My custom Wordpress plugin lets users submit posts of a custom post type from a form on my site. They input the information, click submit, and then they are taken to a Verification page. This instructs them to either click the link that was e-mailed to them or input the code, at which point it goes from Draft to Publish.
This is all working for the most part except after submission. When they are taken to the Verification page, it is automatically approving/publishing the post for some reason. I have triple checked the code and it is making absolutely zero sense.
Hoping someone can spot the error because I am at a loss...
Submit Page function
function slicer_profile_submit()
{
// if the submit button is clicked, submit
if (isset($_POST['slicer-profile-submitted']))
{
$xml = simplexml_load_file($_FILES['slicer-profile']['tmp_name']) or die("Error: Cannot upload file. Please contact the administrator.");
$contents = $xml->asXML();
//https://developer.wordpress.org/reference/functions/wp_insert_post/
// sanitize form values
$profile_author = sanitize_text_field( $_POST["slicer-profile-author"] );
$profile_email = sanitize_text_field( $_POST["slicer-profile-email"] );
$profile_name = sanitize_text_field( $_POST["slicer-profile-name"] );
$profile_description = sanitize_textarea_field( $_POST["slicer-profile-description"] );
$profile_model = intval($_POST["slicer-profile-model"]);
$profile_slicer = intval($_POST["slicer-profile-software"]);
// Create post object
$slicer_profile = array(
'post_title' => $profile_name,
'post_content' => $contents,
'post_type' => 'slicer_profiles',
'post_status' => 'draft',
'post_author' => 3,
'tax_input' => array(
'model' => array($profile_model),
'slicer' => array($profile_slicer)
),
'meta_input' => array(
'slicer_profile_author' => $profile_author,
'slicer_profile_description' => $profile_description
)
);
// Insert the post into the database
$post_id = wp_insert_post( $slicer_profile );
// Generate a hashed code for the confirmation URL
$hash = hash_hmac('sha256', $post_id, secret);
$confirm_url = site_url(). '/verification?id=' . $post_id . '&hash=' . $hash;
// Send a verification e-mail to the user to confirm publication
$subject = 'Please confirm your Slicer Profile submission';
$body = $confirm_url;
wp_mail( $profile_email, $subject, $body );
// Redirect the submitter to the post
wp_redirect( site_url(). "/verification" );
}
}
Verification page function
function slicer_profiles_verification_shortcode($atts = [], $content = null, $tag = '')
{
// Check that both parameters are set
if( isset($_GET['id']) && !empty($_GET['id']) && isset($_GET['hash']) && !empty($_GET['hash']) )
{
$post_id = $_GET['id'];
$hash = $_GET['hash'];
$target_hash = hash_hmac('sha256', $post_id, secret);
// Check if the hash code matches the provided Post ID
if ($hash != $target_hash)
{
echo 'The code provided is incorrect or has been mistyped.';
return;
}
// Get the Post data based on ID
$post_data = get_post( $post_id );
$post_type = $post_data->post_type;
$post_status = $post_data->post_status;
// Check to confirm this is a Slicer Profile post type
if ($post_type == 'slicer_profiles')
{
// If the post has already been published
if ($post_status == 'draft')
{
// Publish the Post by ID
wp_publish_post($post_id);
echo 'Thank you, the profile submission has been confirmed.';
}
else
{
echo 'The code provide has already been used.';
}
}
else
{
echo 'The code provide is not a valid submission. Please contact the Administrator.';
}
}
else
{
?>
<div style="align:center;text-align: center;">
<p>A confirmation e-mail has been sent to the address provided, containing the verification code to approve your submission. Please use the included link to approve and publish your slicer profile, or the form below the submit your code.</p>
<form name="confirmSub" method="GET" action="">
<input type="text" name="id" size="4" /> - <input type="text" name="hash" size="24" /></br></br>
<input type="submit" value="Confirm" />
</form>
<?php
echo '</div>';
}
}
add_shortcode('slicer_profile_verification', 'slicer_profiles_verification_shortcode');