Title: Failed Nonce Security! Error Message Last modified: September 1, 2016 --- # Failed Nonce Security! Error Message * [wbdesigner](https://wordpress.org/support/users/wbdesigner/) * (@wbdesigner) * [9 years, 11 months ago](https://wordpress.org/support/topic/failed-nonce-security-error-message/) * Failed Nonce Security! Error Message * I love this plugin but something is wrong with it. * [https://wordpress.org/plugins/user-registration-aide/](https://wordpress.org/plugins/user-registration-aide/) * This started after the last update.. a couple of days ago. * It was working great prior to that. Viewing 11 replies - 1 through 11 (of 11 total) * Plugin Author [bnovotny](https://wordpress.org/support/users/bnovotny/) * (@bnovotny) * [9 years, 11 months ago](https://wordpress.org/support/topic/failed-nonce-security-error-message/#post-7487425) * Do you know what page that occurs on or what tab so I can narrow it down? * Thread Starter [wbdesigner](https://wordpress.org/support/users/wbdesigner/) * (@wbdesigner) * [9 years, 11 months ago](https://wordpress.org/support/topic/failed-nonce-security-error-message/#post-7487460) * Thanks for getting back to me. I’ve used your plugin for years and just love it. You were great in the beginning helping me set it up. * The error occurs on a forum profile page when you try to do anything, just checking the box to receive notifications. I know that it’s your plugin because if I disable your plugin everything works fine. Prior to this week both plugins played nice. * I’ve been going through your plugin testing to see if I can see what is causing it an so far I haven’t figured it out. * Patti * Plugin Author [bnovotny](https://wordpress.org/support/users/bnovotny/) * (@bnovotny) * [9 years, 11 months ago](https://wordpress.org/support/topic/failed-nonce-security-error-message/#post-7487461) * I think I know where it is coming from, and I would rather not do an update right now. I try not to release updates too soon together if possible as it can create issues with people that don’t update right away and also be annoying to developers. I am about ready to release a big one and will include it in that, however I have a temporary fix for you if you need it. * You can replace the function csds_update_user_profile( $user ){ with the following starting on line 27 of the ura-profile-model.php file. It seems to me I had problems with that before firing on a page that it should not and creating that error. I added an additional check to make sure it is the profile page before checking for the nonce so it should be good. * ``` function csds_update_user_profile( $user ){ global $wpdb, $current_user, $pagename, $errors, $post, $wp_query, $screen; $current_user = wp_get_current_user(); $c_user_id = $current_user->ID; $screen = get_current_screen(); $screen_id = $screen->id; $fieldKey = ''; $fieldName = ''; $newValue = ''; $newDate = ''; $newValue1 = (string) ''; $newValue2 = (string) ''; $options = get_option( 'csds_userRegAide_Options' ); $temp = array(); $tmp_str = (string) ''; $ms = (boolean) false; $postKey = (string) ''; $bpValue = (string) ''; $cnt = (int) 0; $field = (int) 0; $user_id = (int) 0; $value = (string) ''; $url = (string) ''; $SQ = $options['add_security_question']; $plugin = (string) 'buddypress/bp-loader.php'; $field = new FIELDS_DATABASE(); $ura_fields = $field->get_all_fields(); if( current_user_can( 'edit_user', $current_user->ID ) || current_user_can( 'create_users', $current_user->ID ) ){ // making sure $user is not empty $c_user_id = $current_user->ID; if( empty( $user ) ){ if( isset( $_GET['user_id'] ) ){ $user_id = $_GET['user_id']; }elseif( isset( $_POST['user_id'] ) ){ $user_id = $_POST['user_id']; }else{ $user_id = $c_user_id; } }else{ $user_id = $user; } if( is_int( $user_id ) ){ $user_id = $user_id; }else{ $user_id = $c_user_id; } //handles security questions if used if( $options['add_security_question'] == "1" ){ $sq_question = (string) ''; $sq_answer = (string) ''; $sqc = new SECURITY_QUESTIONS_CONTROLLER(); $questions = $sqc->questions_array(); $answers = $sqc->answers_array(); foreach( $questions as $index => $question ){ if( isset( $_POST[$question] ) ){ $sq_question = sanitize_text_field( $_POST[$question] ); $sqc->update_security_questions_user_profile( $user_id, $question, $sq_question ); } } foreach( $answers as $index => $answer ){ if( isset( $_POST[$answer] ) ){ $sq_answer = sanitize_text_field( $_POST[$answer] ); $sqc->update_security_questions_user_profile( $user_id, $answer, $sq_answer ); } } } // handles custom profile fields if( !empty( $ura_fields ) ){ $title = get_the_title(); $slug = basename( get_permalink() ); if( isset( $_GET['page'] ) ){ $page = $_GET['page']; }else{ $url = $_SERVER['REQUEST_URI']; $pages = explode( "/", $url ); $page = $pages[1]; } if ( IS_PROFILE_PAGE ){ if( $slug != 'register' ) { if( $title != 'Check Your Email To Activate Your Account!' ){ if( $page != 'bp-profile-edit' && $page != 'members' && $page != 'new-user-approval' ){ if( $screen_id == 'profile' ){ if( !wp_verify_nonce( $_POST['userRegAideProfileNonce'], 'userRegAideProfileForm' ) ){ exit( __( 'Failed Nonce Security!', 'csds_userRegAide' ) ); } } } } } foreach( $ura_fields as $object ){ $type = $object->data_type; $fieldKey = $object->meta_key; $postKey = $fieldKey; if( isset( $_POST[$postKey] ) ){ if( $type == 'textbox' ){ $newValue = sanitize_text_field( $_POST[$postKey] ); }elseif( $type == 'url' ){ $newValue = sanitize_text_field( $_POST[$postKey] ); $newValue = esc_url_raw( $newValue ); }elseif( $type == 'textarea' ){ $newValue = sanitize_text_field( $_POST[$postKey] ); }elseif( $type == 'datebox' ){ $newValue = $_POST[$postKey]; }elseif( $type == 'number' ){ $newValue = $_POST[$postKey]; }elseif( $type == 'radio' ){ $newValue = sanitize_text_field( $_POST[$postKey] ); }elseif( $type == 'selectbox' ){ $newValue = sanitize_text_field( $_POST[$postKey] ); }elseif( $type == 'multiselectbox' || $type = 'checkbox' ){ $temp = $_POST[$postKey]; $ms = true; if( !empty( $temp ) ){ if( is_array( $temp ) ){ foreach( $temp as $tkey => $tvalue ){ $tvalue = sanitize_text_field( $tvalue ); $temp[$tkey] = $tvalue; } $newValue1 = serialize( $temp ); }else{ $temp = sanitize_text_field( $temp ); $newValue1 = $temp; } } } //exit( 'NEW VALUE: '.$newValue ); if( $ms == false ){ update_user_meta( $user_id, $fieldKey, $newValue ); }elseif( $ms == true ){ update_user_meta( $user_id, $fieldKey, $newValue1 ); } // update buddy press field data if( is_plugin_active( $plugin ) ){ $id = $object->bp_ID; $bpf = new URA_BP_FUNCTIONS(); if( $ms == true ){ $bpf->update_bp_profile( $user_id, $id, $newValue1 ); $ms = false; }else{ $bpf->update_bp_profile( $user_id, $id, $newValue ); } $ms = false; } $ms = false; }else{ } } } } }else{ if( is_user_logged_in() ){ // wordpress or theme bug for some wp_die( __( 'You do not have sufficient permissions to edit this user, contact a network administrator if this is an error!', 'csds_userRegAide' ) ); }else{ wp_safe_redirect( wp_login_url() ); exit; } } } ``` * Plugin Author [bnovotny](https://wordpress.org/support/users/bnovotny/) * (@bnovotny) * [9 years, 11 months ago](https://wordpress.org/support/topic/failed-nonce-security-error-message/#post-7487468) * Yes, it is definately coming from where I suspected. If my profile nonce is not firing on your forum profile page then that error will fire. Try the update I posted and then let me know if that works. IF not, then let me know what forum profile page you are using and maybe I can find a workaround or bypass the nonce check by doing a is plugin active type check. By the way I just now saw your second post. We must have been typing at the same time and I did not notice it until now. * Thread Starter [wbdesigner](https://wordpress.org/support/users/wbdesigner/) * (@wbdesigner) * [9 years, 11 months ago](https://wordpress.org/support/topic/failed-nonce-security-error-message/#post-7487502) * Is there a way that I can turn it off from the plugin setup? This is way past what I can do… sorry. * I could temporarily turn off the forum profile page, but the people can’t subscribe. * Patti * Plugin Author [bnovotny](https://wordpress.org/support/users/bnovotny/) * (@bnovotny) * [9 years, 11 months ago](https://wordpress.org/support/topic/failed-nonce-security-error-message/#post-7487504) * okay is it asgaros forum by any chance? Get back to me asap so I can send out an update today * Plugin Author [bnovotny](https://wordpress.org/support/users/bnovotny/) * (@bnovotny) * [9 years, 11 months ago](https://wordpress.org/support/topic/failed-nonce-security-error-message/#post-7487510) * I saw on your profile you were just using Asgaros Forum so I made an update for that to bypass the nonce security check if that plugin is active for now. See if that helps. * Thread Starter [wbdesigner](https://wordpress.org/support/users/wbdesigner/) * (@wbdesigner) * [9 years, 11 months ago](https://wordpress.org/support/topic/failed-nonce-security-error-message/#post-7487513) * No I tried that forum but decided to stay with Symposium Pro. * You’re the best thanks for helping me. * Plugin Author [bnovotny](https://wordpress.org/support/users/bnovotny/) * (@bnovotny) * [9 years, 11 months ago](https://wordpress.org/support/topic/failed-nonce-security-error-message/#post-7487514) * well i set it for Asgaros Forum and I am done for the day. I have no idea how to set if for Symposium Pro and to even check if that plugin is activated. It might work though. * Plugin Author [bnovotny](https://wordpress.org/support/users/bnovotny/) * (@bnovotny) * [9 years, 11 months ago](https://wordpress.org/support/topic/failed-nonce-security-error-message/#post-7487517) * Okay, luckily I found Symposium and added that too and added it to a new update and now I am done for the night. That should work, hope you are using the networking one. * Thread Starter [wbdesigner](https://wordpress.org/support/users/wbdesigner/) * (@wbdesigner) * [9 years, 11 months ago](https://wordpress.org/support/topic/failed-nonce-security-error-message/#post-7487519) * YOU ARE TO COOL! Thanks it works! Viewing 11 replies - 1 through 11 (of 11 total) The topic ‘Failed Nonce Security! Error Message’ is closed to new replies. * ![](https://ps.w.org/user-registration-aide/assets/icon.svg?rev=1256714) * [User Registration Aide](https://wordpress.org/plugins/user-registration-aide/) * [Frequently Asked Questions](https://wordpress.org/plugins/user-registration-aide/#faq) * [Support Threads](https://wordpress.org/support/plugin/user-registration-aide/) * [Active Topics](https://wordpress.org/support/plugin/user-registration-aide/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/user-registration-aide/unresolved/) * [Reviews](https://wordpress.org/support/plugin/user-registration-aide/reviews/) * 11 replies * 2 participants * Last reply from: [wbdesigner](https://wordpress.org/support/users/wbdesigner/) * Last activity: [9 years, 11 months ago](https://wordpress.org/support/topic/failed-nonce-security-error-message/#post-7487519) * Status: not resolved