New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No token found, although echo POST shows one #56

Open

jamminjames opened this issue Nov 27, 2024 · 0 comments

jamminjames commented Nov 27, 2024

Do you have to use Twig? Because I'm trying the example without Twig here, and it's not finding the token. However, when I echo $_POST, it is showing a token, eg: [_CSRF_TOKEN] => XXXXXXX= (substituting 'XXXXXXX' for the token).

In the form, I have:

$server = $_SERVER;
$csrft = new AntiCSRF($server);
$token_html = $csrft->insertToken('', true);

On the action page, I have:

$csrf = new \ParagonIE\AntiCSRF\AntiCSRF;

if (!empty($_POST)) {
    if ($csrf->validateRequest()) {
        echo 'Valid form';
    } else {
        // Log a CSRF attack attempt
        echo 'Token is invalid';
    }
}

... and it results in 'Token is invalid'.

I am referencing the class in both the form and the action page with:

use ParagonIE\ConstantTime\{
    Base64UrlSafe,
    Binary
};
use ParagonIE\AntiCSRF\AntiCSRF;

Do I need a hidden input on the form, if not using Twig? I tried;
<input type="hidden" name="form_token" value="<?php echo $token_html; ?>">

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment