I have a simple log in form with a csrf token field. When I submit I get a token mismatch. When I look at the value in the form the value of the token is blank
Both the login form and the authenticate are both in the web middleware group
Route::group(['middleware' => ['web']],function(){
Route::get('/login',function(){
return view('auth.login');
});
Route::post('/authenticate_user','Accounts\Accounts#authenticateUser');
Route::get('/bar',function(){
return csrf_token(); // works
});
});
That bar route does display a token
//login.blade
#section('content')
<div class="row">
<div class="col-md-12">
<form action="authenticate_user" method="post">
<label for="login_name">User Name</label>
<input type="text" id="login_name" name="login_name" required="required">
<label for="password">Password</label>
<input type="password" id="password" name="password" required="required">
{{ csrf_field() }}
<br>
<button type="submit" id="Login" name="login" value="Log In" class="btn btn-default">Log In</button>
</form>
</div>
</div>
#endsection
Unfortunately the csrf field value is blank when I look at the source code
<input type="hidden" name="_token" value="">
I did clear the laravel session and view storage. I restarted my browser and web server (XAMPP using PHP 7.0.2 on win 7).
I also tried:
<?php
$encrypter = app('Illuminate\Encryption\Encrypter');
$encrypted_token = $encrypter->encrypt(csrf_token());
?>
<input id="token" type="hidden" value="{{$encrypted_token}}">
Got a value but it still mismatched
I am sure I am doing something stupid but I have no idea why I am not getting a token value and mismatch
You problem is
{{ csrf_field() }}
it should be
{!! csrf_field() !!}
Using {!! !!} it will render HTML code
UPDATE
From the Laravel docs:
Displaying Unescaped Data
By default, Blade {{ }} statements are automatically sent through PHP's htmlentities function to prevent XSS attacks. If you do not want your data to be escaped, you may use the following syntax:
Hello, {!! $name !!}.
Related
Hello I want to shift the _token in the last of URL asshown below
What I am getting:
example.com/search?_token=qkPc5aNyEp7tysbyQhZcnjHdP1wi9q&query=php
What I want:
example.com/search?query=php&_token=qkPc5aNyEp7tysbyQhZcnjHdP1wi9q
My Form code Is like
<form action="search" method="GET">
{!! csrf_field() !!}
<div class="main-search-input fl-wrap">
<div class="main-search-input-item">
<input type="text" name="query" value="" placeholder="Search snippets..." required>
</div>
<button class="main-search-button" type="submit">Search</button>
</div>
</form>
Put the csrf field at the bottom of the form tho I think you don't need it.
I am trying to submit a form in Laravel but I am getting the error The POST method is not supported for this route. Supported methods: GET, HEAD, PUT, PATCH, DELETE.
I have tried the suggestions in post method in laravel give MethodNotAllowedHttpException but none is working.
Here is my code.
<div class="row" style="background: #ffffff;">
<div class="col-lg-12 col-md-12 col-sm-12" style="background: white; margin: 10px">
<form method="post" action="{{ route('companies.update',[$company->id]) }}">
{{ csrf_field() }}
<input type="hidden" name="method" value="put">
<div class="form-group">
<label for="company.name">Name <span class="required">*</span> </label>
<input placeholder="Enter name" id="company-name" required name="description" spellcheck="false" class="form-control" value="{{ $company->name }}" />
</div>
<div class="form-group">
<label for="company-content">Description</label>
<textarea placeholder="Enter Description" style="resize: vertical" id="company-content" name="description" rows="5" spellcheck="true" class="form-control autosize-target text-left">
{{$company->description}}</textarea>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit" />
</div>
</form>
</div>
</div>
Replacing post with get,put removes the error but not doing what I want.
These are my routes
<?php
Route::get('/', function () {
return view('welcome');
});
Auth::routes();
Route::get('/home', 'HomeController#index')->name('home');
Route::resource('companies','CompaniesController');
Route::resource('projects','ProjectsController');
Route::resource('roles','RolesController');
Route::resource('tasks','TasksController');
Route::resource('users','UsersController');
In the CompaniesController I have
public function update(Request $request, Company $company)
{
$companyupdates = Company::where('id', $company->id)->update([
'name' => $request->input('name'),
'description' => $request->input('description'),
]);
if($companyupdates){
return redirect()->route('companies.show', ['company'=>$company->id])->with('success','Company Updated Successfully');
}
return back()->withInput();
}
Where am I going wrong?
