I wanted to make a basic login/logout in Laravel. So I created a new folder under resources/views called auth and then I made a new file login.blade.php inserted this into it:
<html>
<body>
<form>
<input type="text" name="email" placeholder="email" size="40"><br><br>
<input type="password" name="password" placeholder="password" size="40"><br><br>
<input hidden name="_token" value="{{csrf_token}}">
<input type="submit" value="send">
</form>
</body>
</html>
After that I edited the web.php like this:
Route::get('/', function () {
return view('welcome'); });
Route::get('/home', function () {
return view('welcome'); });
Route::get('/login', function () {
return view('auth.login'); });
Route::post('/login','Auth\LoginController#login');
Route::post('/logout','Auth\LoginController#logout');
So it should work fine because everything makes sense but whenever I goto login url, I see this error message:
ErrorException in 6c95db2d362954448afd30aa9a2bf2cb0fc31937.php line 6:
Use of undefined constant csrf_token - assumed 'csrf_token' (View: G:\xampp\htdocs\o2architect\root\laravel\resources\views\auth\login.blade.php)
So can anyone tell me whats going on here ?!
Change it:
<input hidden name="_token" value="{{csrf_token}}">
to
<input hidden name="_token" value="{{ csrf_token() }}">
and try again.
Try below, Hope this work for you!
<html>
<body>
<form>
<input type="text" name="email" placeholder="email" size="40"><br><br>
<input type="password" name="password" placeholder="password" size="40"><br><br>
<input type="hidden" name="_token" value="{{ csrf_token() }}">
<input type="submit" value="send">
</form>
</body>
</html>
The csrf_token is a helper function of Laravel so you will have to call it with parentheses.
Just Change
<input hidden name="_token" value="{{csrf_token}}">
to
<input hidden name="_token" value="{{ csrf_token() }}">
Recommendation
You can use {!! csrf_field() !!} which will create hidden input field with the CSRF Token.
In the code above the form that you have shown is a GET Request form, you will have to change it to action="POST" and GET request forms work without CSRF Token also.
Related
I am trying to submit a form in Laravel but I am getting the error The POST method is not supported for this route. Supported methods: GET, HEAD, PUT, PATCH, DELETE.
I have tried the suggestions in post method in laravel give MethodNotAllowedHttpException but none is working.
Here is my code.
<div class="row" style="background: #ffffff;">
<div class="col-lg-12 col-md-12 col-sm-12" style="background: white; margin: 10px">
<form method="post" action="{{ route('companies.update',[$company->id]) }}">
{{ csrf_field() }}
<input type="hidden" name="method" value="put">
<div class="form-group">
<label for="company.name">Name <span class="required">*</span> </label>
<input placeholder="Enter name" id="company-name" required name="description" spellcheck="false" class="form-control" value="{{ $company->name }}" />
</div>
<div class="form-group">
<label for="company-content">Description</label>
<textarea placeholder="Enter Description" style="resize: vertical" id="company-content" name="description" rows="5" spellcheck="true" class="form-control autosize-target text-left">
{{$company->description}}</textarea>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit" />
</div>
</form>
</div>
</div>
Replacing post with get,put removes the error but not doing what I want.
These are my routes
<?php
Route::get('/', function () {
return view('welcome');
});
Auth::routes();
Route::get('/home', 'HomeController#index')->name('home');
Route::resource('companies','CompaniesController');
Route::resource('projects','ProjectsController');
Route::resource('roles','RolesController');
Route::resource('tasks','TasksController');
Route::resource('users','UsersController');
In the CompaniesController I have
public function update(Request $request, Company $company)
{
$companyupdates = Company::where('id', $company->id)->update([
'name' => $request->input('name'),
'description' => $request->input('description'),
]);
if($companyupdates){
return redirect()->route('companies.show', ['company'=>$company->id])->with('success','Company Updated Successfully');
}
return back()->withInput();
}
Where am I going wrong?
