This is a follow-up from this post. I'm working with a service that automatically registers my user's devices with Onesignal.

I call the function with gonative_onesignal_info() inside script tags (this registers devices perfectly fine with Onesignal):

function pmr_onesignal_script() { ?>

    <script>
        var data = gonative_onesignal_info(info);
        var xmlhttp = new XMLHttpRequest();
        // Push user ID with this line
        xmlhttp.open('GET', 'register-user.php?oneSignalPushToken=' + data.oneSignalPushToken, true);
        xmlhttp.send();
    </script>

<?php

}
add_action( 'wp_head', 'pmr_onesignal_script', 10, 2 );

Inside register-user.php I have this:

function pmr_onesignal_mobile_registration( $user_login, $user ) {

    // Get user data
    $user_id = $user->ID;
    $user_email = $user->user_email;

    $oneSignalPushToken = $_GET['oneSignalPushToken'];
    update_user_meta( $user_id, 'oneSignalPushToken', $oneSignalPushToken);

}
add_filter( 'wp_login', 'pmr_onesignal_mobile_registration', 10, 2 );

However, it seems that the oneSignalPushToken never actually gets pushed to the file, and this is never saved to the user. Any ideas what I might be doing wrong here? Thanks in advance!

This is a follow-up from this post. I'm working with a service that automatically registers my user's devices with Onesignal.

I call the function with gonative_onesignal_info() inside script tags (this registers devices perfectly fine with Onesignal):

function pmr_onesignal_script() { ?>

    <script>
        var data = gonative_onesignal_info(info);
        var xmlhttp = new XMLHttpRequest();
        // Push user ID with this line
        xmlhttp.open('GET', 'register-user.php?oneSignalPushToken=' + data.oneSignalPushToken, true);
        xmlhttp.send();
    </script>

<?php

}
add_action( 'wp_head', 'pmr_onesignal_script', 10, 2 );

Inside register-user.php I have this:

function pmr_onesignal_mobile_registration( $user_login, $user ) {

    // Get user data
    $user_id = $user->ID;
    $user_email = $user->user_email;

    $oneSignalPushToken = $_GET['oneSignalPushToken'];
    update_user_meta( $user_id, 'oneSignalPushToken', $oneSignalPushToken);

}
add_filter( 'wp_login', 'pmr_onesignal_mobile_registration', 10, 2 );

However, it seems that the oneSignalPushToken never actually gets pushed to the file, and this is never saved to the user. Any ideas what I might be doing wrong here? Thanks in advance!

• ajax
• notifications

• You are working completely aside of WordPress. This makes it hard to keep this question open. Your only connection is that you attach your callback to a WP filter. – kaiser Commented Jan 26, 2020 at 0:18

1 Answer 1

First off your setup is quite hard to understand. It seems that the only reason that you are exchanging data from client to server/ JS to PHP is that you have some global info JS object and some gonative_onesignal_info() method. Maybe it's possible to find some PHP SDK or just retrieve that information either synchronously (enter data in input field, perform conventional request to reload the page). So far it looks like you're trying to achieve your goal in a very … unconventional way.

Use the correct HTTP methods

You're exchanging data via an HTTP GET request. You are not a browser, so please use POST there. You are sending data, not just waving your hand that you are ready to retrieve it. Using the right kind of request is important as in most cases these protocols for servers are implemented properly as defaults. Details on MDN here. Highlighting one bit by citing it:

Unsafe requests modify the state of the server and the user shouldn't resend them unintentionally.

Typically, you don't want your users to resend PUT, POST or DELETE requests. If you serve the response as the result of this request, a simple press of the reload button will resend the request (possibly after a confirmation message).

In this case, the server can send back a 303 (See Other) response for a URL that will contain the right information. If the reload button is pressed, only that page is redisplayed, without replaying the unsafe requests.

That is important as you will never know when the other end (remote servers or their hosters) will change their architecture and install any kind of proxy in between (load balancers, security gateways, etc.).

Use the provided APIs

You also want to switch to the WP HTTP API. This leaves the door open to use plugins that interact with it. It also triggers built in mechanisms, that you might not be aware of, via the so called hooks and filters.

You can take a look at how performing remote requests can be done in a safe way in WordPress:

$request  = wp_remote_post( 'http://example' );
$response = wp_remote_retrieve_body( $request );
if ( 
    'OK' !== wp_remote_retrieve_response_message( $response )
    OR 200 !== wp_remote_retrieve_response_code( $response )
)
    wp_send_json_error( $response );

wp_send_json_success( $response );

WordPress also has the WP AJAX API that allows you to

• exchange data between server and client asynchronously
• again enable 3rd party software to possibly enhance your requests.

More info in this answer.