Plugin Dev – Group Admin Add subnav form nonce fails
-
Greetings,
Im wrapping up a plugin development which is tied into a second database and manipulates that through a post. On the development site the program seems to be working fine, though it was using the last version of buddypress. Now I’m using it on the latest version of buddypress and wordpress and its throwing a nonce error whenever I try to post the form; Im using a form setup like the following: ‘<form action=”” method=”post”>’; I’ve also added to the forms the following to try to get the nonce failure past:wp_nonce_field( ‘closedpostboxes’, ‘closedpostboxesnonce’, false );
wp_nonce_field( ‘meta-box-order’, ‘meta-box-order-nonce’, false );
wp_nonce_field( ‘edit-group_’ . $group->id );
wp_nonce_field( ‘groups_edit_group_settings’ );
wp_nonce_field( );
echo ‘<input type=”hidden” name=”group-id” id=”group-id” value=”‘. bp_group_id() .'” />’;Is there a way to figure out what group nonce if failing from a post error? or is there an alternative method of posting which would be preferred?
Thanks
-
A form only needs one nonce, are you trying to add all these to one form?
I intentionally had no nonces for development purposes and then added one, though my code bit in particular dosn’t have any nonce checks.
Could I somehow be triggering a buddypress nonce check failure (why I tried adding the additional nonces)
all a nonce does is send a parameter in the POST and then on the back end it verifies the value. There isn’t much that would cause an error. Where and what is the error?
When I post my custom form on a custom tab, I get a wordpress “Are you sure?” page (i.e. a wp_nonce_ays). Not so much an error as a failure (i.e. I’d expect nonce to be causing what its causing, but have no idea what field is doing so).
Here’s the code I’m using for one of the two form tabs:
add_action('bp_init', 'bpcivi_addgroupeditnav1'); function bpcivi_addgroupeditnav1() { if ( class_exists( 'BP_Group_Extension' ) ) { // Recommended, to prevent problems during upgrade or when Groups are disabled //Run to find out if a chapter global $wpdb; global $bp; $bpcivi_ck_currgroup = $bp->groups->current_group->id; if(is_numeric($bpcivi_ck_currgroup)) { //Check if the group is set $bpcivi_ck_querytext = 'SELECT * FROM <code>wp_bpcivi_groupsync</code> WHERE <code>buddypress_group</code> =' . $bpcivi_ck_currgroup; $bpcivi_ck_settinggroups = $wpdb->get_results($bpcivi_ck_querytext); } class BPCivigroupedit extends BP_Group_Extension { function __construct() { $this->name = 'Edit Chapter Info'; $this->slug = 'bpcivi-groupedit'; $this->nav_item_position = 2; $this->visibility = 'private'; $this->enable_nav_item = false; $this->enable_create_step = false; } /** * The content of the My Group Extension tab of the group admin */ function edit_screen() { if ( !bp_is_group_admin_screen( $this->slug ) ) return false; //Include Files include_once(ABSPATH . '/wp-blog-header.php'); include_once(ABSPATH . 'wp-content/plugins/civicrm/civicrm.settings.php'); include_once(ABSPATH . 'wp-content/plugins/civicrm/civicrm/CRM/Core/Config.php'); include_once(ABSPATH . 