Try using the blade directives instead:
<form method="post" action="{{ route('companies.update',$company->id) }}">
#csrf
#method('PUT')
Note: you don't need to pass the company id with '[ ]'
In this input:
<input type="hidden" name="method" value="put">
The name should be _method according to the laravel form method spoofing
Example from the docs:
<form action="/foo/bar" method="POST">
<input type="hidden" name="_method" value="PUT">
<input type="hidden" name="_token" value="{{ csrf_token() }}">
</form>
With the blade directives:
<form action="/foo/bar" method="POST">
#method('PUT')
#csrf
</form>`
Why is this error occurring?
You put the wrong name on your method input, so laravel will recognize this form action as POST, and not PUT. Since it's a update action, laravel will thrown this error.
HTML forms do not support PUT, PATCH or DELETE actions. So, when defining PUT, PATCH or DELETE routes that are called from an HTML form, you will need to add a hidden _method field to the form. The value sent with the _method field will be used as the HTTP request method:
For more info: Docs
My Laravel get method is working but post method is not working.
controller
public function create(Request $request)
{
if (Request::isMethod('post'))
{
echo 'text';
exit;
}
}
blade
<form action="{{route('create')}}" method="POST">
<input name="name" class="form-control" type="text">
<input name="email" class="form-control" type="email">
<input type="submit" class="btn btn-primary btn-lg btn-block" name="submit">
</form>
route
Route::post('/create', 'Tools\PostController#create')->name('create');
error
The page has expired due to inactivity.
Please refresh and try again.
You are getting "The page has expired due to inactivity. Please refresh and try again" because you are not passing csrf token with the post request.
By default laravel reject any post request without the csfr token in the request.
Try this:
In your blade file include one hidden input like this :
<input name="token" type="hidden" value="{{ csrf_token() }}">
For more info please refer to the docs
I'm new to Laravel and I making some test on a system which use version 4.2. I'm trying to follow Documentation for password reset. So far I'm able to post my email for password reset and I get token on my email.
When I open the URL from email with the token I get this error:
exception 'Symfony\Component\HttpKernel\Exception\NotFoundHttpException'
The url is: http://example.com/reset/20e2535a11f7c88d1132c55c752a3a8569adbf5f
This is my route
Route::get('/password', ['uses' => 'RemindersController#getRemind']);
Route::get('/reset', ['uses' => 'RemindersController#getReset']);
This is in RemindersController
public function getReset($token = null)
{
if (is_null($token)) App::abort(404);
return View::make('site.reset')->with('token', $token);
}
And the form from the doc's
<form action="{{ action('RemindersController#postReset') }}" method="POST">
<input type="hidden" name="token" value="{{ $token }}">
<input type="email" name="email">
<input type="password" name="password">
<input type="password" name="password_confirmation">
<input type="submit" value="Reset Password">
</form>
I understand the error.. it is saying that the path/file isn't found but it is there..
in your html form, there is the action() method called RemindersController#postReset:
<form action="{{ action('RemindersController#postReset') }}" method="POST">
<input type="hidden" name="token" value="{{ $token }}">
<input type="email" name="email">
<input type="password" name="password">
<input type="password" name="password_confirmation">
<input type="submit" value="Reset Password">
</form>
but your route uses GET. You have to use POST
change your route from:
Route::get('/reset', ['uses' => 'RemindersController#getReset']);
to:
Route::post('/reset', ['uses' => 'RemindersController#getReset']);
i think you could use this way. its maybe better:
Route::match(['GET','POST'], ['uses' => 'RemindersController#getRemind']);
Update: Route should have also token in it because the url is /reset/token:
Route::get('/reset/{token}', ['uses' => 'RemindersController#getReset']);
check if your default controller or default security controller isn't loaded somewhere and it doesn't not overwrite the 'reset' route, get in your application directory using command line and type:
php artisan routes
This should show you if your route is registered and to which controller/action.
My routes is here
Route::get('sign-up', ['as' => 'signUp', 'uses' => 'UserController#signUpGet']);
Route::post('sign-up', ['as' => 'signUpPost', 'uses' => 'UserController#signUpPost']);
Controller
return redirect('signUp')->withInput();
And View
<form role="form" method="POST" action="{{route('signUpPost')}}">
<input type="text" class="form-control" name="username" value="{{ old('username') }}">
</form>
The {{old()}} function return empty value.
