/**
* Retrieve or display nonce hidden field for forms.
*
* The nonce field is used to validate that the contents of the form came from
* the location on the current site and not somewhere else. The nonce does not
* offer absolute protection, but should protect against most cases. It is very
* important to use nonce field in forms.
*
* If you set $echo to true and set $referer to true, then you will need to
* retrieve the {@link nxt_referer_field() nxt referer field}. If you have the
* $referer set to true and are echoing the nonce field, it will also echo the
* referer field.
*
* The $action and $name are optional, but if you want to have better security,
* it is strongly suggested to set those two parameters. It is easier to just
* call the function without any parameters, because validation of the nonce
* doesn't require any parameters, but since crackers know what the default is
* it won't be difficult for them to find a way around your nonce and cause
* damage.
*
* The input name will be whatever $name value you gave. The input value will be
* the nonce creation value.
*
* @package bbPress
* @subpackage Security
* @since 1.0
*
* @param string $action Optional. Action name.
* @param string $name Optional. Nonce name.
* @param bool $referer Optional, default true. Whether to set the referer field for validation.
* @param bool $echo Optional, default true. Whether to display or return hidden form field.
* @return string Nonce field.
*/
function bb_nonce_field($action = -1, $name = "_nxtnonce", $referer = true, $echo = true)
{
$name = esc_attr($name);
$nonce = bb_create_nonce($action);
$nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . $nonce . '" />';
if ($echo) {
echo $nonce_field;
}
if ($referer) {
nxt_referer_field($echo, 'previous');
}
return $nonce_field;
}
/**
* Retrieve or display nonce hidden field for forms.
*
* The nonce field is used to validate that the contents of the form came from
* the location on the current site and not somewhere else. The nonce does not
* offer absolute protection, but should protect against most cases. It is very
* important to use nonce field in forms.
*
* The $action and $name are optional, but if you want to have better security,
* it is strongly suggested to set those two parameters. It is easier to just
* call the function without any parameters, because validation of the nonce
* doesn't require any parameters, but since crackers know what the default is
* it won't be difficult for them to find a way around your nonce and cause
* damage.
*
* The input name will be whatever $name value you gave. The input value will be
* the nonce creation value.
*
* @package NXTClass
* @subpackage Security
* @since 2.0.4
*
* @param string $action Optional. Action name.
* @param string $name Optional. Nonce name.
* @param bool $referer Optional, default true. Whether to set the referer field for validation.
* @param bool $echo Optional, default true. Whether to display or return hidden form field.
* @return string Nonce field.
*/
function nxt_nonce_field($action = -1, $name = "_nxtnonce", $referer = true, $echo = true)
{
$name = esc_attr($name);
$nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . nxt_create_nonce($action) . '" />';
if ($referer) {
$nonce_field .= nxt_referer_field(false);
}
if ($echo) {
echo $nonce_field;
}
return $nonce_field;
}
?>
" tabindex="10" />
</label>
<label>
<?php
_e('Password');
?>
<br />
<input name="pwd" type="password" id="quick_password" size="13" maxlength="40" tabindex="11" />
</label>
<input name="redirect_to" type="hidden" value="<?php
echo $re;
?>
" />
<?php
nxt_referer_field();
?>
<input type="submit" name="Submit" class="submit" value="<?php
echo esc_attr__('Log in »');
?>
" tabindex="13" />
</div>
<div class="remember">
<label>
<input name="rememberme" type="checkbox" id="quick_remember" value="1" tabindex="12"<?php
echo $remember_checked;
?>
/>
<?php
_e('Remember me');
/**
* Returns nonce field HTML
*
* @param string $action
* @param string $name
* @param bool $referer
* @param bool $echo
* @return string
*/
function nonce_field($action = -1, $name = '_nxtnonce', $referer = true)
{
$name = esc_attr($name);
$return = '<input type="hidden" name="' . $name . '" value="' . nxt_create_nonce($action) . '" />';
if ($referer) {
$return .= nxt_referer_field(false);
}
return $return;
}
