How to use token in simple sign up form

Question

How to use token in simple sign up form

amin-ajami Sep '14

Created Sep '14	Last Reply Sep '14	Replies 2	Views 1091	Votes 0

amin-ajami 8.3k

Sep '14

hi, I dont use token in my sign up form please give me one sample that correct to use it ? tnx for help

Michael Jephcote · Answer 1 · 2014-09-03T10:04:56-07:00

I'm assuming by token you mean CSRF? How are you constructing your forms? If you're using the form builder you can do something similar to the below:

    $securityToken = new \Phalcon\Forms\Element\Hidden('securityToken');
    $securityToken->addValidator(new \Phalcon\Validation\Validator\Identical(array(
        'message'   => 'CSRF validation failed',
        'value' => $this->security->getSessionToken()
    )));

    $this->add($securityToken);

amin-ajami · Answer 2 · 2014-09-03T23:30:50-07:00

my code is:

add form token like this:

$this->add(new Hidden('token', array(
            'name' => $this->security->getTokenKey(),
            'value' => $this->security->getToken()
        )));

add form token to html like this:

 <form role="form" method="post" action="{{ url("user/save") }}" enctype="multipart/form-data" >
                                    {{ form.render("token") }}

add token check to controller like this:

if (!$this->security->checkToken()) {
                return $this->dispatcher->forward(array(
                        'controller' => 'user',
                        'action' => 'index'
                    ));
            }

but return always true! and not worked

Michael Jephcote · Answer 3 · 2014-09-04T04:10:27-07:00

Have you setup the Session service? See: https://docs.phalcon.io/en/latest/reference/security.html#cross-site-request-forgery-csrf-protection

amin-ajami · Answer 4 · 2014-09-04T09:09:01-07:00

amin-ajami
8.3k

Sep '14

yes i have, exactly use this structur in my code, but always tokecheck return true!!!!