'wp-content/plugins/civicrm/civicrm/civicrm.config.php'); $config = CRM_Core_Config::singleton(); global $wpdb; global $bp; //Current Buddypress Group $bpcivi_currgroup = $bp->groups->current_group->id; //Run Query on DB $bpvivi_querytext = 'SELECT * FROM <code>wp_bpcivi_groupsync</code> WHERE <code>buddypress_group</code> =' . $bpcivi_currgroup; $bpcivisync_settinggroups = $wpdb->get_results($bpvivi_querytext); //Assign to array from first membership found - oldest set effectively $bpcivi_groupsettings = get_object_vars($bpcivisync_settinggroups[0]); //Form Reaction TODO if (isset($_POST['groupeditsubmit'])) { //Contact Update $bpcivi_groupupdateparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','sequential' => 1, 'id' => $bpcivi_groupsettings['orgid'], 'organization_name' => $_POST['orgname'], 'legal_name' => $_POST['legalname'], 'nick_name' =>$_POST['nickname'], ); $bpcivi_groupeditpostresult = civicrm_api('Contact', 'create', $bpcivi_groupupdateparams); //Address Update $bpcivi_groupaddressupdateparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','sequential' => 1, 'id' => $_POST['addressid'], 'street_address' => $_POST['street1'], 'supplemental_address_1' => $_POST['street2'], 'supplemental_address_2' => $_POST['street3'], 'city' => $_POST['city1'], 'geo_code_1' => $_POST['latitude'], 'geo_code_2' => $_POST['longitude'], 'state_province_id' => $_POST['state'], ); $bpcivi_groupaddresseditpostresult = civicrm_api('Address', 'create', $bpcivi_groupaddressupdateparams); //Website Update $bpcivi_groupwebupdateparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','sequential' => 1, 'id' => $_POST['webid'], 'url' => $_POST['website1'], ); $bpcivi_groupwebupdateresult = civicrm_api('Website', 'create', $bpcivi_groupwebupdateparams); /*//Diagnostics echo "Being Sent to API - Address: <pre>"; print_r($bpcivi_groupwebupdateresult); echo "<pre>";*/ } //Run Query API Against Group $bpcivi_groupeditparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','sequential' => 1, 'contact_id' => $bpcivi_groupsettings['orgid'],); $bpcivi_groupeditresult = civicrm_api('Contact', 'get', $bpcivi_groupeditparams); //Array of assignments $bpcivi_groupedit_orgname = $bpcivi_groupeditresult['values'][0]['organization_name']; $bpcivi_groupedit_legalname = $bpcivi_groupeditresult['values'][0]['legal_name']; $bpcivi_groupedit_nickname = $bpcivi_groupeditresult['values'][0]['nick_name']; $bpcivi_groupedit_streetaddress = $bpcivi_groupeditresult['values'][0]['street_address']; $bpcivi_groupedit_supplemental_address_1 = $bpcivi_groupeditresult['values'][0]['supplemental_address_1']; $bpcivi_groupedit_supplemental_address_2 = $bpcivi_groupeditresult['values'][0]['supplemental_address_2']; $bpcivi_groupedit_city = $bpcivi_groupeditresult['values'][0]['city']; $bpcivi_groupedit_geo_code_1 = $bpcivi_groupeditresult['values'][0]['geo_code_1']; $bpcivi_groupedit_geo_code_2 = $bpcivi_groupeditresult['values'][0]['geo_code_2']; $bpcivi_groupedit_state_province_id = $bpcivi_groupeditresult['values'][0]['state_province_id']; $bpcivi_groupedit_country_id = $bpcivi_groupeditresult['values'][0]['country_id']; //Organization Website Query $bpcivi_groupeditwebsiteparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','sequential' => 1, 'contact_id' => $bpcivi_groupsettings['orgid'],); $bpcivi_groupeditwebsiteresult = civicrm_api('Website', 'get', $bpcivi_groupeditwebsiteparams); $bpcivi_groupedit_website1 = $bpcivi_groupeditwebsiteresult['values'][0]['url']; //Get the states list $bpcivi_statesparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','name' => 'stateProvince',); $bpcivi_statesresult = civicrm_api('Constant', 'get', $bpcivi_statesparams); $bpcivi_statesresultarr = $bpcivi_statesresult['values']; $bpcivi_statesresultarrkeyd = array_values($bpcivi_statesresultarr); $bpcivi_statesresultarrkeys = array_keys($bpcivi_statesresultarr); //Get the Countries list $bpcivi_countriesparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','name' => 'country',); $bpcivi_countriesresult = civicrm_api('Constant', 'get', $bpcivi_countriesparams); $bpcivi_countriesresultarr = $bpcivi_countriesresult['values']; $bpcivi_countriesresultarrkeyd = array_values($bpcivi_countriesresultarr); $bpcivi_countriesresultarrkeys = array_keys($bpcivi_countriesresultarr); //Display Form echo '<div id="bpcivigroupeditform">'; echo '<form action="" method="post">'; echo '<input type="hidden" name="addressid" value="' . $bpcivi_groupeditresult['values'][0]['address_id'] . '">'; echo '<input type="hidden" name="webid" value="' . $bpcivi_groupeditwebsiteresult['values'][0]['id'] . '">'; echo '<table border=1>'; echo "<tr><td>" . "Organization Name" . "</td><td>" . '<input type="text" name="orgname" value="' .