You can pass multiple nonces with wp_localize_script()
by just including them as separate properties in the ajax_login_object
object.
wp_localize_script( 'ajax-login-script', 'ajax_login_object', array(
'ajax_url' => admin_url( 'admin-ajax.php' ),
'login_nonce_token' => wp_create_nonce( 'login_nonce' ),
'register_nonce_token' => wp_create_nonce( 'register_nonce' ),
'lostpassword_nonce_token' => wp_create_nonce( 'lostpassword_nonce' ),
) );
Then in your JS, use the correct one from your localize object as the value for each request, and use the same _ajax_nonce
name for the field name.
data: {
'action': 'ajaxlogin',
'_ajax_nonce': ajax_login_object.login_nonce_token,
}
data: {
'action': 'ajaxregister',
'_ajax_nonce': ajax_login_object.register_nonce_token,
}
data: {
'action': 'ajaxlostpassword',
'_ajax_nonce': ajax_login_object.lostpassword_nonce_token,
}
Then in your AJAX handler, use the names you gave them when creating them with wp_create_nonce()
for the first argument, and the field name as the second argument:
check_ajax_referer( 'login_nonce', '_ajax_nonce' );
check_ajax_referer( 'register_nonce', '_ajax_nonce' );
check_ajax_referer( 'lostpassword_nonce', '_ajax_nonce' );
The second argument needs to be the field name we used in JavaScript, which is _ajax_nonce
, but this is the default value (which is why we used it), so we can leave it out, if we want:
check_ajax_referer( 'login_nonce' );
check_ajax_referer( 'register_nonce' );
check_ajax_referer( 'lostpassword_nonce' );