My Laravel get method is working but post method is not working.
controller
public function create(Request $request)
{
if (Request::isMethod('post'))
{
echo 'text';
exit;
}
}
blade
<form action="{{route('create')}}" method="POST">
<input name="name" class="form-control" type="text">
<input name="email" class="form-control" type="email">
<input type="submit" class="btn btn-primary btn-lg btn-block" name="submit">
</form>
route
Route::post('/create', 'Tools\PostController#create')->name('create');
error
The page has expired due to inactivity.
Please refresh and try again.
You are getting "The page has expired due to inactivity. Please refresh and try again" because you are not passing csrf token with the post request.
By default laravel reject any post request without the csfr token in the request.
Try this:
In your blade file include one hidden input like this :
<input name="token" type="hidden" value="{{ csrf_token() }}">
For more info please refer to the docs
Related
I am trying to create a form submit but I bumped to a unexpected scenario.
When form submitted by clicking the submit button
The web app reroute to my index page of the resource route
With the form variable and values appended in the URL.
Example
URL before submitting: http://127.0.0.1/admin/products/create
URL after submitted: http://127.0.0.1/admin/products?_token=qQ4klvK2egdsP77iMY4RQhXd5laJDUONRyuh8oQd&productTitle=&productPrice=
View (create.blade.php)
<form type="POST" name="productAddForm" action="{{ route('products.store') }}" >
#csrf
<div class="mb-3 col-5">
<label for="productTitle" class="form-label">Title</label>
<input name="productTitle" type="text" class="form-control" id="productTitle">
</div>
<div class="mb-3 col-5">
<label for="productPrice" class="form-label">Price</label>
<input name="productPrice" type="number" class="form-control" id="productPrice">
</div>
<button type="submit" class="btn btn-primary">Save</button>
</form>
Controller (ProductController.php)
public function create()
{
return view('layouts/admin/product.create');
}
public function store(Request $request)
{
dd($request->all());
}
Route (web.php)
Route::resource('admin/products', ProductController::class)->middleware('auth');
The URL parameters in your second link are a giveaway that your form data is being serialized as a GET request instead of submitted as a POST request.
There is no <form> type= attribute. You need to use method=.
<form method="POST" ...
I wanted to make a basic login/logout in Laravel. So I created a new folder under resources/views called auth and then I made a new file login.blade.php inserted this into it:
<html>
<body>
<form>
<input type="text" name="email" placeholder="email" size="40"><br><br>
<input type="password" name="password" placeholder="password" size="40"><br><br>
<input hidden name="_token" value="{{csrf_token}}">
<input type="submit" value="send">
</form>
</body>
</html>
After that I edited the web.php like this:
Route::get('/', function () {
return view('welcome'); });
Route::get('/home', function () {
return view('welcome'); });
Route::get('/login', function () {
return view('auth.login'); });
Route::post('/login','Auth\LoginController#login');
Route::post('/logout','Auth\LoginController#logout');
So it should work fine because everything makes sense but whenever I goto login url, I see this error message:
ErrorException in 6c95db2d362954448afd30aa9a2bf2cb0fc31937.php line 6:
Use of undefined constant csrf_token - assumed 'csrf_token' (View: G:\xampp\htdocs\o2architect\root\laravel\resources\views\auth\login.blade.php)
So can anyone tell me whats going on here ?!
Change it:
<input hidden name="_token" value="{{csrf_token}}">
to
<input hidden name="_token" value="{{ csrf_token() }}">
and try again.
Try below, Hope this work for you!
<html>
<body>
<form>
<input type="text" name="email" placeholder="email" size="40"><br><br>
<input type="password" name="password" placeholder="password" size="40"><br><br>
<input type="hidden" name="_token" value="{{ csrf_token() }}">
<input type="submit" value="send">
</form>
</body>
</html>
The csrf_token is a helper function of Laravel so you will have to call it with parentheses.
Just Change
<input hidden name="_token" value="{{csrf_token}}">
to
<input hidden name="_token" value="{{ csrf_token() }}">
Recommendation
You can use {!! csrf_field() !!} which will create hidden input field with the CSRF Token.
In the code above the form that you have shown is a GET Request form, you will have to change it to action="POST" and GET request forms work without CSRF Token also.
I'm new to Laravel and I making some test on a system which use version 4.2. I'm trying to follow Documentation for password reset. So far I'm able to post my email for password reset and I get token on my email.
