2

I am working on pages which are secured so no-one can link to that page using this:

Code below is called inside a loop.

$gentok = uniqid(); if(isset($_GET["action"]) && $_GET["action"] == "clean_$gentok") { // stuff }

Then, I have this to call the URL:

<a href="<?php echo admin_url("themes.php?page=cleaner&action=clean_$gentok"); ?>">Clean this and that</a>

But when clicking the link, the page refreshes and the uniqid() has already changed.

How can I make it so the uniqid() is still the same after the page refresh? I'm open for any changes or better ideas you may have.

Thank you!

Improve this question
8
  • Save unique ID in session along with a timestamp and then renew the ID after some time (and/or when the link has been clicked). Commented Aug 5, 2016 at 22:06
  • I'm curious; is this to be used for one-time only use? If so, there's a better way. Commented Aug 5, 2016 at 22:20
  • @Fred-ii- Yes one time only Commented Aug 5, 2016 at 22:21
  • I had a feeling about that. Why not use a nonce? Commented Aug 5, 2016 at 22:21
  • @Fred-ii- I thought uniqid would do the job, turns out to be a bummer... aaaand I'm not too sure how nonces work. Commented Aug 5, 2016 at 22:23

3 Answers 3

Reset to default
1

Posting this as a community wiki since I've nothing to gain from this.

My suggestion in comments about using a nonce brought the OP to use the WordPress version of a nonce as their solution.

Reference:

Sidenote: To be honest, I was not aware that WordPress had one and found that reference link on the Internet.

My original reference:

Additional reference:

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Use session for this. Put your unique ID in session array

session_start(); $_SESSION['gentok'] = uniqid(); if (isset($_GET["action"]) && $_GET["action"] == "clean_" . $_SESSION['gentok']) { // stuff }

In your display

session_start(); <a href="<?= admin_url('themes.php?page=cleaner&action=clean_' . $_SESSION['gentok']) ?>">Clean this and that</a>
Improve this answer

3 Comments

Okay, thank you for the answer. Will this also work in foreach?
Not too crazy, just foreach ($theme_names as $theme_name) { and inside that the code in the question
I have found that a nonce system is kind of better for this, I might have not explained it that well in my question. Thank you anyway for your help and effort. :)
0

When you creating a session set a value so every time that page loads it will check is your session for the value. Else you will redirect......you would put the code on top. If($_SESSION['sesname']!=$value]{header location}

You would pit this at the top of the page so it performs the check

OR If you want a unique name then just put something that people want easily guess and don't link it any where

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.