Skip to:
Content
Pages
Categories
Search
Top
Bottom

Plugin Dev – Group Admin Add subnav form nonce fails

  • Avatar of dmpastuf
    dmpastuf
    Participant

    @dmpastuf

    Greetings,
    Im wrapping up a plugin development which is tied into a second database and manipulates that through a post. On the development site the program seems to be working fine, though it was using the last version of buddypress. Now I’m using it on the latest version of buddypress and wordpress and its throwing a nonce error whenever I try to post the form; Im using a form setup like the following: ‘<form action=”” method=”post”>’; I’ve also added to the forms the following to try to get the nonce failure past:

    wp_nonce_field( ‘closedpostboxes’, ‘closedpostboxesnonce’, false );
    wp_nonce_field( ‘meta-box-order’, ‘meta-box-order-nonce’, false );
    wp_nonce_field( ‘edit-group_’ . $group->id );
    wp_nonce_field( ‘groups_edit_group_settings’ );
    wp_nonce_field( );
    echo ‘<input type=”hidden” name=”group-id” id=”group-id” value=”‘. bp_group_id() .’” />’;

    Is there a way to figure out what group nonce if failing from a post error? or is there an alternative method of posting which would be preferred?

    Thanks

Viewing 5 replies - 1 through 5 (of 5 total)
  • Avatar of @modemlooper
    @modemlooper
    Moderator

    @modemlooper

    A form only needs one nonce, are you trying to add all these to one form?

    Avatar of dmpastuf
    dmpastuf
    Participant

    @dmpastuf

    I intentionally had no nonces for development purposes and then added one, though my code bit in particular dosn’t have any nonce checks.

    Could I somehow be triggering a buddypress nonce check failure (why I tried adding the additional nonces)

    Avatar of @modemlooper
    @modemlooper
    Moderator

    @modemlooper

    all a nonce does is send a parameter in the POST and then on the back end it verifies the value. There isn’t much that would cause an error. Where and what is the error?

    Avatar of dmpastuf
    dmpastuf
    Participant

    @dmpastuf

    When I post my custom form on a custom tab, I get a wordpress “Are you sure?” page (i.e. a wp_nonce_ays). Not so much an error as a failure (i.e. I’d expect nonce to be causing what its causing, but have no idea what field is doing so).

    Here’s the code I’m using for one of the two form tabs:

    
    add_action('bp_init', 'bpcivi_addgroupeditnav1');
    
    function bpcivi_addgroupeditnav1() {
    if ( class_exists( 'BP_Group_Extension' ) ) { // Recommended, to prevent problems during upgrade or when Groups are disabled
      //Run to find out if a chapter
     	global $wpdb;
    	global $bp;
     	$bpcivi_ck_currgroup = $bp->groups->current_group->id;
     	if(is_numeric($bpcivi_ck_currgroup)) { //Check if the group is set
     		$bpcivi_ck_querytext = 'SELECT * FROM <code>wp_bpcivi_groupsync</code> WHERE <code>buddypress_group</code> =' . $bpcivi_ck_currgroup;
    		$bpcivi_ck_settinggroups = $wpdb->get_results($bpcivi_ck_querytext);
     	}
        class BPCivigroupedit extends BP_Group_Extension {
     		 function __construct() {
            	$this->name = 'Edit Chapter Info';
                $this->slug = 'bpcivi-groupedit';
                $this->nav_item_position = 2;
                $this->visibility = 'private';
                $this->enable_nav_item = false;
                $this->enable_create_step = false;
    		}
            /**
             * The content of the My Group Extension tab of the group admin
             */
    	function edit_screen() {
    	    if ( !bp_is_group_admin_screen( $this->slug ) )
    			return false;
        //Include Files
    	include_once(ABSPATH  . '/wp-blog-header.php');
    	include_once(ABSPATH  . 'wp-content/plugins/civicrm/civicrm.settings.php');
    	include_once(ABSPATH  . 'wp-content/plugins/civicrm/civicrm/CRM/Core/Config.php');
    	include_once(ABSPATH  . 'wp-content/plugins/civicrm/civicrm/civicrm.config.php');
    	$config = CRM_Core_Config::singleton();
    	global $wpdb;
    	global $bp;
    	//Current Buddypress Group
    		$bpcivi_currgroup = $bp->groups->current_group->id;
    	//Run Query on DB
    		$bpvivi_querytext = 'SELECT * FROM <code>wp_bpcivi_groupsync</code> WHERE <code>buddypress_group</code> =' . $bpcivi_currgroup;
    		$bpcivisync_settinggroups = $wpdb->get_results($bpvivi_querytext);
    	//Assign to array from first membership found - oldest set effectively
    		$bpcivi_groupsettings = get_object_vars($bpcivisync_settinggroups[0]);
    	//Form Reaction TODO
    		if (isset($_POST['groupeditsubmit'])) {
    		//Contact Update
    		$bpcivi_groupupdateparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','sequential' => 1,
    		'id' => $bpcivi_groupsettings['orgid'],
    		'organization_name' => $_POST['orgname'],
    		'legal_name' => $_POST['legalname'],
    		'nick_name' =>$_POST['nickname'],
    		);
    		$bpcivi_groupeditpostresult = civicrm_api('Contact', 'create', $bpcivi_groupupdateparams);
    		//Address Update 
    		$bpcivi_groupaddressupdateparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','sequential' => 1,
    		'id' => $_POST['addressid'],
    		'street_address' => $_POST['street1'],
    		'supplemental_address_1' => $_POST['street2'],
    		'supplemental_address_2' => $_POST['street3'],
    		'city' => $_POST['city1'],
    		'geo_code_1' => $_POST['latitude'],
    		'geo_code_2' => $_POST['longitude'],
    		'state_province_id' => $_POST['state'],
    		);
    		$bpcivi_groupaddresseditpostresult = civicrm_api('Address', 'create', $bpcivi_groupaddressupdateparams);
    		//Website Update
    		$bpcivi_groupwebupdateparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','sequential' => 1,
    		'id' => $_POST['webid'],
    		'url' => $_POST['website1'],
    		);
    		$bpcivi_groupwebupdateresult = civicrm_api('Website', 'create', $bpcivi_groupwebupdateparams);
    		
