Home / Archive / Disable Nonce Check For Non Logged In Users
Duplicate Snippet

Embed Snippet on Your Site

Disable Nonce Check For Non Logged In Users

Disables the nonce check for non-logged in donors, usually for those using page caching which causes problems for donors who are not logged in.

Code Preview
php
<?php
/**
 * Page caching causes problems for donors who are not logged in.
 *
 * This filter disables the nonce check for non-logged in donors. Since this
 * is provides less protection than the normal nonce check, it is not recommended
 * unless you are also using a captcha solution.
 *
 * @param  boolean                  $validated Whether the security check passed the core checks.
 * @param  Charitable_Donation_Form $form      The form object.
 * @return boolean
 */
add_filter(
	'charitable_validate_donation_form_submission_security_check',
	function( $validated, Charitable_Donation_Form $form ) {
		/* The security check passed, so do no more. */
		if ( $validated ) {
			return $validated;
		}
		/* The honeypot failed. */
		if ( ! $form->validate_honeypot() ) {
			return $validated;
		}
		/* Nonce failed for a logged in user. */
		if ( is_user_logged_in() ) {
			return $validated;
		}
		/* Add the nonce failure to the donation log. */
		add_action( 'charitable_after_save_donation', 'ed_charitable_log_donation_nonce_failure' );
		charitable_get_notices()->clear_notices_by_type( 'error' );
		return true;
	},
	10,
	2
);
/**
 * This function logs the nonce failure to the donation log.
 *
 * @param  int $donation_id The ID of the donation.
 * @return void
 */
function ed_charitable_log_donation_nonce_failure( $donation_id ) {
	$log = new Charitable_Donation_Log( $donation_id );
	$log->add( 'The nonce check failed for non logged-in donor, but the donation was allowed to go ahead as nonce checks have been deactivated for non logged-in users.' );
	/* Disable this hook. */
	remove_action( 'charitable_after_save_donation', 'ed_charitable_log_donation_nonce_failure' );
}

Comments

Add a Comment