The following warnings occurred: | ||||||||||||||||||||||||
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
|
Multiple Forms - Printable Version +- UserSpice (https://userspice.com/forums) +-- Forum: Miscellaneous (https://userspice.com/forums/forumdisplay.php?fid=28) +--- Forum: Off-topic Discussions (https://userspice.com/forums/forumdisplay.php?fid=10) +--- Thread: Multiple Forms (/showthread.php?tid=611) Pages:
1
2
|
Multiple Forms - firestorm - 07-15-2017 I've tried the token in head you suggested but no dice, get "token does not match" the problem is the token is generated on page load so will still generate in the header, back to drawing board, prob will ajaxify all pages which should resolve that, done one page with 2 forms, just have to try remember how to refresh page content without reload lol Multiple Forms - karsen - 07-15-2017 Here is the code I use in my header: Code: // CSRF check Code: if (!empty($_POST)) { Code: $tokenPost = Input::sanitize($_POST['csrf']); Code: if (!Token::check($tokenPost)) { Code: $userPermissions->addAudit($pathToCheck); // This line goes with my custom permissions class and adds a new line to the audit table for the tomfoolery page Code: Redirect::to('csrf.php'); // a custom 'try again without a page refresh' notification page Code: die(); Code: } Code: } Code: $token = Token::generate(); From here I use echo $token into all my page forms. Multiple Forms - firestorm - 07-15-2017 argh ok, well I've created a new CSRF Protect class with session storage, i can confirm with 4 forms on a page no more "token not valid" issues, same token per session. we drop it into classes, will need requiring from init if autoload not present. we instantiate with: Code: $csrf = new CSRF_Protect(); we automatically insert hidden form field using this in the form: Code: <?php $csrf->echoInputField();?> then we check its valid in our php, so after Code: if(!empty($_POST['copyright1'])){ Code: $csrf->verifyRequest(); hope thats helps some, find the class here: https://github.com/Firestorm-Graphics/CSRF-Protect Multiple Forms - bladerunner - 12-14-2017 Thank you, @Firestorm, for your code in GitHub. It was impossible for me to get the Tokens work in AJAX callings. But your code works properly with AJAX. I'm replacing the use of UserSpice Token class with your code to be able to combine AJAX and CSRF. Thank you very much! |