$bpcivi_groupedit_orgname . '"></td><tr>'; echo "<tr><td>" . "Legal Name" . "</td><td>" . '<input type="text" name="legalname" value="' .$bpcivi_groupedit_legalname . '"></td><tr>'; echo "<tr><td>" . "Nickname" . "</td><td>" . '<input type="text" name="nickname" value="' .$bpcivi_groupedit_nickname . '"></td><tr>'; echo "<tr><td>" . "Website" . "</td><td>" . '<input type="url" name="website1" value="' .$bpcivi_groupedit_website1 . '"></td><tr>'; echo "<tr><td>" . "Street Address" . "</td><td>" . '<input type="text" name="street1" value="' .$bpcivi_groupedit_streetaddress . '"></td><tr>'; echo "<tr><td>" . "Street Address 2" . "</td><td>" . '<input type="text" name="street2" value="' .$bpcivi_groupedit_supplemental_address_1 . '"></td><tr>'; echo "<tr><td>" . "Street Address 3" . "</td><td>" . '<input type="text" name="street3" value="' .$bpcivi_groupedit_supplemental_address_2 . '"></td><tr>'; echo "<tr><td>" . "City" . "</td><td>" . '<input type="text" name="city1" value="' .$bpcivi_groupedit_city . '"></td><tr>'; echo "<tr><td>" . "Latitude" . "</td><td>" . '<input type="text" name="latitude" value="' .$bpcivi_groupedit_geo_code_1 . '"></td><tr>'; echo "<tr><td>" . "Longitude" . "</td><td>" . '<input type="text" name="longitude" value="' .$bpcivi_groupedit_geo_code_2 . '"></td><tr>'; echo "<tr><td>" . "State" . "</td><td>" . '<select name="state">'; for ($i=0;$i<count($bpcivi_statesresultarr);$i++) { if ($bpcivi_statesresultarrkeys[$i] == $bpcivi_groupedit_state_province_id) { echo '<option value="' . $bpcivi_statesresultarrkeys[$i] . '" selected>' . $bpcivi_statesresultarrkeyd[$i] . '</option>'; } else { echo '<option value="' . $bpcivi_statesresultarrkeys[$i] . '">' . $bpcivi_statesresultarrkeyd[$i] . '</option>'; } } echo '</select></td><tr>'; //value="' .$bpcivi_groupedit_state_province_id . '" echo "<tr><td>" . "Country" . "</td><td>" . '<input type="text" name="orgname" disabled value="' .$bpcivi_countriesresultarr[$bpcivi_groupedit_country_id] . '"></td><tr>'; echo '<tr><td colspan="2">' . '<input id="bpedit_submit" type="submit" name="groupeditsubmit" value="Submit">' . '</td></tr>'; echo "</table></form>"; echo "</div>"; //Diagnostics /* echo "<br>Post: <pre>"; print_r($_POST); echo "</pre>"; echo "<br>API Call: <pre>"; print_r($bpcivi_groupeditwebsiteresult); echo "</pre>"; */ } } if(count($bpcivi_ck_settinggroups) > 0) { //Make it so that the group exension is only used for chapter bp_register_group_extension( 'BPCivigroupedit' ); } } }This code is the initial code before I started adding the nonces to see if the problem could be resolved.
I added a printout to see what nonce was failing in the wp_nonce_ays function to display what action was giving me the error; it was failing on checking “bp_group_extension_bpcivi-groupedit_edit”; it looks like its some sort of combination nonce from the extension and function. At any rate, I added the the following to the form and it is still failing; could the nonce be being deleted by buddypress before being read?
- The topic ‘Plugin Dev – Group Admin Add subnav form nonce fails’ is closed to new replies.