    		/*//Diagnostics
    		echo "Being Sent to API - Address: <pre>";
    		print_r($bpcivi_groupwebupdateresult);
    		echo "<pre>";*/
    		}
    	
    	
    	
    	//Run Query API Against Group
    		$bpcivi_groupeditparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','sequential' => 1,
    			'contact_id' => $bpcivi_groupsettings['orgid'],);
    		$bpcivi_groupeditresult = civicrm_api('Contact', 'get', $bpcivi_groupeditparams);
    		 //Array of assignments	
    			$bpcivi_groupedit_orgname = $bpcivi_groupeditresult['values'][0]['organization_name'];
    			$bpcivi_groupedit_legalname = $bpcivi_groupeditresult['values'][0]['legal_name'];
    			$bpcivi_groupedit_nickname = $bpcivi_groupeditresult['values'][0]['nick_name'];
    			$bpcivi_groupedit_streetaddress = $bpcivi_groupeditresult['values'][0]['street_address'];
    			$bpcivi_groupedit_supplemental_address_1 = $bpcivi_groupeditresult['values'][0]['supplemental_address_1'];
    			$bpcivi_groupedit_supplemental_address_2 = $bpcivi_groupeditresult['values'][0]['supplemental_address_2'];
    			$bpcivi_groupedit_city = $bpcivi_groupeditresult['values'][0]['city'];
    			$bpcivi_groupedit_geo_code_1 = $bpcivi_groupeditresult['values'][0]['geo_code_1'];
    			$bpcivi_groupedit_geo_code_2 = $bpcivi_groupeditresult['values'][0]['geo_code_2'];
    			$bpcivi_groupedit_state_province_id = $bpcivi_groupeditresult['values'][0]['state_province_id'];
    			$bpcivi_groupedit_country_id = $bpcivi_groupeditresult['values'][0]['country_id'];
    			
