Yii2 Unable to verify your data submission in incognito mode - php

I have separated backend and frontend by using below:
Backend Config/main.php
$config = [
'id' => 'app-backend',
'basePath' => dirname(__DIR__),
'controllerNamespace' => 'backend\controllers',
'bootstrap' => ['log'],
'modules' => [],
'components' => [
'request' => [
'csrfParam' => '_csrf-backend',
'cookieValidationKey' => 'sdsdsdsd-e8Fhoa1PdHzzfB2VTON9Nfh',
'class' => 'common\components\Request',
'web'=> '/backend/web',
'adminUrl' => '/cpanel'
],
'urlManager' => [
'class' => 'yii\web\UrlManager',
'enablePrettyUrl' => true,
'showScriptName' => false,
],
'user' => [
'identityClass' => 'common\models\AdminUser',
'enableAutoLogin' => true,
'identityCookie' => ['name' => '_identity-project-backend', /*'httpOnly' => true*/],
],
'session' => [
// this is the name of the session cookie used for login on the backend
'name' => 'project-backend',
'timeout' => 60*60*24*30,
],
],
'params' => $params,
];
Frontend Config/main.php
$config = [
'id' => 'app-frontend',
'basePath' => dirname(__DIR__),
'bootstrap' => ['log'],
'controllerNamespace' => 'frontend\controllers',
'components' => [
'request' => [
'csrfParam' => '_csrf-backend',
'cookieValidationKey' => 'wmWhVSIv-e8Fhoa1PdHzzfB2VTON9Nfh',
'class' => 'common\components\Request',
'web' => '/frontend/web'
],
'urlManager' => [
'class' => 'yii\web\UrlManager',
'enablePrettyUrl' => true,
'showScriptName' => false,
],
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
'identityCookie' => ['name' => '_identity-project-frontend', /*'httpOnly' => true*/],
],
'session' => [
// this is the name of the session cookie used for login on the frontend
'name' => 'project-frontend',
'timeout' => 60*60*24*30,
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
],
'params' => $params,
//'defaultRoute' => 'site/index'
];
Now it is working perfectly in normal browser mode. But when ever i am trying to login using incognito mode, on first attempt it gives below error:
Unable to verify your data submission
After that, if i reload the page and try to login again, it works normally.
My form is generated using ActiveForm, so CSRF token is available in login page.
So how to solve this problem?

Yo can specify the validation false in specific controller / actions
include the Yii class
use Yii;
inside the action
Yii::$app->controller->enableCsrfValidation = false;
or inside the controller
$this->enableCsrfValidation = false;

You need to set validation false
Set this code inside the action
Yii::$app->controller->enableCsrfValidation = false;
Set complete controller validation false
$this->enableCsrfValidation = false;
This will work

