How to allow page access ONLY by form

Question

How to allow page access ONLY by form

Navigation

#1 by (0 votes)

0

I have a page in wordpress that exists a form, which the user passes email, name and status. When the subscription is completed, I will capture your data on a MailChimp, in my case, and redirect it to another page, which will have access to a simulation, for example.

I would, however, like to have access to this redirected page EXCLUSIVELY from my described form.

I do not want to be able to type in the url directly the address of the redirected page. Example: domain.com / simulated

If he did, he would enter the home again, or whatever. Anyway, how can I make this restriction?

php wordpress plugin-wordpress

asked by anonymous 13.07.2017 / 20:27

1 answer

SQL to count records that have a field Update an object automatically on other pages without reloading

score 0 · Answer 1

WordPress has a native solution that can help you: nonces . In fact nonces are a security feature to prevent attacks CSRF , but I think they can be a simple solution for you.

On the page of your form, include within the <form> this:

<?php wp_nonce_field( 'nome_da_acao', '_valida_form' ); ?>

This function will add a input[type=hidden] to your form, containing a nonce - a unique and temporary value.

Your form will be processed on another page, so in the code of that page, when you receive the form data, you validate the nonce:

<?php
    $request = wp_unslash( $_REQUEST );

    if ( ! wp_verify_nonce( $request['_valida_form'], 'nome_da_acao' ) ) {
        // o nonce não foi reconhecido, então redireciona para a home
        wp_redirect( home_url('/') ); exit();
    }

    // continua o processamento do formulário e exibe a página

Documentation:

wp_nonce_field ()

wp_verify_nonce ()