ajax – WordPress is creating nonce as a logged in user but verifying it incorrectly

I’m having trouble validating a nonce created with wp_create_nonce() inside a hidden input with the name nonce in an html form:

<input type="hidden" name="nonce" value="<?php echo wp_create_nonce('action_name'); ?>" />

The form submission is done via ajax and validated with check_ajax_referer('action_name','nonce'). This always returns -1. All REST endpoints have been tested without nonces and work 100% fine.

The issue seems to stem from wp’s user identifcation.

My debugging so far

Nonce creation
Within wp-includes/pluggable.php wp_create_nonce('action_name') creates a nonce hashing various variables including the user id and the action.

Ajax call
I submit an ajax call which calls check_ajax_referer('action_name','nonce'). This in turn calls wp_verify_nonce($nonce,$action) which verifies the nonce by hashing the same variables and comparing the two.

Reverse engineering to locate problem
My problem is that wp_create_nonce('action_name') is being created with the correct user id. However, when I run check_ajax_referer('action_name','nonce') which calls wp_verify_nonce($nonce,$action) which in turn calls wp_get_current_user(); no user is found (user id is 0).

Evidence the problem is to do with user id

If I temporarily edit wp-includes/pluggable.php to force my user id, the nonce validation works fine. It’s as if ajax requests to a known and valid endpoint are being treated as if the user is logged out regardless of whether they are or not.

I’m clearly missing something here, but I have no idea what.

8 – How do I flag new user accounts or updated accounts?

I created a custom module to automatically flag new user accounts and updated accounts.

When I create a new user or update an existing account, it is not automatically flagged and there is no error message in the logs.

How do I flag new user accounts or updated accounts ?

<?php

/**
 * @file
 * Holds hook implementation for the Admin Task Notify module.
 */

use DrupalflagFlaggingInterface;
use DrupalCoreEntityContentEntityBase;
use DrupaluserEntityUser;

/**
 * Implements hook_user_update().
 */
function admin_task_notify_user_update(User $user_admin) {
  $flag_id = 'moderate_user';
  $flag_service = Drupal::service('flag');
  $flag = $flag_service->getFlagById($flag_id);
  $account = DrupaluserEntityUser::load(1);
  $flag_service->flag($flag, $user_admin, $account);
}

UPDATE

Here is my code with the response of “No Sssweat”. Why does the code work when creating and updating nodes with hook_node_update and the rest only work when updating ?

<?php

/**
 * @file
 * Holds hook implementation for the Admin Task Notify module.
 */

use DrupalflagFlaggingInterface;
use DrupalCoreEntityContentEntityBase;
use DrupaluserEntityUser;
use Drupalcommerce_storeEntityStore;
use Drupalcommerce_productEntityProduct;
use DrupalgroupEntityGroup;
use DrupalnodeEntityNode;
use DrupalcommentEntityComment;

/**
 * Implements hook_user_update().
 */
function admin_task_notify_user_update(User $account) {
  $flag_id = 'moderate_user';
  $flag_service = Drupal::service('flag');
  $flag = $flag_service->getFlagById($flag_id);
  $user_admin = DrupaluserEntityUser::load(1);
  $flag_service->flag($flag, $account, $user_admin);
}

/**
 * Implements hook_store_update().
 */
function admin_task_notify_commerce_store_update(Store $commerce_store) {
  if ($commerce_store->getType() == 'ephemere' || $commerce_store->getType() == 'personnel' || $commerce_store->getType() == 'professionnel') {
    $flag_id = 'moderate_store';
    $flag_service = Drupal::service('flag');
    $flag = $flag_service->getFlagById($flag_id);
    $user_admin = DrupaluserEntityUser::load(1);
    $flag_service->flag($flag, $commerce_store, $user_admin);
  }
}

/**
 * Implements hook_product_update().
 */
function admin_task_notify_commerce_product_update(Product $commerce_product) {
  if ($commerce_product->getType() == 'produit' || $commerce_product->getType() == 'service') {
    $flag_id = 'moderate_product';
    $flag_service = Drupal::service('flag');
    $flag = $flag_service->getFlagById($flag_id);
    $user_admin = DrupaluserEntityUser::load(1);
    $flag_service->flag($flag, $commerce_product, $user_admin);
  }
}

/**
 * Implements hook_group_update().
 */
function admin_task_notify_group_update(Group $group) {
  if ($group->getType() == 'personnel' || $group->getType() == 'professionnel') {
    $flag_id = 'moderate_group';
    $flag_service = Drupal::service('flag');
    $flag = $flag_service->getFlagById($flag_id);
    $user_admin = DrupaluserEntityUser::load(1);
    $flag_service->flag($flag, $group, $user_admin);
  }
}

/**
 * Implements hook_node_update().
 */
function admin_task_notify_node_update(Node $node) {
  if ($node->getType() == 'annonce' || $node->getType() == 'article' || $node->getType() == 'demande' || $node->getType() == 'discussion' || $node->getType() == 'evenement' || $node->getType() == 'itineraire' || $node->getType() == 'recipe') {
    $flag_id = 'moderate_node';
    $flag_service = Drupal::service('flag');
    $flag = $flag_service->getFlagById($flag_id);
    $user_admin = DrupaluserEntityUser::load(1);
    $flag_service->flag($flag, $node, $user_admin);
  }
}

/**
 * Implements hook_comment_update().
 */
function admin_task_notify_comment_update(Comment $comment) {
  if ($comment->getType() == 'annonce' || $comment->getType() == 'article' || $comment->getType() == 'demande' || $comment->getType() == 'discussion' || $comment->getType() == 'evenement' || $comment->getType() == 'itineraire' || $comment->getType() == 'recipe' || $comment->getType() == 'produit' || $comment->getType() == 'service') {
    $flag_id = 'moderate_comment';
    $flag_service = Drupal::service('flag');
    $flag = $flag_service->getFlagById($flag_id);
    $user_admin = DrupaluserEntityUser::load(1);
    $flag_service->flag($flag, $comment, $user_admin);
  }
}

data tables – How to stop user loading more records on grid

In one legacy UI application on which I am working currently, has a Main List which is used to display all records stored in elastic in paginated way. Elastic may have more than 1 million records.

The problem arises when I added a functionality of loading next page of records when scroll touches bottom (no direct pagination widget).

In the introduced functionality of scroll load, user can scroll infinitely. for each “scroll at the bottom” event, data loads from 0 to pageNo*pageSize records. I set page size as small as 50 records. So, for example,

  • Page 1 will load 50
  • Page 2 – 100 records
  • Page 3 – 150 records
  • Page 4 – 200 records

and so on..

I want to acknowledge user after a certain page number like 20 pages(1000 records loaded on browser) that
Don’t go further otherwise application will become slow, use search with keywords instead.

Actually, I am doing so by putting simple auto hide alert which will start appearing from 20 pages onward and will display in interval of 5 pages like 20, 25,30 etc.

Is there any better way to acknowledge user that he is exploiting functionality because we are allowing him to do so?

I know this type of data loading sounds crazy but this is what we have to do. I need help on letting user know that application will be slow after a certain period of time.

Thanks in advance.

NinjaStream – Video Hosting Service | Fast & User Friendly | Proxies123.com


‚Äč

Hello, first of all. I’d like to thank you guys from the previous service. We gained a lot of experience from there. Video streaming isn’t as easy as we used to think. There’s was a lot of problem everywhere. Every time we fixed something, a new bug comes out for a good reason. But, we did not give up. We have completely written a new project from the scratch and optimized it than it used to be. We had to tested everything out before we released it to public so It doesn’t happened again. Alpha testing is done. So NinjaStream was born.

Current Features:

  • No storage limit or bandwidth limit
  • No streaming speed limit. (We want it to be fast.)
  • No complicated settings
  • Supported VideoJS & JWPlayer
  • Privacy Protected. (You are free to use any kind of emails you want.)
  • HLS Video Streaming
  • Fast & User Friendly

Upload Features:

  • Multiple Upload
  • API Upload
  • Remote Upload

Payment’s FAQ:
– Bitcoin is our prioritize payment method. Pending payments will be proceed with in 24 hours, if not. Create a ticket.
– Other payment methods are bi-weekly.

FAQ’s:
Who is behind NinjaStream?
– We are just a normal person who really wants a good service of video streaming for free.

Do you remove inactive files?
– No, we do not remove inactive files. You are free to do anything with your files

What kind of files are allowed to upload?
– We allow any kind of video files as long your video file’s mime type is video/*

Can I upload adult or porn videos?
– As long as they are legal. (You know what I mean), and allowed by your local law, then feel free to upload them

Is there any storage limit?
– No, your account storage is unlimited for free. You can upload video as much as you want.

Is there any speed limit on my vidoes?
– No, NinjaStream was made to speedup our videos & it also apply to your vidoes

Contact/Support:
Feel free to contact us at our Support Page

I am not expecting any bugs, we have tested it for a weeks. But, if you found one, kindly create a support ticket. ;)
Checkout out our API Documentation.

Website Video Migration:
If you wish to upload your existing videos on your website. We will try to help you out. We will create our own script that uploads your website videos on NinjaStream without you doing anything. We will run the script on our side. For more information, you can contact us by creating a new support ticket with a title of “Migration”.

mysql – MariaDB User for both remote access and local access

I want to enable my app to access the database locally, and in the same time access it remotely from a tool like MySQLyog. I’m wondering whether I should be creating two users, one for the local connection, and one for the remote connect.

CREATE USER  'charla-user-db'@'localhost' IDENTIFIED BY 'pass@word';
CREATE USER  'charla-user-db'@'%' IDENTIFIED BY 'pass@word';

I thought this would be enough CREATE USER 'charla-user-db'@'%' IDENTIFIED BY 'pass@word';, since it should allow connections from any hosts, but I failed to connect locally using it.

Get Manager Name based on User in SahrePoint Online list

Stack Exchange Network


Stack Exchange network consists of 176 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Visit Stack Exchange

twitter – How find my tweets where an specific user retweeted it?

I want to know if a specific user ever retweeted any of my tweets.

For example: “from:@username includes:nativeretweets filter:nativeretweets”

The above command gets part of what I want, but I need the output to show only my tweets, I thought the command below might work but it does not return any results.

“from:@username to:MyUserName include:nativeretweets filter:nativeretweets”

usability – How to phrase questions to user tests to not give away solution

For a site project I’m designing, I want to make sure people know where to find what they need so names of main sections must be clear. I want to test with a couple users, as many as I can perhaps. When phrasing a list of tasks for users to complete, what are some good methods to do so? (Without giving away so obviously which section contains what information)… As a rule should I always avoid using the words of each category/section on my site in my phrasing of each task to do?

How do you define reliability in User Experience Design? [closed]

Some keywords to define reliability in UX design.
how do i show my design is reliable

database design – MS ACCESS : On a subject form, how can I highlight a required control IF AND ONLY IF the user misses it (an error is thrown)

I have built a subject form and would like to find a way to highlight a textbox control that is required (it is paired to a required field) IF AND ONLY IF the user fails to enter it. I know that there are validation rules that are built as part of the subject table that will give the user an indication of an error when they fail to enter required data. But, I am looking for a more “colorful” or “visual” indication, so to speak. I have seen people simply give a colorful border to a required field. This is fine, but I am trying to find a way to either highlight or make a colorful border on the required control IF AND ONLY IF an error is thrown.

I hope my question is clear. This is my first question on here so I apologize if it’s messy. I am using ACCESS 2016