bbPress

Info

• 5 posts
• 2 voices
• Started 3 years ago by filiped
• Latest reply from filiped
• This topic is not a support question

Tags

• bb-post.php
• form

• Posts in this topic

bb-post.php: how to define name="_wpnonce" of input

1. • 
   • filiped
   • Member

   • Posted 3 years ago #

   Hi,

   I'm making an external post form and I'm sending POST information to the bb-post.php

   There's to main fields:

   • Textarea name="post_content"
   • Hidden input name="topic_id"

   I can easily get those values, but this isn't enought for a posting to work.

   There's a strage field named name="_wpnonce" value="4ecbe24030" and another named name="_wp_http_referer" value="/forum/topic/post-slug" that I tought it was for the final redirect, it isn't.

   So I'm having here some basic doubts:

   1. Besides "post_content" and "post_id", what other parameter is necessary for a sucessfull post with bb-post.php?
   2. What's "_wpnonce"
   3. What's "_wp_http_referer"

   Best regards.
2. • 
   • filiped
   • Member

   • Posted 3 years ago #

   I could directly insert this at the bb_posts table, but I think this isn't very smart, considering the system wont block what that user can or cannot do and will not do post counting and other stuff extended by plugins.

   This can't be very hard. I just can't find what I'm missing.
3. • 
   • Ipstenu
   • Member

   • Posted 3 years ago #

   2. http://codex.wordpress.org/Function_Reference/wp_nonce_field

   Don't worry about the nonce field, it's just for WP side and doesn't translate, as of yet, to BB.

   3. I think it's just the internal http referrer, but I could be wrong.
4. • 
   • filiped
   • Member

   • Posted 3 years ago #

   Ipstenu, thanks for your help.

   Looks like the nonce field is very important to prevent spam posting.

   Form submitting doens't work if you specify a wrong nonce. Take a look at my searchings:

   http://bbpress.org/forums/topic/post_forms-_wponce-what-is-it

   http://phpdoc.ftwr.co.uk/bbpress/bbPress/_bb-includes---functions.bb-pluggable.php.html

   http://svn.automattic.com/bbpress/trunk/bb-includes/functions.bb-pluggable.php

   You can create a nonce key with this funcion:

   bb_create_nonce();

   I will continue with the searching and testings.
5. • 
   • filiped
   • Member

   • Posted 3 years ago #

   Finally figure it out.

   It's the bb_create_nonce();

   It's like an MD5 hash, formed by "create-post_" + "topic_id"

   for example:

   <input type="hidden" name="_wpnonce" value="<?=bb_create_nonce('create-post_3');?>"

   With this, you can create replies (posts) within the topic with id 3.

   Best regards.

6. You must log in to post.