0
I have a php/Html project and I’m passing it to Laravel. Which means a lot of stuff I won’t create from scratch and I want to make the most of what’s already written.
At the moment I am working with a form. In the original code it is written using action="#" like this:
<form action="#" method="post" enctype="multipart/form-data" id="sky-form1" class="sky-form">
....
<button id="btn_login" type="submit" class="btn-u btn-block">Go Hme</button>
</form>
Then in Javascript I respond to the event click and direct to the desired page:
$(function(){
$(document).on("click", "#btn_login", function(){
//alert("ok");
//return false;
$('form').attr('action','home.php');
}); //End of $(document).on("change", ...
});//End of $(function(){
At the click of btn_login the user is directed to the home page.
Note: the code is not complete, only the most important parts. There is no login test or user test and so on. It is just a button inside a form on the index page that you should direct to the home page.
Now moving on to Laravel:
I have this route code that works. It directs me to the home page if I write to the URL myApp.com/home
Route::get('/home', function () {
return view('home',['usertype'=>"2"]);
});
And the home page is accessed, as expected.
For the scenario of pressing the form button to be directed to home I made the following route code:
Route::post('/home', function () {
return view('home',['usertype'=>"2"]);
});
I used post and that was the only change.
In javascript I made a small change tbm:
$(function(){
$(document).on("click", "#btn_login", function(){
//alert("ok");
//return false;
$('form').attr('action','home');
}); //End of $(document).on("change", ...
});//End of $(function(){
I changed the home php. for home (which is what is expected by the route).
So that’s the logic:
User presses login button, javascript pass the action of the form of action="#" for action="home" and the route of the port captures the request and returns the desired page. It is working.
The only problem is that when the home page tries to be accessed after clicking, I get the error: TokenMismatchException in VerifyCsrfToken.php line 67
I imagine it’s the verication of _token to prevent attacks CSRF.
Like I’m not using the class FORM The token is not generated within my form.
So my question is how to solve this problem without using the FORM class? Can I create the Hidden input and put the token value manually? Where do I find this value? And finally, there is a token for each form?
Perfect... worked. Now the last question. Is there a token for each form? Or is there a standard token for each project?
– zwitterion
The token is generated on the server side (built-in in php in the Laravel framework) when calling the function
csrf_token();. You can check this by doingdd(csrf_token());. This will generate a pseudo-Random string that is stored on the server, and then be validated (check between the one sent in the form and the one the server has saved)– Miguel
Ok then it must be a random pseudo multiple which means, one for each request. Correct?
– zwitterion
Yes, for each request that will do post type need 'prepare' to send the token also, including for ajax calls. Unless you don’t want to, include a link in the answer to that eventuality. But don’t worry about it, it’s all done automatically when you call
csrf_token();and send the token via post– Miguel
To answer your question more linearly: yes, for each form that will send the request as a post (
method="POST") need... Sorry only now that I read your doubt better in the comment, I could have explained so much :P– Miguel