Related

Turning on PageCache in yii2 produces strange encoding problem

I have a web portal that I want to add PageCache to. When Activating it, a strange coding appears and after debugging for a while I don't understand the reason since in other projects developed in Yii2 the PageCache works correctly.
[
'class' => 'yii\filters\PageCache',
'only' => ['index'],
'duration' => 300,
'enabled'=>true,
'variations' => [
\Yii::$app->language,
],
'dependency' => [
'class' => 'yii\caching\DbDependency',
'sql' => 'SELECT COUNT(*) FROM item',
],
],
Web config
$config = [
'id' => 'my-web',
'language'=>'en',
'name'=>'My Web',
'basePath' => dirname(__DIR__),
'defaultRoute' => 'site/index',
'bootstrap' => ['log'],
'aliases' => [
'#bower' => '#vendor/bower-asset',
'#npm' => '#vendor/npm-asset',
],
'components' => [
'request' => [
'cookieValidationKey' => 'XXXXXXXXXXXXXX',
],
'cache' => [
'class' => 'yii\caching\FileCache',
],
'user' => [
'identityClass' => 'app\models\User',
'enableAutoLogin' => true,
'identityCookie' => ['name' => '_cookiename', 'httpOnly' => true],
],
'session' => [
'name' => 'session-identifier',
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'db' => $db,
],
'params' => $params,
];
Ubuntu: Ubuntu 16.04.2 LTS
Mysql: 5.7.18-0ubuntu0.16.04.1 (Ubuntu)
php: 7.0.18
Cache content snippet
^_<8b>^H^#^#^#^#^#^#^Cí=ÛvÛ6¶ïý
X<9d><99>$§¦Dêfɱ<9d>ºN<9c>fN.<9e>ÆM<93>^V^VDB^Rl<92>` Ò<96>ÓéÇôq^^æá¬y<9b><97>®ÕüØÙ^#x'%Q<8a>SÛ­<95>^UY$.^[ØØwÜv6^^¾88~sô^HM^CÇÞûdGüA6v'»^MÂ^[{<9f> øìL ¶ÔOùè<90>^##s<8a>}N<82>ÝÆ×Ç<87>Ú Ñ*¦»Ø!»<8d>3JÎ=æ^G^Md27 .ä?§V0ݵÈ^Y5<89>&^_6^Qui#±­q^SÛd×ØD^N<9e>Q't¢^W½¦¾<89>BN|ù<8c>GðJo¤^#+!<9b>Ü^_k^^ö±<93><81>ýV¼<85><92>¥<8c>^A;%n&ã^[ûô5?^\¿èøüõÁ´£=yr|pö<90><85>m^]^?«^]q|ôz<82>ñ<81>ñTÿö^_úQçéøY<97>¾~wñ¤û^Of|^[|K<9f>^?ó<9a>¾6IçèâÕ³ÿýû^E^?F¦ôéì|w7Óê<9d><80>^F6Ù{é`?xÆΨ<8d>4ô^U^Q-6éûÿ¸( öû^?<8d><99>Ë8rÞÿ^GÒ ßD¾Ìà#z4e.<81>^R/^A^_^NvM¼ÓRõ¥õÛÔ=<85>^B6t^Q»Ì¥<80>º^F<9a>úd¼Û<98>^F<81>·Ýj^YÃvÓè^O<9a><9d>NÓÐ[<8d>ʲØ^N<88>ïâ<80>¨² i,¬ Í!^G^\^FSægð<9c>ö~ÙxZ<84><9b>>õ^Bʲã^Tã£^BY<88>Ǩi&xe.r<98>J^M^D^Y^E<80>RA<9e>ï^? äË^Kä<84>æ<94>A^]¿ð&:^#(Ø<81>*^A^\^Bê^C<8a>¥^LY$^Z^E5Ldæù<84>ó^XF<4<8d>j^DL^X<9b>ØDã4 Ú^Yñé^XF¥Ð¥Ù<9b>Wçmã^[»ëôÂCþhöôHcìø^_o»Ý§£·§^G§Ó·xüÎÖ^O¼Çæ\<;ü^LÛÔ<82>QkêF¦î~ça»ß3<8c>n{h|qð¨×ë^_^ZíÃîðàáaGï^Z<83>\<85><85><9a>=<9f>yÄ^O.v^[l²m3Á<98><99><9a ......
I added several screenshots
What can be the reason for this behavior?

