Create Unique ID for URL

Question

I am working on pages which are secured so no-one can link to that page using this:

Code below is called inside a loop.

$gentok = uniqid();

if(isset($_GET["action"]) && $_GET["action"] == "clean_$gentok") {
    // stuff
}

Then, I have this to call the URL:

<a href="<?php echo admin_url("themes.php?page=cleaner&action=clean_$gentok"); ?>">Clean this and that</a>

But when clicking the link, the page refreshes and the uniqid() has already changed.

How can I make it so the uniqid() is still the same after the page refresh? I'm open for any changes or better ideas you may have.

Thank you!

Save unique ID in session along with a timestamp and then renew the ID after some time (and/or when the link has been clicked). — Charlotte Dunois, Aug 05 '16 at 22:06
I'm curious; is this to be used for one-time only use? If so, there's a better way. — Funk Forty Niner, Aug 05 '16 at 22:20
@Fred-ii- I thought uniqid would do the job, turns out to be a bummer... aaaand I'm not too sure how nonces work. — J. Doe, Aug 05 '16 at 22:23
Have a look at this Q&A http://stackoverflow.com/questions/4145531/how-to-create-and-use-nonces - It's all in there ;-) I've used it often before. — Funk Forty Niner, Aug 05 '16 at 22:27
@Fred-ii- Ay! That works. Your link is fine but I've used the WordPress nonce system for it. Thank you for the information, Fred. — J. Doe, Aug 05 '16 at 22:41
You're quite welcome, *cheers* glad it worked. TBH, I didn't know WordPress had one too. — Funk Forty Niner, Aug 05 '16 at 22:49

score 1 · Accepted Answer · edited May 23 '17 at 12:22

Posting this as a community wiki since I've nothing to gain from this.

My suggestion in comments about using a nonce brought the OP to use the WordPress version of a nonce as their solution.

Reference:

https://codex.wordpress.org/WordPress_Nonces

Sidenote: To be honest, I was not aware that WordPress had one and found that reference link on the Internet.

My original reference:

How to create and use nonces

Additional reference:

Wiki page: http://en.wikipedia.org/wiki/Cryptographic_nonce

Zayn Ali · Answer 2 · 2016-08-05T22:18:52.437

0

Use session for this. Put your unique ID in session array

session_start();

$_SESSION['gentok'] = uniqid();

if (isset($_GET["action"]) && $_GET["action"] == "clean_" . $_SESSION['gentok']) {
    // stuff
}

In your display

session_start();

<a href="<?= admin_url('themes.php?page=cleaner&action=clean_' . $_SESSION['gentok']) ?>">Clean this and that</a>

edited Aug 05 '16 at 22:18

answered Aug 05 '16 at 22:12

Zayn Ali

4,765
1
30
40

Okay, thank you for the answer. Will this also work in `foreach`? – J. Doe Aug 05 '16 at 22:18
Not too crazy, just `foreach ($theme_names as $theme_name) {` and inside that the code in the question – J. Doe Aug 05 '16 at 22:22
I have found that a nonce system is kind of better for this, I might have not explained it that well in my question. Thank you anyway for your help and effort. :) – J. Doe Aug 05 '16 at 22:42

score 0 · Answer 3 · answered Aug 05 '16 at 22:21

When you creating a session set a value so every time that page loads it will check is your session for the value. Else you will redirect......you would put the code on top. If($_SESSION['sesname']!=$value]{header location}

You would pit this at the top of the page so it performs the check

OR If you want a unique name then just put something that people want easily guess and don't link it any where

Create Unique ID for URL

3 Answers3