value: -1
Return Return
(false|int) False if the nonce is invalid, 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
Source Source
File: wp-includes/pluggable.php
function wp_verify_nonce( $nonce, $action = -1 ) { $nonce = (string) $nonce; $user = wp_get_current_user(); $uid = (int) $user->ID; if ( ! $uid ) { /** * Filters whether the user who generated the nonce is logged out. * * @since 3.5.0 * * @param int $uid ID of the nonce-owning user. * @param string $action The nonce action. */ $uid = apply_filters( 'nonce_user_logged_out', $uid, $action ); } if ( empty( $nonce ) ) { return false; } $token = wp_get_session_token(); $i = wp_nonce_tick(); // Nonce generated 0-12 hours ago $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); if ( hash_equals( $expected, $nonce ) ) { return 1; } // Nonce generated 12-24 hours ago $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); if ( hash_equals( $expected, $nonce ) ) { return 2; } /** * Fires when nonce verification fails. * * @since 4.4.0 * * @param string $nonce The invalid nonce. * @param string|int $action The nonce action. * @param WP_User $user The current user object. * @param string $token The user's session token. */ do_action( 'wp_verify_nonce_failed', $nonce, $action, $user, $token ); // Invalid nonce return false; }
Expand full source code Collapse full source code View on Trac
Changelog Changelog
Version | Description |
---|---|
2.0.3 | Introduced. |
User Contributed Notes User Contributed Notes
You must log in before being able to contribute a note or feedback.
Example
Verify an nonce created with
wp_create_nonce()
:You may also decide to take different actions based on the age of the nonce: