Failed Nonce Security! Error Message

Do you know what page that occurs on or what tab so I can narrow it down?

Thanks for getting back to me. I’ve used your plugin for years and just love it. You were great in the beginning helping me set it up.

The error occurs on a forum profile page when you try to do anything, just checking the box to receive notifications. I know that it’s your plugin because if I disable your plugin everything works fine. Prior to this week both plugins played nice.

I’ve been going through your plugin testing to see if I can see what is causing it an so far I haven’t figured it out.

Patti

I think I know where it is coming from, and I would rather not do an update right now. I try not to release updates too soon together if possible as it can create issues with people that don’t update right away and also be annoying to developers. I am about ready to release a big one and will include it in that, however I have a temporary fix for you if you need it.

You can replace the function csds_update_user_profile( $user ){ with the following starting on line 27 of the ura-profile-model.php file. It seems to me I had problems with that before firing on a page that it should not and creating that error. I added an additional check to make sure it is the profile page before checking for the nonce so it should be good.

function csds_update_user_profile( $user ){
		global $wpdb, $current_user, $pagename, $errors, $post, $wp_query, $screen;
		$current_user = wp_get_current_user();
		$c_user_id = $current_user->ID;
		$screen = get_current_screen();
		$screen_id = $screen->id;
		$fieldKey = '';
		$fieldName = '';
		$newValue = '';
		$newDate = '';
		$newValue1 = (string) '';
		$newValue2 = (string) '';

		$options = get_option( 'csds_userRegAide_Options' );
		$temp = array();
		$tmp_str = (string) '';
		$ms = (boolean) false;
		$postKey = (string) '';
		$bpValue = (string) '';
		$cnt = (int) 0;
		$field = (int) 0;
		$user_id = (int) 0;
		$value = (string) '';
		$url = (string) '';
		$SQ = $options['add_security_question'];
		$plugin = (string) 'buddypress/bp-loader.php';
		$field = new FIELDS_DATABASE();
		$ura_fields = $field->get_all_fields();
		if( current_user_can( 'edit_user', $current_user->ID )  || current_user_can( 'create_users', $current_user->ID ) ){

			// making sure $user is not empty
			$c_user_id = $current_user->ID;

			if( empty( $user ) ){
				if( isset( $_GET['user_id'] ) ){
					$user_id = $_GET['user_id'];
				}elseif( isset( $_POST['user_id'] ) ){
					$user_id = $_POST['user_id'];
				}else{
					$user_id = $c_user_id;
				}
			}else{
				$user_id = $user;
			}
			if( is_int( $user_id ) ){
				$user_id = $user_id;
			}else{
				$user_id = $c_user_id;
			}

			//handles security questions if used

			if( $options['add_security_question'] == "1" ){
				$sq_question = (string) '';
				$sq_answer = (string) '';
				$sqc = new SECURITY_QUESTIONS_CONTROLLER();
				$questions = $sqc->questions_array();
				$answers = $sqc->answers_array();
				foreach( $questions as $index => $question ){
					if( isset( $_POST[$question] ) ){
						$sq_question = sanitize_text_field( $_POST[$question] );
						$sqc->update_security_questions_user_profile( $user_id, $question, $sq_question );
					}
				}
				foreach( $answers as $index => $answer ){
					if( isset( $_POST[$answer] ) ){
						$sq_answer = sanitize_text_field( $_POST[$answer] );
						$sqc->update_security_questions_user_profile( $user_id, $answer, $sq_answer );
					}
				}
			}

