bb_verify_nonce

Verify that correct nonce was used with time limit.

Description

bb_verify_nonce( (string) $nonce, (int) $action = -1 ); 

The user is given an amount of time to use the token, so therefore, since the UID and $action remain the same, the independent variable is the time.

Parameters (2)

0. $nonce (string)
Nonce that was used in the form to verify
1. $action — Optional. (int) => -1
Should give context to what is taking place and be the same when nonce was created.

Usage

  1. if ( !function_exists( 'bb_verify_nonce' ) ) { 
  2. require_once ABSPATH . PLUGINDIR . 'buddypress/bp-forums/bbpress/bb-includes/functions.bb-pluggable.php'; 
  3.  
  4. // Nonce that was used in the form to verify 
  5. $nonce = ''; 
  6.  
  7. // Should give context to what is taking place and be the same when nonce was created. 
  8. $action = -1; 
  9.  
  10. // NOTICE! Understand what this does before running. 
  11. $result = bb_verify_nonce($nonce, $action); 
  12.  

Defined (1)

The function is defined in the following location(s).

/bp-forums/bbpress/bb-includes/functions.bb-pluggable.php  
  1. function bb_verify_nonce($nonce, $action = -1) { 
  2. $user = bb_get_current_user(); 
  3. $uid = (int) $user->ID; 
  4.  
  5. $i = bb_nonce_tick(); 
  6.  
  7. // Nonce generated 0-12 hours ago 
  8. if ( substr(bb_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce ) 
  9. return 1; 
  10. // Nonce generated 12-24 hours ago 
  11. if ( substr(bb_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) == $nonce ) 
  12. return 2; 
  13. // Invalid nonce 
  14. return false;