Multiple Forms - Printable Version

The following warnings occurred:

Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.1.2-1ubuntu2.14 (Linux)

File	Line	Function
/global.php(961) : eval()'d code	26	errorHandler->error
/global.php	961	eval
/printthread.php	16	require_once

Warning [2] Undefined property: MyLanguage::$archive_pages - Line: 2 - File: printthread.php(287) : eval()'d code PHP 8.1.2-1ubuntu2.14 (Linux)

File	Line	Function
/printthread.php(287) : eval()'d code	2	errorHandler->error
/printthread.php	287	eval
/printthread.php	117	printthread_multipage

Multiple Forms - Printable Version

+- UserSpice (https://userspice.com/forums)
+-- Forum: Miscellaneous (https://userspice.com/forums/forumdisplay.php?fid=28)
+--- Forum: Off-topic Discussions (https://userspice.com/forums/forumdisplay.php?fid=10)
+--- Thread: Multiple Forms (/showthread.php?tid=611)

Pages: 1 2

Multiple Forms - firestorm - 07-15-2017

I've tried the token in head you suggested but no dice, get "token does not match" the problem is the token is generated on page load so will still generate in the header, back to drawing board, prob will ajaxify all pages which should resolve that, done one page with 2 forms, just have to try remember how to refresh page content without reload lol

Multiple Forms - karsen - 07-15-2017

Here is the code I use in my header:

Code:
// CSRF check

Code:
if (!empty($_POST)) {

Code:
$tokenPost = Input::sanitize($_POST['csrf']);

Code:
if (!Token::check($tokenPost)) {

Code:
$userPermissions->addAudit($pathToCheck); // This line goes with my custom permissions class and adds a new line to the audit table for the tomfoolery page

Code:
Redirect::to('csrf.php'); // a custom 'try again without a page refresh' notification page

Code:
die();

Code:
}

Code:
}

Code:
$token = Token::generate();

From here I use echo $token into all my page forms.

Multiple Forms - firestorm - 07-15-2017

argh ok, well I've created a new CSRF Protect class with session storage, i can confirm with 4 forms on a page no more "token not valid" issues, same token per session.

we drop it into classes, will need requiring from init if autoload not present.

we instantiate with:

Code:
$csrf = new CSRF_Protect();

we automatically insert hidden form field using this in the form:

Code:
<?php $csrf->echoInputField();?>

then we check its valid in our php, so after

Code:
if(!empty($_POST['copyright1'])){

we would do:

Code:
$csrf->verifyRequest();

hope thats helps some, find the class here: https://github.com/Firestorm-Graphics/CSRF-Protect

Multiple Forms - bladerunner - 12-14-2017

Thank you, @Firestorm, for your code in GitHub. It was impossible for me to get the Tokens work in AJAX callings. But your code works properly with AJAX.

I'm replacing the use of UserSpice Token class with your code to be able to combine AJAX and CSRF.

Thank you very much!