TRACY DOUGLASS asked 2 years ago
Victor Font answered 2 years ago
"You can create a nonce and add it to the query string in a URL, you can add it in a hidden field in a form, or you can use it some other way."
Victor Font
replied 2 years ago This is the approach I would investigate if I were working on a paid project that had this requirement.
TRACY DOUGLASS
replied 2 years ago thank you. i have started looking into this. I find the nonce information a bit confusing, especially in how to use it in conjunction with the FF framework. I understand how it works, but not so much how to implement it.
Merlin Rose answered 2 years ago
TRACY DOUGLASS
replied 2 years ago thank you, i'm going to check this out. I used the add_filter('frm_setup_edit_fields_vars, and have it working. But perhaps this hook you mentioned may work better. I'm not educated enough to know exactly how "safe" it all ends up being in either case.
Merlin Rose
replied 2 years ago The frm_setup_edit_fields_vars is for changing values in fields when editing an entry. I think the frm_display_form_action is perfect for your case.
I have a platform where attandees can register to events and every event has there own maximum number of attendees and before they load the form i check in frm_display_form_action the open spots and if registrated attendees >= maximum spots, i "close" the from and show a note. I have tones of other cases where i check user roles, user meta, current time and so on and it always works "safe".
TRACY DOUGLASS
replied 2 years ago i'm working on this currently and it seems to be working very well for me. I very much appreciate your response!! I have a question perhaps you can answer: I removed the lines for : remove_filter('frm_continue_to_new', '__return_false', 50); and add_filter('frm_continue_to_new', '__return_false', 50);. they didn't seem to be doing anything in my code. I simply have an echo message and "exit" if user doesn't meet the criteria to load the form and that works.
What are those 2 filters actually doing ? In the examples, one is at the beginning and the other at the end.
Merlin Rose
replied 2 years ago <p>i didn't know exactly but i think this is for loading the final form. If you are deleting these lines your code will not have any effects because at the beginning the loading of the form is turned off and only turned on again if the criteria match. With this deleted the form will always load because this is default.</p><p>I don't know if exit is the best solution because the form should load anyway but will not shown. I'm not really sure about the consequences of just "exiting" the code at this point.</p>
TRACY DOUGLASS
replied 2 years ago I wonder then, why is the "remove filter" at the beginning, prior to the form id being identified, doesn't that mean it runs every time regardless of the form being loaded ? I've tried several scenarois to see how it affects my forms and I can't understand it. But my code does not run at all with it, so hopefully it won't come back to haunt me since I removed it.
Bobby Clapp answered 2 years ago
TRACY DOUGLASS
replied 2 years ago So this token gets stored in a field in each record created. If I have a user who is allowed to view a selection of multiple records, but not all records, how does this token field help me filter those records, particularly if a user edits the url directly. ?
Bobby Clapp
replied 2 years ago If you need to display multiple records (privately), but then also only allow the appropriate person to see the individual detail of those records you're going to probably want to replicate the same thing and maybe apply it to user meta as a "user_token". You'll probably want to try taking advantage or the user registration add-on.
Please login or Register to submit your answer