    	//Organization Website Query
    		$bpcivi_groupeditwebsiteparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','sequential' => 1,
    			'contact_id' => $bpcivi_groupsettings['orgid'],);
    		$bpcivi_groupeditwebsiteresult = civicrm_api('Website', 'get', $bpcivi_groupeditwebsiteparams);
    		$bpcivi_groupedit_website1 = $bpcivi_groupeditwebsiteresult['values'][0]['url'];
    	//Get the states list
    		$bpcivi_statesparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','name' => 'stateProvince',);
    		$bpcivi_statesresult = civicrm_api('Constant', 'get', $bpcivi_statesparams);
    		$bpcivi_statesresultarr = $bpcivi_statesresult['values'];
    		$bpcivi_statesresultarrkeyd = array_values($bpcivi_statesresultarr);
    		$bpcivi_statesresultarrkeys = array_keys($bpcivi_statesresultarr);
    	//Get the Countries list
    		$bpcivi_countriesparams = array('version' => 3,'page' => 'CiviCRM','q' => 'civicrm/ajax/rest','name' => 'country',);
    		$bpcivi_countriesresult = civicrm_api('Constant', 'get', $bpcivi_countriesparams);
    		$bpcivi_countriesresultarr = $bpcivi_countriesresult['values'];
    		$bpcivi_countriesresultarrkeyd = array_values($bpcivi_countriesresultarr);
    		$bpcivi_countriesresultarrkeys = array_keys($bpcivi_countriesresultarr);
    	//Display Form
    		echo '<div id="bpcivigroupeditform">';
    		echo '<form action="" method="post">';
    		echo '<input type="hidden" name="addressid" value="' . $bpcivi_groupeditresult['values'][0]['address_id'] . '">';
    		echo '<input type="hidden" name="webid" value="' . $bpcivi_groupeditwebsiteresult['values'][0]['id'] . '">';
    		echo '<table border=1>';
    		echo "<tr><td>" . "Organization Name" . "</td><td>" . '<input type="text" name="orgname" value="' .$bpcivi_groupedit_orgname  . '"></td><tr>';
    		echo "<tr><td>" . "Legal Name" . "</td><td>" . '<input type="text" name="legalname" value="' .$bpcivi_groupedit_legalname  . '"></td><tr>';
    		echo "<tr><td>" . "Nickname" . "</td><td>" . '<input type="text" name="nickname" value="' .$bpcivi_groupedit_nickname  . '"></td><tr>';
    		echo "<tr><td>" . "Website" . "</td><td>" . '<input type="url" name="website1" value="' .$bpcivi_groupedit_website1  . '"></td><tr>';
    		echo "<tr><td>" . "Street Address" . "</td><td>" . '<input type="text" name="street1" value="' .$bpcivi_groupedit_streetaddress  . '"></td><tr>';
    		echo "<tr><td>" . "Street Address 2" . "</td><td>" . '<input type="text" name="street2" value="' .$bpcivi_groupedit_supplemental_address_1  . '"></td><tr>';
    		echo "<tr><td>" . "Street Address 3" . "</td><td>" . '<input type="text" name="street3" value="' .$bpcivi_groupedit_supplemental_address_2  . '"></td><tr>';
    		echo "<tr><td>" . "City" . "</td><td>" . '<input type="text" name="city1" value="' .$bpcivi_groupedit_city  . '"></td><tr>';
    		echo "<tr><td>" . "Latitude" . "</td><td>" . '<input type="text" name="latitude" value="' .$bpcivi_groupedit_geo_code_1  . '"></td><tr>';
    		echo "<tr><td>" . "Longitude" . "</td><td>" . '<input type="text" name="longitude" value="' .$bpcivi_groupedit_geo_code_2  . '"></td><tr>';
    		echo "<tr><td>" . "State" . "</td><td>" . '<select name="state">';
    		for ($i=0;$i<count($bpcivi_statesresultarr);$i++) {
    			if ($bpcivi_statesresultarrkeys[$i] == $bpcivi_groupedit_state_province_id) {
    			echo '<option value="' . $bpcivi_statesresultarrkeys[$i] . '" selected>' . $bpcivi_statesresultarrkeyd[$i] . '</option>';	
    			} else {
    			echo '<option value="' . $bpcivi_statesresultarrkeys[$i] . '">' . $bpcivi_statesresultarrkeyd[$i] . '</option>';
    			}
    		}
    		echo '</select></td><tr>';
    		//value="' .$bpcivi_groupedit_state_province_id  . '"
    		echo "<tr><td>" . "Country" . "</td><td>" . '<input type="text" name="orgname" disabled value="' .$bpcivi_countriesresultarr[$bpcivi_groupedit_country_id]  . '"></td><tr>';
    		echo '<tr><td colspan="2">' . '<input id="bpedit_submit" type="submit" name="groupeditsubmit" value="Submit">' . '</td></tr>';
    		echo "</table></form>";
    		echo "</div>";
    	//Diagnostics
    	/*
    		echo "<br>Post: <pre>";
    		print_r($_POST);
    		echo "</pre>";
            echo "<br>API Call: <pre>";
    		print_r($bpcivi_groupeditwebsiteresult);
    		echo "</pre>";        
    		*/
            }
    
    }
    if(count($bpcivi_ck_settinggroups) > 0) { //Make it so that the group exension is only used for chapter
    	bp_register_group_extension( 'BPCivigroupedit' );
    }
    }
    }
    

    This code is the initial code before I started adding the nonces to see if the problem could be resolved.

    Avatar of dmpastuf
    dmpastuf
    Participant

    @dmpastuf

    I added a printout to see what nonce was failing in the wp_nonce_ays function to display what action was giving me the error; it was failing on checking “bp_group_extension_bpcivi-groupedit_edit”; it looks like its some sort of combination nonce from the extension and function. At any rate, I added the the following to the form and it is still failing; could the nonce be being deleted by buddypress before being read?

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.