Simple access tokens using WordPress transients.
- Download zip and upload to your
wp-content/plugins
or install viawp-admin
Plugins interface; - Activate
Each generated $token
:
- is tied to a specific
$action
for which it is requested for; - can have specified time-to-live (
$ttl
), where0
means it never expires; - can be used just specified number of times (
$retries
), while0
retries means unlimited times to use token.
$tokenAPI = WP_AccessTokenAPI::getInstance();
$action = 'post:123:delete'; // Action you want later to test against
$ttl = 5; // minutes
$retries = 2; // can be triggered max 2x
try {
$token = $tokenAPI->set($action, $ttl, $retries);
} catch (Exception $e) {
// Handle error
}
// Use token, e.g: send token to user by mail...
$tokenAPI = WP_AccessTokenAPI::getInstance();
if (isset($_GET['token']) && strlen(trim($_GET['token'])) > 0 && isset($_GET['action']) && $_GET['action'] === 'post:123:delete') {
$authenticated = false;
$action = $_GET['action'];
$token = $_GET['token'];
try {
$authenticated = $tokenAPI->validate($action, $token);
} catch (Exception $e) {
// Handle error
}
if ($authenticated) {
// Delete post...
}
}
try {
$removed = $tokenAPI->remove($action, $token);
} catch (Exception $e) {
// Handle error
}
Enjoy!