Does it make sense to check a nonce on user log in?

I read the following blog post about implementing custom user log in:

http://natko.com/wordpress-ajax-login-without-a-plugin-the-right-way/

In the post, the author walks through some PHP code for logging in a user via a form while checking a nonce.

My understanding is that nonces are used to prevent CSRF attacks — that is, to prevent logged in users from being tricked into taking some action without realizing it. But if the user is not logged in… Is the nonce accomplishing anything?

Do all non-logged-in users get the same nonce? I can’t think of how else they would be implemented. I guess a nonce could be useful if some imporant action is taken as a direct result of logging in… but if all guests visiting the login form get the same nonce, then a CSRF attack would still be trivial to execute, wouldn’t it?

I’m still learning about security stuff, and am finding this quite confusing.

Updating link on page via REST api

I have a page that I need to periodically update the file location for a link to point at a new file. Trying to do this via a Python script using requests.

I’ve got authentication set up via ‘Application Passwords’ plugin, and I’m able to download a json from the api for the page in question. I have a pre-built string that contains the new file location, ready to go. I extract the page content, specifically the ‘rendered’ version, as a string. I do a quick replace() on that string between two known tags (<h4>) and then reload the modified ‘rendered’ page content back into the json, and upload it back to the endpoint, again using requests().

When it’s all said and done, I’m getting no errors from the script, a status code of 200… but nothing changes on the page.

Furthermore, I’m finding the following in the error log:

[21-Aug-2019 00:12:51 UTC] PHP Warning:  Invalid argument supplied for foreach() in /home1/example/public_html/wp-includes/rest-api/class-wp-rest-request.php on line 778 

Not exactly sure what that means, but I’m assuming it’s not good.

Any ideas/suggestions for updating a page via the REST api? Or am I going about this completely wrong?

my hamburger toggle will not work in my custom theme

My hamburger toggle won’t will show up when i resize the page but once clicked the menu will not appear!

my code in header.php

</header>  <header role ="banner">   <nav class="navbar" >     <span class="navbar-toggle" id="js-navbar-toggle">         <i class="fas fa-bars"></i>     </span>      <img src="https://www.littlerippers.uk/wp-content/uploads/2019/08/hand-logo-01-01-01.svg" height="230" ><a href="#" class="logo"></a>     <ul class="main-nav" id="js-menu"> 

my code in functions.php

wp_enqueue_script( 'js-navbar-toggle', get_template_directory_uri() . '/js/script-1.js', array(), true );  add_action( 'wp_enqueue_scripts', 'js-navbar-toggle' ); 

Woocommerce – Order info is empty on frontend?

I’m trying to create a page similar to the checkout page with all the customer, billing, and order information. As a last resort, I tried to retrieve the unique order link, but I had trouble with even that.

This is my current code, and the array shows up with empty fields.

<?php $  order = new WC_Order( $  order_id ); $  items = $  order->get_items(); foreach ( $  items as $  item ) {     $  product_name = $  item['name'];     $  product_id = $  item['product_id'];     $  product_variation_id = $  item['variation_id']; }  print_r($  order) ?> 

Empty array

Woocommerce thinks non-sale items are on sale

We update the pricing directly in the database. Is there some sort of field that ticks whether an item is on sale or not? We have tried multiple plugins to let us show sale items, and they always end up including products that are not on sale. My theory is that because we are updating the pricing directly in the database, and not though the backend, we are missing something when we remove the sale price. I’ve tried clearing transients and that doesn’t work.

Thanks for your help.