Yii2 - Working With Multiple backend- session and cookies

Let me tell you the case.
Basically I have separate backend in yii2 advanced template.
Why ? This is the reason
My office have a lot of branch office in a country with a lot of departements of each branch.
This departements, I have interpretation of them as modules.
The departement name is same but sometime, they have a lot of different
behaviours.
As example admin in headquarters can erase employee name in branch
office, but admin branch office , they can not.
So, I choose to separate them into backend folder each like this :
backend (which is portal branch and also super-admin backend)
-modules
-human_resource
backend-jkt (which is Jakarta Indonesia backend)
-modules
-human_resource
My question is :
When user successfully login to backend, then i created a link to backend-jkt, it's automatically login also.
As vice versa,
When people directly to backend-jkt but not logged in to backend, it's automatically redirect to backend's login,
Now my situation is: when user logged in to backend, then click link "Jakarta" as above in image, user have to sign in again.
This is my config in backend
<?php
$params = array_merge(
require __DIR__ . '/../../common/config/params.php',
require __DIR__ . '/../../common/config/params-local.php',
require __DIR__ . '/params.php',
require __DIR__ . '/params-local.php'
);
return [
'id' => 'app-backend',
'name' => 'Backend System',
'basePath' => dirname(__DIR__),
'controllerNamespace' => 'backend\controllers',
'bootstrap' => ['log'],
'modules' => [
'mimin' => [
'class' => '\hscstudio\mimin\Module',
],
'SuperAdmin' => [
'class' => 'backend\modules\super_admin\SuperAdmin',
],
],
'components' => [
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
'identityCookie' => [
'name' => '_identity-backend',
'httpOnly' => true
],
],
'session' => [
// this is the name of the session cookie used for login on the backend
'name' => 'advanced-backend',
'savePath' => sys_get_temp_dir(),
],
'request' => [
'cookieValidationKey' => 'IkR77lm93Rcb9TCoYTAZ',
'csrfParam' => '_csrf-backend',
],
'assetManager' => [
'bundles' => [
'dmstr\web\AdminLteAsset' => [
],
],
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'urlManager' => [
'suffix' => '.html',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
],
],
'urlManagerBackendJkt' => [
'class' => 'yii\web\urlManager',
'baseUrl' => '/backend-jkt/web/',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
'http://jkt.tresnamuda.local/' => '#app/index',
],
],
'authManager' => [
'class' => 'yii\rbac\DbManager', // only support DbManager
],
],
'as access' => [
'class' => '\hscstudio\mimin\components\AccessControl',
'allowActions' => [
// add wildcard allowed action here!
'site/*',
'debug/*',
// 'mimin/*', // only in dev mode
],
],
'params' => $params,
];
And this is the backend-jkt
<?php
$params = array_merge(
require __DIR__ . '/../../backend/config/params.php',
require __DIR__ . '/../../backend/config/params-local.php',
require __DIR__ . '/params.php',
require __DIR__ . '/params-local.php'
);
return [
'id' => 'app-backend_jkt',
'name' => 'Jkt Backend System',
'basePath' => dirname(__DIR__),
'controllerNamespace' => 'backend_jkt\controllers',
'bootstrap' => ['log'],
'modules' => [
'mimin' => [
'class' => '\hscstudio\mimin\Module',
],
],
'components' => [
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
'identityCookie' => [
'name' => '_identity-backend',
'httpOnly' => true
],
],
'session' => [
// this is the name of the session cookie used for login on the backend
'name' => 'advanced-backend',
'savePath' => sys_get_temp_dir(),
],
'request' => [
'cookieValidationKey' => 'IkR77lm93Rcb9TCoYTAZ',
'csrfParam' => '_csrf-backend',
],
'assetManager' => [
'bundles' => [
'dmstr\web\AdminLteAsset' => [
],
],
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'urlManager' => [
'suffix' => '.html',
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
],
],
'authManager' => [
'class' => 'yii\rbac\DbManager', // only support DbManager
],
],
'as access' => [
'class' => '\hscstudio\mimin\components\AccessControl',
'allowActions' => [
// add wildcard allowed action here!
'site/*',
'debug/*',
// 'mimin/*', // only in dev mode
],
],
'params' => $params,
];
your question about cookies that place in user's browsers seprate by domain and Path , so you have to store it for next domain Path , I recommend to you after clicking Jakarta send user-id and private-key to Jakarta and there force login that user-id by simple command :
if(private-key is Okey and you get $user-id by POST ) {
$user = User::findOne($user-id);
Yii::$app->getUser()->login($user);
}
private-key is simple or advance why that you can increase your security , you may leave it and just check have user-id or not !

Setting unknown property: yii\console\ErrorHandler::errorAction on linux server

I just uploaded my yii advanced project to my centos server, but I can't seem to get past the migrate phase. When I try to run yii migrate the following error occurred:
`Setting unknown property: yii\console\ErrorHandler::errorAction'
I have no idea why this happens, because it works fine when I run it locally on my windows computer.
My yii advance project is bit different than a normal Yii advanced. The backend has been separated from the frontend so it just contains the console and frontend directory.
common/config/main.php
$config = require(__DIR__ . '/main-console.php');
array_push($config['bootstrap'], 'site');
$config['components']['errorHandler'] = [
'errorAction' => 'site/error',
];
$config['components']['user'] = [
'identityClass' => 'frontend\models\User',
'enableAutoLogin' => true,
];
$config['components']['session'] = [
'name' => 'PHPFRONTSESSID',
'savePath' => sys_get_temp_dir(),
];
$config['components']['request'] = [
'cookieValidationKey' => 'IBzCJMjLWUaXMZemYUej',
'csrfParam' => '_frontendCSRF',
];
$config['components']['site'] = [
'class' => 'frontend\components\SiteComponent',
];
return $config;
main-console.php
$params = array_merge(
require(__DIR__ . '/params.php')
);
return [
'id' => 'app-frontend',
'basePath' => dirname(__DIR__),
'bootstrap' => ['log','debug'],
'sourceLanguage' => 'en-US',
'controllerNamespace' => 'frontend\controllers',
'aliases' => [
'#local_media' => '#frontend/web/uploads/media',
],
'modules' => [
'debug' => [
'class' => 'yii\debug\Module',
],
],
'components' => [
'cache' => [
'class' => 'yii\caching\FileCache',
],
'i18n' => [
'translations' => [
'app*' => [
'class' => 'yii\i18n\PhpMessageSource',
'basePath' => '#frontend/messages',
],
],
],
'assetManager' => [
'bundles' => false,
],
'mailer' => [
'class' => 'yii\swiftmailer\Mailer',
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning', 'trace'],
],
],
],
'defaultRoute' => 'site/view',
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => true,
'enableStrictParsing' => false,
'rules' => require('routes.php'),
],
],
'params' => $params,
];
Can someone give me some advies on how to solve this problem?
You problem is that you specify error action into common/config/main.php. Error action must be used only with web apps, not console. So move this to your frontend and backend configs separately:
$config['components']['errorHandler'] = [
'errorAction' => 'site/error',
];
There is no errorAction attribute in yii\console\ErrorHandler class. There is one in yii\web\ErrorHandler though. I'm not sure why this works on your local machine because it shouldn't. I guess some other configuration is in place there.

