Create Unique ID for URL

Question

I am working on pages which are secured so no-one can link to that page using this:

Code below is called inside a loop.

$gentok = uniqid();

if(isset($_GET["action"]) && $_GET["action"] == "clean_$gentok") {
    // stuff
}

Then, I have this to call the URL:

<a href="<?php echo admin_url("themes.php?page=cleaner&action=clean_$gentok"); ?>">Clean this and that</a>

But when clicking the link, the page refreshes and the uniqid() has already changed.

How can I make it so the uniqid() is still the same after the page refresh? I'm open for any changes or better ideas you may have.

Thank you!

Answer 1

Posting this as a community wiki since I've nothing to gain from this.

My suggestion in comments about using a nonce brought the OP to use the WordPress version of a nonce as their solution.

Reference:

• https://codex.wordpress.org/WordPress_Nonces

Sidenote: To be honest, I was not aware that WordPress had one and found that reference link on the Internet.

My original reference:

• How to create and use nonces

Additional reference:

• Wiki page: http://en.wikipedia.org/wiki/Cryptographic_nonce

Answer 2

When you creating a session set a value so every time that page loads it will check is your session for the value. Else you will redirect......you would put the code on top. If($_SESSION['sesname']!=$value]{header location}

You would pit this at the top of the page so it performs the check

OR If you want a unique name then just put something that people want easily guess and don't link it any where

Answer 3

Use session for this. Put your unique ID in session array

session_start();

$_SESSION['gentok'] = uniqid();

if (isset($_GET["action"]) && $_GET["action"] == "clean_" . $_SESSION['gentok']) {
    // stuff
}

In your display

session_start();

<a href="<?= admin_url('themes.php?page=cleaner&action=clean_' . $_SESSION['gentok']) ?>">Clean this and that</a>