			// handles custom profile fields

			if( !empty( $ura_fields ) ){
				$title = get_the_title();
				$slug = basename( get_permalink() );
				if( isset( $_GET['page'] ) ){
					$page = $_GET['page'];
				}else{
					$url = $_SERVER['REQUEST_URI'];
					$pages = explode( "/", $url );
					$page = $pages[1];
				}
				if ( IS_PROFILE_PAGE ){
					if( $slug != 'register' ) {
						if( $title != 'Check Your Email To Activate Your Account!' ){
							if( $page != 'bp-profile-edit' && $page != 'members' && $page != 'new-user-approval' ){
								if( $screen_id == 'profile' ){
									if( !wp_verify_nonce( $_POST['userRegAideProfileNonce'], 'userRegAideProfileForm' ) ){
										exit( __( 'Failed Nonce Security!', 'csds_userRegAide' ) );
									}
								}
							}
						}
					}
					foreach( $ura_fields as $object ){
						$type = $object->data_type;
						$fieldKey = $object->meta_key;
						$postKey = $fieldKey;
						if( isset( $_POST[$postKey] ) ){
							if( $type == 'textbox' ){
								$newValue = sanitize_text_field( $_POST[$postKey] );
							}elseif( $type == 'url' ){
								$newValue = sanitize_text_field( $_POST[$postKey] );
								$newValue = esc_url_raw( $newValue );
							}elseif( $type == 'textarea' ){
								$newValue = sanitize_text_field( $_POST[$postKey] );
							}elseif( $type == 'datebox' ){
								$newValue =  $_POST[$postKey];
							}elseif( $type == 'number' ){
								$newValue =  $_POST[$postKey];
							}elseif( $type == 'radio' ){
								$newValue = sanitize_text_field( $_POST[$postKey] );
							}elseif( $type == 'selectbox' ){
								$newValue = sanitize_text_field( $_POST[$postKey] );
							}elseif( $type == 'multiselectbox' || $type = 'checkbox' ){
								$temp = $_POST[$postKey];
								$ms = true;
								if( !empty( $temp ) ){
									if( is_array( $temp ) ){
										foreach( $temp as $tkey => $tvalue ){
											$tvalue = sanitize_text_field( $tvalue );
											$temp[$tkey] = $tvalue;
										}
										$newValue1 = serialize( $temp );
									}else{
										$temp = sanitize_text_field( $temp );
										$newValue1 = $temp;
									}

								}

							}
							//exit( 'NEW VALUE: '.$newValue );
							if( $ms == false ){
								update_user_meta( $user_id, $fieldKey, $newValue );
							}elseif( $ms == true ){
								update_user_meta( $user_id, $fieldKey, $newValue1 );
							}

							// update buddy press field data
							if( is_plugin_active( $plugin ) ){
								$id = $object->bp_ID;
								$bpf = new URA_BP_FUNCTIONS();
								if( $ms == true ){
									$bpf->update_bp_profile( $user_id, $id, $newValue1 );
									$ms = false;
								}else{
									$bpf->update_bp_profile( $user_id, $id, $newValue );
								}
								$ms = false;
							}
							$ms = false;
						}else{

						}
					}

				}

			}

		}else{
			if( is_user_logged_in() ){ // wordpress or theme bug for some
				wp_die( __( 'You do not have sufficient permissions to edit this user, contact a network administrator if this is an error!', 'csds_userRegAide' ) );
			}else{
				wp_safe_redirect( wp_login_url() );
				exit;
			}
		}

	}

Yes, it is definately coming from where I suspected. If my profile nonce is not firing on your forum profile page then that error will fire. Try the update I posted and then let me know if that works. IF not, then let me know what forum profile page you are using and maybe I can find a workaround or bypass the nonce check by doing a is plugin active type check. By the way I just now saw your second post. We must have been typing at the same time and I did not notice it until now.

Is there a way that I can turn it off from the plugin setup? This is way past what I can do… sorry.

I could temporarily turn off the forum profile page, but the people can’t subscribe.

Patti

okay is it asgaros forum by any chance?
Get back to me asap so I can send out an update today

I saw on your profile you were just using Asgaros Forum so I made an update for that to bypass the nonce security check if that plugin is active for now. See if that helps.

No I tried that forum but decided to stay with Symposium Pro.

You’re the best thanks for helping me.

well i set it for Asgaros Forum and I am done for the day. I have no idea how to set if for Symposium Pro and to even check if that plugin is activated. It might work though.

Okay, luckily I found Symposium and added that too and added it to a new update and now I am done for the night. That should work, hope you are using the networking one.

YOU ARE TO COOL! Thanks it works!