create amp-form with any method (post/get) in front-end
create JHtml::('form.token') for post method
create JSession::getFormToken() . '=1' for get method
check token from backend
create plugin with ajax method and check the form token will always fail (returns false)
it should be valid form token
always failing (JSession::checkToken() always returns false) with post or get method
PHP 7.2
Joomla 3.9.16
Labels |
Added:
?
|
this will fail too..
if (!JSession::checkToken()) {
http_response_code(400);
echo json_encode(array("verifyErrors" => array('message' => 'sumber tidak valid')));
jexit();
}
if (!JSession::checkToken('get')) {
http_response_code(400);
echo json_encode(array("verifyErrors" => array('message' => 'sumber tidak valid')));
jexit();
}
It's very likely there is something wrong with your code. You can borrow some code from Joomla which works properly:
My code is fine, if the form is from not amp format is fine, joomla can check token correctly, but with amp format is always fail. and if I dump the $_POST the token is there :
array (size=3) 'email' => string 'adul@gmail.com' (length=14) 'password' => string 'sdf' (length=3) '3111b860a3a5b12f06410b9cd3c6d409' => string '1' (length=1)
and still joomla faiils to check the token
Sorry, I don't have experience with amp format and could not help further. Maybe you can try to pass the token via GET instead of POST? Maybe you can post the code of the file which makes ajax request here so that developers has experience with amp can help checking further
hmm you can also pass the token via http header:
https://github.com/joomla/joomla-cms/blob/staging/libraries/src/Session/Session.php#L314
But it would be interesting to debug the method mention above to get the reason that your code is not working. Can you set up the debugger and see what is happening in that method.
Status | New | ⇒ | Information Required |
Thank you for raising this issue.
Joomla 3 is now in security only mode with no further bug fixes or new features.
As this issue doesn't relate to Joomla 4 it will now been closed.
If we are mistaken and this does apply to Joomla 4 please open a new issue (and reference this one if you wish) with updated details for testing in Joomla 4.
cc @zero-24
Status | Information Required | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2022-08-26 22:54:26 |
Closed_By | ⇒ | Quy | |
Labels |
Added:
No Code Attached Yet
Removed: ? |
bellow is my code to check the form token, I create plugin with ajax method
and the results is always fail whether from post or get method.
public function onAjaxZeviteLogin() {
$app = JFactory::getApplication();
$input = $app->input;
// var_dump($input->get('password')); jexit();
$email = $input->get('email', '', 'USERNAME');
$pwd = $input->get('password', '', 'RAW');
if (empty($email) || empty($pwd)) {
array_push($verify['verifyErrors'], array(
'name' => 'email',
'message' => 'Email atau Password tidak boleh kosong'
));
}