FuelPHP Forums

hnin

I don't want to allow in my page with double click in form.I have used security check_token().But It doesn't work.How should i do?.here my code

In controller

public function action_supportcrt()

{

if (Input::method() == 'POST')

{

if (Security::check_token(Input::post('fuel_csrf_token')))

{

}

else

{

Session::set_flash('error', 'Unsuccessfully');

Response::redirect('top/confirm');

}

In View

<?php echo Form::open(array('action' => 'top/supportcrt', 'method' => 'post')); ?>

<?php echo Form::hidden($token_key, $token);?>

<p>

input type="submit" value="Save" class="sbutton"/></p>

<?php echo Form:: close();?>

itcan

<?php echo Form::open(array('action' => 'top/supportcrt', 'method' => 'post')); ?>

<?php echo \Form::csrf(); ?>

<?php echo \Form::close(); ?>

in the controller:

// Check CSRF

if ( ! \Security::check_token())

{

// Error message

}

hnin

but it doesn't work.i change config

here

'security' => array(

'csrf_autoload' => false,

'csrf_token_key' => 'fuel_csrf_token',

'csrf_expiration' => 1,

Harro

You expire the generated token after 1 second?

hnin

yes,but how many seconds do i use?

Harro

Well, one second means it is expired before a user has a change to post the form. So the token is always invalid, and the check always fails.

Most people set it to zero, so not expire it for the duration of the users session. Even if you set it to an hour, if a user opens a form, starts working on it, goes to lunch, comes back, and finishes and submits the form, the form will be rejected due to an expired token.

So in general only expire the token if you know you only have short-lived forms.

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.

Howdy, Stranger!

Categories

In this Discussion