Try using the blade directives instead:
<form method="post" action="{{ route('companies.update',$company->id) }}">
#csrf
#method('PUT')
Note: you don't need to pass the company id with '[ ]'
In this input:
<input type="hidden" name="method" value="put">
The name should be _method according to the laravel form method spoofing
Example from the docs:
<form action="/foo/bar" method="POST">
<input type="hidden" name="_method" value="PUT">
<input type="hidden" name="_token" value="{{ csrf_token() }}">
</form>
With the blade directives:
<form action="/foo/bar" method="POST">
#method('PUT')
#csrf
</form>`
Why is this error occurring?
You put the wrong name on your method input, so laravel will recognize this form action as POST, and not PUT. Since it's a update action, laravel will thrown this error.
HTML forms do not support PUT, PATCH or DELETE actions. So, when defining PUT, PATCH or DELETE routes that are called from an HTML form, you will need to add a hidden _method field to the form. The value sent with the _method field will be used as the HTTP request method:
For more info: Docs
I am using Laravel and I am trying to create an edit page and call my update method on submit, the problem is I am getting a 404 when updating. This is my blade file for editing like so:
#extends('adminlte::page')
#section('title', 'AdminLTE')
#section('content_header')
<h1>Professions</h1>
#stop
#section('content')
<form method="PUT" action="/admin/professions-update/{{ $data->pkprofession }}">
<div class="form-group">
<label for="profession_name">Profession Name</label>
<input type="text" name="profession_name" id="profession_name" class="form-control" value="{{$data->profession_name}}" />
</div>
<div class="form-group">
<button type="submit" class="btn btn-success">Update</button>
</div>
</form>
#stop
Here are my routes:
Route::get('/admin/professions-edit/{id}', 'v1\ProfessionsController#edit');
Route::put('/admin/professions-update/{id}', 'v1\ProfessionsController#update');
And Here are the methods being called:
public function edit($id)
{
$data = PdTprofession::find($id);
return view('professions-edit', compact('data'));
}
public function update(Request $request, $id)
{
$data = PdTprofession::find($id);
return view('professions-edit', compact('data'));
}
Why am I getting a 404 error and how do I fix it?
Thanks,
In laravel docs, HTML forms do not support PUT, PATCH or DELETE
actions. So, when defining PUT, PATCH or DELETE routes that are called
from an HTML form, you will need to add a hidden _method field to the
form. The value sent with the _method field will be used as the HTTP
request method:
<form action="/foo/bar" method="POST">
<input type="hidden" name="_method" value="PUT">
<input type="hidden" name="_token" value="{{ csrf_token() }}">
</form>
You may use the #method Blade directive to generate the _method input:
<form action="/foo/bar" method="POST">
#method('PUT')
#csrf
</form>
There are so many issues in your code lets resolve one by one:
action="/admin/professions-update/{{ $data->pkprofession }}">
change it to:
action="{{ url('/admin/professions-update/' . $data->pkprofession) }}">
and then HTML forms do not support PUT, PATCH or DELETE actions, so chage it to:
<form action="{{ url('/admin/professions-update/' . $data->pkprofession) }}" method="POST">
#method('PUT')
#csrf // this is required when you are using the method other then 'get'
other elements
</form>
You're missing the csrf token and the method input. Try this:
#extends('adminlte::page')
#section('title', 'AdminLTE')
#section('content_header')
<h1>Professions</h1>
#stop
#section('content')
<form method="POST" action="/admin/professions-update/{{ $data->pkprofession }}">
#csrf
#method('PUT')
<div class="form-group">
<label for="profession_name">Profession Name</label>
<input type="text" name="profession_name" id="profession_name" class="form-control" value="{{$data->profession_name}}" />
</div>
<div class="form-group">
<button type="submit" class="btn btn-success">Update</button>
</div>
</form>
#stop
Also, in your update method you are forgeting to update the object, add this to your code:
$data->update($request->all());
For more info: DOCS
