You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
hi.` I have a form but it returns "403 access forbidden by csrfprotector!" whenever I submitted the form. I read the discussion and tries each of them but it doesn't work. Any clue?
<?php
require 'config.php';
require_once 'header.php';
include_once __DIR__ .'/csrf/libs/csrf/csrfprotector.php';
//Initialise CSRFGuard library
csrfProtector::init();
$result = mysqli_query($con, "SELECT * FROM Qualification_End_Date");
$row = mysqli_fetch_array($result);
if(isset($_POST['submit'])) {
$date = $_POST['e_day'];
mysqli_query($con, "UPDATE Qualification_End_Date SET End_Date='$date'");
echo "<script>clearPage();</script>";
echo "<div id=\"statement\">".
"<h2>Success!</h2><fieldset><p><div id=\"messageIcon\"><img src=\"./images/ok.png\" /> </div>".
"<div id=\"messageContent\"><p>Qualification End Date has been updated.</p></div></p></fieldset></div>";
exit;
}
echo "<h3><p>Update Qualification End Date</p></h3>";
echo "<form method=\"post\" action=\"\">".
"<table><tr><td class=\"left\">Qualification End Date</td><td class=\"right\"><input type=\"date\" name=\"e_day\" value=\"".$row[0]."\" /></td></tr></table>".
"<div><p class=\"button\"><button type=\"submit\" name=\"submit\" class=\"submit\">Update</button></p></div></form>";
require_once 'footer.php';
?>
The text was updated successfully, but these errors were encountered:
When you look at the request details (request headers or form data) are you seeing a CSRF token?
When you debug the request on the web server do you see a CSRF token in the $_REQUEST or $_POST variables?
Hi,
When I loaded the page and inspect it, I can saw a script in the header
session as follows but seems I can't see the token.
<script>
function addCsrfHeader(xhr) {
xhr.setRequestHeader('X-CSRF-Token', '".$_SESSION['csrf_token']."');
}
$.ajaxSetup({
beforeSend: addCsrfHeader
});
</script>
Cassady Campos ***@***.***> 於 2023年7月28日 週五 下午11:24寫道:
hi.` I have a form but it returns "403 access forbidden by csrfprotector!" whenever I submitted the form. I read the discussion and tries each of them but it doesn't work. Any clue?
The text was updated successfully, but these errors were encountered: