Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Y
Y
Yan Aleksandrov2019-06-01 14:31:40
Information Security
Yan Aleksandrov, 2019-06-01 14:31:40

How to securely implement auction confirmation?

There is a page with an auction item. An unregistered user enters the rate and his mail. WP sends an email to the specified email address with a link to confirm the bid.
Question 1 : How to safely implement a confirmation link?
For now, I'm building the url like this:

http://site.ru/aukczionnyj-tovar/?action=bid_confirmation&product_id=173&nonce=bc8f1cbaba&bid=300&email=mail%40gmail.com

At the time of confirmation, the rate is recorded in an arbitrary field of the post.
As far as I know nonce works 12-24 hours. I can see the nonce conditional in the source code as it is output via wp_localize_script. It turns out that the url written above allows you to carry out an attack in manual mode?
Question 2 : You need to display the result when you click on the link. Something like this: "The bet is made!". What hook to use?
Question 3: how to prevent left emails from being passed through url
Thanks in advance for any advice.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
R
root3652019-08-15 15:45:06
How to find out who planted a GPS tracker and who gets a signal from it? 7Reply
D
ddc2021-03-12 16:52:48
How to connect to wifi on blackarch? 1Reply
A
Anatoly Talugin2019-08-18 19:46:52
What rules do you follow when conducting financial transactions on your PC? 7Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question