I'm trying to create a form that passes data via get to the controller but the URL looks allways like this:
http://example.com/test?_token=VinwWFxKIhKvMqrrEBN5xwXhrmYQjLnOWV8s7dht¶m1=horse¶m2=cat¶m3=dog
But I want something like this:
http://example.com/test/param1=horse/param2=cat/param3=dog
or
http://example.com/test/horse/cat/dog
Route:
Route::get('test/{param1}/{param2}/{param3}', ['as' => 'test', 'uses' => 'MainController#test']);
HTML:
<form action="{{ route('test') }}" method="get">
{{ csrf_field() }}
<div class="col-md-3">
<div class="form-group">
<label for="animal1">animal1</label>
<br>
<input type="text" name="animal1" class="form-control">
</div>
</div>
<div class="col-md-3">
<div class="form-group">
<label for="animal2">animal2</label>
<input type="text" name="animal2" class="form-control">
</div>
</div>
<div class="col-md-3">
<div class="form-group">
<label for="animal3>animal3</label>
<input type="text" name="animal3" class="form-control">
</div>
</div>
<div class="col-md-12">
<button type="submit" class="btn btn-default">Submit</button>
</div>
</form>
The problem is that the test route is reloaded every 10 seconds. Therefore, the form values must be in the URL so that I can process them correctly in the controller.
I've found this question here but that wasn't so helpful
How To Pass GET Parameters To Laravel From With GET Method ?
Thanks for your help!
To do this, you'll need to switch off CSRF token check, which is a bad idea. Or you could use JS to build the query which is not a good idea too.
The best way to handle this is to use POST instead of GET:
<form action="{{ route('test') }}" method="post">
And then change the route to:
Route::post('test', ['as' => 'test', 'uses' => 'MainController#test']);
You can do this via javascript.
You don't need to use form like this.you can just get input values by id(getElementById) and on a button click, format them as you expect (test/{param1}/{param2}/{param3}) and redirect page to that.
I will process the data from the form
then I click the add button and get an error
Whoops, looks like something went wrong.
TokenMismatchException in VerifyCsrfToken.php line 67:
i have view
<form action="{{ url('siswa') }}" method="post">
<div class="form-group">
<label for="nisn" class="control-label">NISN</label>
<input name="nisn" id="nisn" type="text" class="form-control">
</div>
<div class="form-group">
<label for="nama_siswa" class="control-label">Nama Siswa</label>
<input name="nama_siswa" id="nama_siswa" type="text" class="form-control">
</div>
<div class="form-group">
<label for="tanggal_lahir" class="control-label">Tanggal Lahir</label>
<input name="tanggal_lahir" id="tanggal_lahir" type="date" class="form-control">
</div>
<div class="form-group">
<label for="jenis_kelamin" class="control-label">Jenis Kelamin</label>
<div class="radio">
<label><input name="jenis_kelamin" type="radio" value="L" id="jenis_kelamin"> Laki-laki</label>
</div>
<div class="radio">
<label><input name="jenis_kelamin" type="radio" value="P" id="jenis_kelamin"> Perempuan</label>
</div>
</div>
<div class="form-group">
<input class="btn btn-primary form-control" type="submit" value="Tambah Siswa">
</div>
</form>
and then this is my controller
public function create()
{
return view('siswa.create');
}
public function store(Request $request)
{
$siswa = $request -> all();
return $siswa;
}
you need to add {{csrf_field()}} inside the form. it will create a csrf token, which is needed to submit a form
You need to add this {{ csrf_field() }} between your form tags.Read here for more information https://laravel.com/docs/5.4/csrf
There are many options to solve this problem.
1) You can take hidden input field for token inside your form like:
<input type="hidden" name="_token" value="{{ csrf_token() }}" />
2) Add following code before the closing tag of your form:
{{ Form::token() }}
3) Or use laravel form syntax to avoid token mismatch problem like below.
{{ Form::open(array('url' => 'foo/bar')) }}
//
{{ Form::close() }}
4) Or in the html form structure you can also use csrf field like below.
<form method="POST" action="/profile">
{{ csrf_field() }}
...
</form>
5) Or lastly.
<form method="POST" action="/profile">
{!! csrf_field() !!}
...
</form>
This will definately work for you.
Thanks