EDIT
I took
NotFoundHttpException in RouteCollection.php line 145:
Your problem looks like you are not actually submitting the username in the first place:
<form role="form" method="POST" action="{{route('signUpPost')}}">
<input type="text" class="form-control" name="username" value="{{ old('username') }}">
</form>
There is no 'submit' button inside the form. If you submit outside the form - then the username will not be included.
Add the submit button inside your form - then try again
<form role="form" method="POST" action="{{route('signUpPost')}}">
<input type="text" class="form-control" name="username" value="{{ old('username') }}">
<input type="submit" value="Submit">
</form>
Edit - also your controller is wrong. It should be this:
return redirect()->route('signUp')->withInput();
All you are missing is to Flash the Input to the session. This is so it's available during the next request.
$request->flash();
Do that just before calling to View your form.
Source: http://laravel.com/docs/5.1/requests#old-input
<div class="form-group #if($errors->first('username')) has-error #endif">
<label for="username" class="rtl">Enter user name </label>
<input type="text" name="username" class="form-control rtl basic-usage" id="username" placeholder="Enter user name" value="{!! old('username') !!}">
<span class="help-block required">{{$errors->first('username')}}</span>
</div>
above form field will show old value entered.
will show validation error (you have to specify error separately.)
have a place holder.
bootstrap to look better.(add bootstrap)
Your name in the register view should correspond with keys in create() and validate() method inside your RegisterController file.
My problem here was caused by "data-prefill" in the input. Once I removed this, it worked.
You can try this: {{ Input::old('username') }}.
I have this login form via Symfony2 security documentation with the following TWIG template content:
<form action="{{ path('login_check') }}" method="post">
<div class="input form">
<label for="username">Account name or E-mail:</label>
<input type="text" id="username" name="_username" value="{{ last_username }}" required="required" />
</div>
<div class="input form">
<label for="password">Password:</label>
<input type="password" id="password" name="_password" required="required" />
</div>
<input type="hidden" name="_token" value="{{ csrf_token("intention") }}">
<button type="submit">Log In</button>
</form>
And I want to add CSRF protection in this form. As you can see, I added this line <input type="hidden" name="_token" value="{{ csrf_token("intention") }}"> but I'm not really sure, if it is enough to activate this protection.
My controller has same form as on the doc, so it looks like this:
<?php
// src/Acme/SecurityBundle/Controller/SecurityController.php;
namespace Acme\SecurityBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Security\Core\SecurityContext;
class SecurityController extends Controller
{
public function loginAction()
{
$request = $this->getRequest();
$session = $request->getSession();
// get the login error if there is one
if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(
SecurityContext::AUTHENTICATION_ERROR
);
} else {
$error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
$session->remove(SecurityContext::AUTHENTICATION_ERROR);
}
return $this->render(
'AcmeSecurityBundle:Security:login.html.twig',
array(
// last username entered by the user
'last_username' => $session->get(SecurityContext::LAST_USERNAME),
'error' => $error,
)
);
}
}
So it's enough just paste one hidden input with value {{ csrf_token("intention") }} or I have to add something into controller?
I found that Answer from #Chris McKinnel isn't true. Now, the Symfony2 has on the tutorial page this section:
http://symfony.com/doc/current/cookbook/security/csrf_in_login_form.html
I need add line in my security.yml:
form_login:
# ...
csrf_provider: form.csrf_provider
And change this
<input type="hidden" name="_token" value="{{ csrf_token("intention") }}">
to
<input type="hidden" name="_csrf_token" value="{{ csrf_token("authenticate") }}">
Now I am sure my authentication form si CSRF protected.
CSRF protection is enabled by default, so all you need to do is render your CSRF token in your HTML. You don't need to do anything in your controller.
You have a couple of options:
Do it just like you've done it above
Use {{ form_rest(form) }}, this will render all fields that you haven't rendered yet, including hidden fields like the CSRF token
Either will work fine.