Password reset laravel 4.2 with Token - php

I'm new to Laravel and I making some test on a system which use version 4.2. I'm trying to follow Documentation for password reset. So far I'm able to post my email for password reset and I get token on my email.
When I open the URL from email with the token I get this error:
exception 'Symfony\Component\HttpKernel\Exception\NotFoundHttpException'
The url is: http://example.com/reset/20e2535a11f7c88d1132c55c752a3a8569adbf5f
This is my route
Route::get('/password', ['uses' => 'RemindersController#getRemind']);
Route::get('/reset', ['uses' => 'RemindersController#getReset']);
This is in RemindersController
public function getReset($token = null)
{
if (is_null($token)) App::abort(404);
return View::make('site.reset')->with('token', $token);
}
And the form from the doc's
<form action="{{ action('RemindersController#postReset') }}" method="POST">
<input type="hidden" name="token" value="{{ $token }}">
<input type="email" name="email">
<input type="password" name="password">
<input type="password" name="password_confirmation">
<input type="submit" value="Reset Password">
</form>
I understand the error.. it is saying that the path/file isn't found but it is there..

in your html form, there is the action() method called RemindersController#postReset:
<form action="{{ action('RemindersController#postReset') }}" method="POST">
<input type="hidden" name="token" value="{{ $token }}">
<input type="email" name="email">
<input type="password" name="password">
<input type="password" name="password_confirmation">
<input type="submit" value="Reset Password">
</form>
but your route uses GET. You have to use POST
change your route from:
Route::get('/reset', ['uses' => 'RemindersController#getReset']);
to:
Route::post('/reset', ['uses' => 'RemindersController#getReset']);
i think you could use this way. its maybe better:
Route::match(['GET','POST'], ['uses' => 'RemindersController#getRemind']);
Update: Route should have also token in it because the url is /reset/token:
Route::get('/reset/{token}', ['uses' => 'RemindersController#getReset']);

check if your default controller or default security controller isn't loaded somewhere and it doesn't not overwrite the 'reset' route, get in your application directory using command line and type:
php artisan routes
This should show you if your route is registered and to which controller/action.

Related

Laravel 5 POST method is not working

My Laravel get method is working but post method is not working.
controller
public function create(Request $request)
{
if (Request::isMethod('post'))
{
echo 'text';
exit;
}
}
blade
<form action="{{route('create')}}" method="POST">
<input name="name" class="form-control" type="text">
<input name="email" class="form-control" type="email">
<input type="submit" class="btn btn-primary btn-lg btn-block" name="submit">
</form>
route
Route::post('/create', 'Tools\PostController#create')->name('create');
error
The page has expired due to inactivity.
Please refresh and try again.
You are getting "The page has expired due to inactivity. Please refresh and try again" because you are not passing csrf token with the post request.
By default laravel reject any post request without the csfr token in the request.
Try this:
In your blade file include one hidden input like this :
<input name="token" type="hidden" value="{{ csrf_token() }}">
For more info please refer to the docs

Whoops, looks like something went wrong. LARAVEL ERROR

I wanted to make a basic login/logout in Laravel. So I created a new folder under resources/views called auth and then I made a new file login.blade.php inserted this into it:
<html>
<body>
<form>
<input type="text" name="email" placeholder="email" size="40"><br><br>
<input type="password" name="password" placeholder="password" size="40"><br><br>
<input hidden name="_token" value="{{csrf_token}}">
<input type="submit" value="send">
</form>
</body>
</html>
After that I edited the web.php like this:
Route::get('/', function () {
return view('welcome'); });
Route::get('/home', function () {
return view('welcome'); });
Route::get('/login', function () {
return view('auth.login'); });
Route::post('/login','Auth\LoginController#login');
Route::post('/logout','Auth\LoginController#logout');
So it should work fine because everything makes sense but whenever I goto login url, I see this error message:
ErrorException in 6c95db2d362954448afd30aa9a2bf2cb0fc31937.php line 6:
Use of undefined constant csrf_token - assumed 'csrf_token' (View: G:\xampp\htdocs\o2architect\root\laravel\resources\views\auth\login.blade.php)
So can anyone tell me whats going on here ?!
Change it:
<input hidden name="_token" value="{{csrf_token}}">
to
<input hidden name="_token" value="{{ csrf_token() }}">
and try again.
Try below, Hope this work for you!
<html>
<body>
<form>
<input type="text" name="email" placeholder="email" size="40"><br><br>
<input type="password" name="password" placeholder="password" size="40"><br><br>
<input type="hidden" name="_token" value="{{ csrf_token() }}">
<input type="submit" value="send">
</form>
</body>
</html>
The csrf_token is a helper function of Laravel so you will have to call it with parentheses.
Just Change
<input hidden name="_token" value="{{csrf_token}}">
to
<input hidden name="_token" value="{{ csrf_token() }}">
Recommendation
You can use {!! csrf_field() !!} which will create hidden input field with the CSRF Token.
In the code above the form that you have shown is a GET Request form, you will have to change it to action="POST" and GET request forms work without CSRF Token also.