When I open the URL from email with the token I get this error:
exception 'Symfony\Component\HttpKernel\Exception\NotFoundHttpException'
The url is: http://example.com/reset/20e2535a11f7c88d1132c55c752a3a8569adbf5f
This is my route
Route::get('/password', ['uses' => 'RemindersController#getRemind']);
Route::get('/reset', ['uses' => 'RemindersController#getReset']);
This is in RemindersController
public function getReset($token = null)
{
if (is_null($token)) App::abort(404);
return View::make('site.reset')->with('token', $token);
}
And the form from the doc's
<form action="{{ action('RemindersController#postReset') }}" method="POST">
<input type="hidden" name="token" value="{{ $token }}">
<input type="email" name="email">
<input type="password" name="password">
<input type="password" name="password_confirmation">
<input type="submit" value="Reset Password">
</form>
I understand the error.. it is saying that the path/file isn't found but it is there..
in your html form, there is the action() method called RemindersController#postReset:
<form action="{{ action('RemindersController#postReset') }}" method="POST">
<input type="hidden" name="token" value="{{ $token }}">
<input type="email" name="email">
<input type="password" name="password">
<input type="password" name="password_confirmation">
<input type="submit" value="Reset Password">
</form>
but your route uses GET. You have to use POST
change your route from:
Route::get('/reset', ['uses' => 'RemindersController#getReset']);
to:
Route::post('/reset', ['uses' => 'RemindersController#getReset']);
i think you could use this way. its maybe better:
Route::match(['GET','POST'], ['uses' => 'RemindersController#getRemind']);
Update: Route should have also token in it because the url is /reset/token:
Route::get('/reset/{token}', ['uses' => 'RemindersController#getReset']);
check if your default controller or default security controller isn't loaded somewhere and it doesn't not overwrite the 'reset' route, get in your application directory using command line and type:
php artisan routes
This should show you if your route is registered and to which controller/action.
I have a simple log in form with a csrf token field. When I submit I get a token mismatch. When I look at the value in the form the value of the token is blank
Both the login form and the authenticate are both in the web middleware group
Route::group(['middleware' => ['web']],function(){
Route::get('/login',function(){
return view('auth.login');
});
Route::post('/authenticate_user','Accounts\Accounts#authenticateUser');
Route::get('/bar',function(){
return csrf_token(); // works
});
});
That bar route does display a token
//login.blade
#section('content')
<div class="row">
<div class="col-md-12">
<form action="authenticate_user" method="post">
<label for="login_name">User Name</label>
<input type="text" id="login_name" name="login_name" required="required">
<label for="password">Password</label>
<input type="password" id="password" name="password" required="required">
{{ csrf_field() }}
<br>
<button type="submit" id="Login" name="login" value="Log In" class="btn btn-default">Log In</button>
</form>
</div>
</div>
#endsection
Unfortunately the csrf field value is blank when I look at the source code
<input type="hidden" name="_token" value="">
I did clear the laravel session and view storage. I restarted my browser and web server (XAMPP using PHP 7.0.2 on win 7).
I also tried:
<?php
$encrypter = app('Illuminate\Encryption\Encrypter');
$encrypted_token = $encrypter->encrypt(csrf_token());
?>
<input id="token" type="hidden" value="{{$encrypted_token}}">
Got a value but it still mismatched
I am sure I am doing something stupid but I have no idea why I am not getting a token value and mismatch
You problem is
{{ csrf_field() }}
it should be
{!! csrf_field() !!}
Using {!! !!} it will render HTML code
UPDATE
From the Laravel docs:
Displaying Unescaped Data
By default, Blade {{ }} statements are automatically sent through PHP's htmlentities function to prevent XSS attacks. If you do not want your data to be escaped, you may use the following syntax:
Hello, {!! $name !!}.
Try to do this on the page:
<form class="form-horizontal" role="form" method="DELETE" action="/user/{{ $user->id }}/delete">
<button type="submit" class="btn btn-danger">
Delete
</button>
</form>
The route:
Route::delete('user/{id}/delete', ['middleware' => ['admin'],
'uses' => 'Auth\UserController#destroy']);
The controller:
class UserController extends Controller
{
public function destroy($id)
{
DB::table('users')->where('id', $id)->delete();
return view('admin/dash');
}
}
I'm getting MethodNotAllowedHttpException in RouteCollection.php.
How do I fix it?
Solution:
Thanks to Josh. I solve it by changing form to
<form method="POST" action="/user/{{ $user->id }}/delete">
<input type="hidden" name="_token" value="{{ csrf_token() }}">
<input type="hidden" name="_method" value="DELETE" />
<button type="submit" class="btn btn-danger">
Delete
</button>
</form>
In some implementations of some versions of HTML, only GET and POST are allowed as methods.
You can overcome this by adding an addition attribute _method that you process yourself, or you can use JavaScript.
If you're using Chrome, check the Network tab in developer tools to verify either that this is the problem or add the request to your post for further diagnostics.
See here for more details.