Error installation extentions Reportico on Yii 2

I installed the extension reportico through composer and already web.php configuration file, but when I go into Reportico Admin Page error instead. The solution how ?
enter image description here
scrip web.php
<?php
$params = require(__DIR__ . '/params.php');
$config = [
'id' => 'basic',
'basePath' => dirname(__DIR__),
'bootstrap' => ['log'],
'components' => [
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => false,
],
'request' => [
// !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
'cookieValidationKey' => 'K1pkkP_iwACp933A03LotJ3AfRsyIb-D',
],
'cache' => [
'class' => 'yii\caching\FileCache',
],
'user' => [
'identityClass' => 'app\models\User',
'enableAutoLogin' => true,
],
'errorHandler' => [
'errorAction' => 'site/error',
],
'mailer' => [
'class' => 'yii\swiftmailer\Mailer',
// send all mails to a file by default. You have to set
// 'useFileTransport' to false and configure a transport
// for the mailer to send real emails.
'useFileTransport' => true,
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\FileTarget',
'levels' => ['error', 'warning'],
],
],
],
'db' => require(__DIR__ . '/db.php'),
/*
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => false,
'rules' => [
],
],
*/
],
'reportico' => [
'class' => 'reportico\reportico\Module' ,
'controllerMap' => [
'reportico' => 'reportico\reportico\controllers\ReporticoController',
'mode' => 'reportico\reportico\controllers\ModeController',
'ajax' => 'reportico\reportico\controllers\AjaxController',
]
],
'params' => $params,
];
if (YII_ENV_DEV) {
// configuration adjustments for 'dev' environment
$config['bootstrap'][] = 'debug';
$config['modules']['debug'] = [
'class' => 'yii\debug\Module',
];
$config['bootstrap'][] = 'gii';
$config['modules']['gii'] = [
'class' => 'yii\gii\Module',
];
}
return $config;
Move reportico to components array:
'components' => [
//...
'reportico' => [
'class' => 'reportico\reportico\Module' ,
'controllerMap' => [
'reportico' => 'reportico\reportico\controllers\ReporticoController',
'mode' => 'reportico\reportico\controllers\ModeController',
'ajax' => 'reportico\reportico\controllers\AjaxController',
]
]
]

Yii2 always log application category with $_COOKIE, $_SESSION and $_SERVER (category filter not working properly)

I am new to Yii2 and I need some manual logging to Data Base after some actions has happened. The thing that seems best for me is to filter by category. The problem is that Yii2 always add extra line with information $_COOKIE, $_SESSION and $_SERVER.
Is this normal? How can I disable the extra log line?
This is the fronted configuration
return [
'id' => 'app-frontend',
'basePath' => dirname(__DIR__),
'bootstrap' => ['log'],
'controllerNamespace' => 'frontend\controllers',
'components' => [
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'class' => 'yii\log\DbTarget',
'categories' => ['manual'],
]
],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
],
'params' => $params,
];
And this is the action code:
public function actionTest()
{
$logger = Yii::getLogger();
\Yii::info('catalog info', 'manual');
$logger->flush();
Yii::$app->end();
}
And this is the result:
Thanks to rkm answer this configuration now works:
[
'id' => 'app-frontend',
'basePath' => dirname(__DIR__),
'bootstrap' => ['log'],
'controllerNamespace' => 'frontend\controllers',
'components' => [
'user' => [
'identityClass' => 'common\models\User',
'enableAutoLogin' => true,
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,
'targets' => [
[
'except' => [
'manual',
],
'class' => 'yii\log\FileTarget',
'categories' => ['application'],
],
[
'class' => 'yii\log\DbTarget',
'categories' => ['manual'],
'logVars' => [],
]
],
],
'errorHandler' => [
'errorAction' => 'site/error',
],
],
'params' => $params,
];
Add 'logVars' => [], in your config to log component like this if you don't need any global variables.
'components' => [
...
'log' => [
...
'targets' => [
[
'class' => 'yii\log\FileTarget',
'logVars' => [],
]
]
...
]
...
]
More info about configuring logging in the docs

Categories