search

BKcore / NoCSRF

NoCSRF is a simple anti-CSRF token generation/checking class written in PHP5.
http://bkcore.com/blog/code/nocsrf-php-class.html
132 stars 55 forks source link

not work with ajax post #5

Open ericfavoni opened 9 years ago

ericfavoni commented 9 years ago

I check for send form with jquery ajax $.post method. but csrf not work for me and show always invalid CSRF token. JS:

                    jQuery(document).ready(function($) {
                         $('#myform').validate({

                        rules: {
                            name: {
                                required: true,
                                rangelength: [4, 20],
                            },
                            email: {
                                required: true,
                                email: true,
                            },
                            message: {
                                required: true
                            }
                        },

                        submitHandler: function(form) {

                            if (grecaptcha.getResponse() == '') {

                                $('#reCaptchaError').html('<p>Recaptcha error</p>');
                            } else {

                                $('#reCaptchaError').hide();

                                $("#ajax-form-msg1").html("<img src='<?php echo RELATIVE_PATH. '/templates/'. TEMPLATENAME; ?>'/img/loading.gif'/>");

                                //  var formData = $("#myform").serialize();  //or
                                var formData = $("#myform").serializeArray();

                                var URL = $("#myform").attr('action');
                                cache: false,
                                    $.post(URL,
                                        formData,
                                        function(data, textStatus, jqXHR) {
                                            if (data == "yes") {
                                                $("#ajax-form-msg1").html('<div class="alert alert-success">' + data + '</div>');
                                                $("#form-content").modal('show');
                                                $(".contact-form").slideUp();
                                            } else {

                                                $("#ajax-form-msg1").html('' + data + '');

                                            }

                                        }).fail(function(jqXHR, textStatus, errorThrown) {
                                        $("#ajax-form-msg1").html('<div class="alert alert-danger">AJAX Request Failed<br/> textStatus=' + textStatus + ', errorThrown=' + errorThrown + '</code></pre>');
                                    });

                            }
                        }
                    });
                });`

HTML:

`

<?php $token = NoCSRF::generate( 'csrf_token' );?>

`

remote comment.php

     <?php
       session_start();
       $abspath = preg_replace('/\\\/', '/', dirname(dirname(__FILE__)));

       if (!file_exists($abspath . '/config.php'))
       {
       header('Location:404.html');
       }

       require $abspath . '/config.php';

       require ABSPATH . '/class/nocsrf.php';

       try
       {
        NoCSRF::check('csrf_token', $_POST, true, 60 * 10, true);
       }

       catch(Exception $e)
       {
       echo $e->getMessage();
       }

u check your class for ajax post form data ?! how do work your class for ajax post data?!

Thanks for gr8 class.

nicolalopatriello commented 8 years ago

Hi, i've the some problem. You solved this?

Thanks

BKcore commented 8 years ago

Have you checked that csrf_token is properly sent and available in $_POST on the PHP side?

I'm not familiar with $("#myform").serialize(); or $("#myform").serializeArray();

olegatro commented 7 years ago

Everything working - two page, two form by ajax. Thanks for lib.