Answer the question
In order to leave comments, you need to log in
Y
Y
Yan Aleksandrov2019-06-01 14:31:40
Yan Aleksandrov, 2019-06-01 14:31:40
How to securely implement auction confirmation?
There is a page with an auction item. An unregistered user enters the rate and his mail. WP sends an email to the specified email address with a link to confirm the bid.
Question 1 : How to safely implement a confirmation link?
For now, I'm building the url like this:
http://site.ru/aukczionnyj-tovar/?action=bid_confirmation&product_id=173&nonce=bc8f1cbaba&bid=300&email=mail%40gmail.comAt the time of confirmation, the rate is recorded in an arbitrary field of the post.
As far as I know nonce works 12-24 hours. I can see the nonce conditional in the source code as it is output via wp_localize_script. It turns out that the url written above allows you to carry out an attack in manual mode?
Question 2 : You need to display the result when you click on the link. Something like this: "The bet is made!". What hook to use?
Question 3: how to prevent left emails from being passed through url
Thanks in advance for any advice.
Similar questions
V
Z
A
E
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question