Laravel: post form without validation

I'm in trouble with Laravel framework. I have two forms, but they do the same thing: signup.
Here's a deal. I have a signup page. I also have a signup form on my home page.
When I fill form on my home page and click "Sign up", it's validate my form. I don't want it. I want it to redirect POST to /signup and then validate. I want to display error/success info on /signup page. How can I do this?
my form on home.blade.php (signup.blade.php has the same form):
<form action="{{ route(auth.signup) }}" method="POST">
<input name="username" type="text" placeholder="Username">
<input name="email" type="email" placeholder="Email">
<input name="password" type="password" placeholder="Password">
<input name="password_confirmation" type="password" placeholder="Confirm Password">
<input type="submit" value="Sign up">
Is not what you are asking but I would do an "ajax registration" in your home page and show the proper validation error in your home page. If you need to have both singups (home, fullpage) you can differentiate your post request doing this on your auth.singup:
if ( $request->ajax() ){
return response()->json([
'auth' => $auth, // Your validation result
'intended' => URL::previous()
]);
}

Laravel 5 input old is empty

My routes is here
Route::get('sign-up', ['as' => 'signUp', 'uses' => 'UserController#signUpGet']);
Route::post('sign-up', ['as' => 'signUpPost', 'uses' => 'UserController#signUpPost']);
Controller
return redirect('signUp')->withInput();
And View
<form role="form" method="POST" action="{{route('signUpPost')}}">
<input type="text" class="form-control" name="username" value="{{ old('username') }}">
</form>
The {{old()}} function return empty value.
EDIT
I took
NotFoundHttpException in RouteCollection.php line 145:
Your problem looks like you are not actually submitting the username in the first place:
<form role="form" method="POST" action="{{route('signUpPost')}}">
<input type="text" class="form-control" name="username" value="{{ old('username') }}">
</form>
There is no 'submit' button inside the form. If you submit outside the form - then the username will not be included.
Add the submit button inside your form - then try again
<form role="form" method="POST" action="{{route('signUpPost')}}">
<input type="text" class="form-control" name="username" value="{{ old('username') }}">
<input type="submit" value="Submit">
</form>
Edit - also your controller is wrong. It should be this:
return redirect()->route('signUp')->withInput();
All you are missing is to Flash the Input to the session. This is so it's available during the next request.
$request->flash();
Do that just before calling to View your form.
Source: http://laravel.com/docs/5.1/requests#old-input
<div class="form-group #if($errors->first('username')) has-error #endif">
<label for="username" class="rtl">Enter user name </label>
<input type="text" name="username" class="form-control rtl basic-usage" id="username" placeholder="Enter user name" value="{!! old('username') !!}">
<span class="help-block required">{{$errors->first('username')}}</span>
</div>
above form field will show old value entered.
will show validation error (you have to specify error separately.)
have a place holder.
bootstrap to look better.(add bootstrap)
Your name in the register view should correspond with keys in create() and validate() method inside your RegisterController file.
My problem here was caused by "data-prefill" in the input. Once I removed this, it worked.
You can try this: {{ Input::old('username') }}.

Symfony2, login form - CSRF protection

I have this login form via Symfony2 security documentation with the following TWIG template content:
<form action="{{ path('login_check') }}" method="post">
<div class="input form">
<label for="username">Account name or E-mail:</label>
<input type="text" id="username" name="_username" value="{{ last_username }}" required="required" />
</div>
<div class="input form">
<label for="password">Password:</label>
<input type="password" id="password" name="_password" required="required" />
</div>
<input type="hidden" name="_token" value="{{ csrf_token("intention") }}">
<button type="submit">Log In</button>
</form>
And I want to add CSRF protection in this form. As you can see, I added this line <input type="hidden" name="_token" value="{{ csrf_token("intention") }}"> but I'm not really sure, if it is enough to activate this protection.
My controller has same form as on the doc, so it looks like this:
<?php
// src/Acme/SecurityBundle/Controller/SecurityController.php;
namespace Acme\SecurityBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Security\Core\SecurityContext;
class SecurityController extends Controller
{
public function loginAction()
{
$request = $this->getRequest();
$session = $request->getSession();
// get the login error if there is one
if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
$error = $request->attributes->get(
SecurityContext::AUTHENTICATION_ERROR
);
} else {
$error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
$session->remove(SecurityContext::AUTHENTICATION_ERROR);
}
return $this->render(
'AcmeSecurityBundle:Security:login.html.twig',
array(
// last username entered by the user
'last_username' => $session->get(SecurityContext::LAST_USERNAME),
'error' => $error,
)
);
}
}
So it's enough just paste one hidden input with value {{ csrf_token("intention") }} or I have to add something into controller?
I found that Answer from #Chris McKinnel isn't true. Now, the Symfony2 has on the tutorial page this section:
http://symfony.com/doc/current/cookbook/security/csrf_in_login_form.html
I need add line in my security.yml:
form_login:
# ...
csrf_provider: form.csrf_provider
And change this
<input type="hidden" name="_token" value="{{ csrf_token("intention") }}">
to
<input type="hidden" name="_csrf_token" value="{{ csrf_token("authenticate") }}">
Now I am sure my authentication form si CSRF protected.
CSRF protection is enabled by default, so all you need to do is render your CSRF token in your HTML. You don't need to do anything in your controller.
You have a couple of options:
Do it just like you've done it above
Use {{ form_rest(form) }}, this will render all fields that you haven't rendered yet, including hidden fields like the CSRF token
Either will work fine.

Categories