i use php sessions for have the data known.
in the text above, the sentence should be:
Via a redirect the user is send to a (1 out of many) PAGE with the right forms. The page is of this sort: Page-new-post.
i have simplified the data design.
There is one form Verify.
It is shown in a page.
User enters verify code.
This is checked against an Adminform (repeater) that has rows of AssignmentName, Studyyear, Verifycode.
When verifycode is correct i know what assigment, what year, student wants to deliver.
Via redirect student is send to a (1 out of many) post with name (for example):
Deliver_assignment_year1, or
Deliver_assignment_year2, or
Deliver_assignment_year3 etc
In everey Deliver_assignment i will check the verify code again.
Background:
Students are not user on the wordpress site, they just type in their name after the verify.
Students get the verify code in an email from there teacher. They can fill in assignment only once.
(i use latest acf pro version, and repeater)
How hack-proof is this?
