We Keep Coding

Zend Framework 2 CSRF validation

I have application base on Zend framework 2. I have a form with CSRF field. If I fill the form and submit after around 5 minutes it gives me The form submitted did not originate from the expected site validation error.
So I assumed it might be some issue with session configurations. Then I added options to SessionConfig on module.config.php as follows
'session' => array(
'remember_me_seconds' => 2419200,
'use_cookies' => true,
'cookie_httponly' => true,
'cookie_lifetime' => '2419200',
'gc_maxlifetime' => '2419200'
),
But the problem still exist. Do you know how to fix this issue ?
--Update--
My form class contains the CSRF element as follows,
$this->add(array(
'type' => 'Zend\Form\Element\Csrf',
'name' => 'security',
'options' => array(
'csrf_options' => array(
'timeout' => 20000
)
)
));
None of these seems to work.

The Csrf system under ZendFramework configures the session duration from the parameter stored in the configuration of the Csrf element under the timeout key as shown in the following example :
$form->add([
'type' => Element\Csrf::class,
'name' => 'csrf',
'options' => [
'csrf_options' => [
'timeout' => 600,
],
],
]);
Put the session config under the config key as shown in the following example :
'session' => [
'config' => [
'class' => Zend\Session\Config\SessionConfig::class,
'options' => [
'name' => 'SID',
'use_cookies' => true,
'cookie_httponly' => true,
'remember_me_seconds' => 2419200,
],
],
]

Session cookie not being written in CakePHP 2

Last weekend I was trying to troubleshoot a bug on a website where the Session was not being preserved in IE - today I went to do further work on the site on my laptop, and I could no longer log in -invariably I have done something incredibly stupid.
I'm using xampp on a Windows laptop, and working on localhost, and this occurs in all browsers. I am not very experienced with troubleshooting these kinds of problems - I have been able to ascertain the following:
The user is able to login (Auth->login() successfully logs the user in), the issue is the Session is gone when they are redirected
I can see the Sessions being written in my /tmp/ dir containing (what looks to be) the correct data
I can create my own stupid cookies and their values persist
No other cookies exist for the site
So, it would appear to me that the Session cookie is not being set, but I have run out of ideas as to why this might be occurring. I haven't changed any cookie related browser settings (outside of enabling cookies in IE), and I have double checked my Chrome cookie settings. I have also, as I mentioned, written some junk cookies in AppController, and I can see them created, and their data persists.
If I call $_SESSION after login(), everything looks great, but if I print $_SESSION before logging in, it's empty.
I am quite sure I have managed to do something retarded, but I have run out of ideas as to what it might be. I have restored my /app/core.php to be the Cake defaults:
Configure::write('Session', array(
'defaults' => 'php'
));
My login() function looks essentially as follows:
public function login() {
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash(__('Invalid username or password, try again.'));
}
Auth settings in AppController:
class AppController extends Controller {
public $components = array(
'Session',
'Cookie',
'Acl',
'Email',
'Auth' => array(
'authenticate' => array(
'Form' => array(
'fields' => array('username' => 'email', 'password' => 'password')
)),
'authorize' => array(
'Actions' => array('actionPath' => 'controllers')
),
'loginRedirect' => array('controller' => 'users', 'action' => 'dashboard'),
),
);
And example output from printing $this->Auth->user(), $_SESSION before the redirect in login():
\app\Controller\UsersController.php (line 203)
array(
'id' => '10',
'name' => 'super',
'is_active' => '1',
'email' => 'super#test.com',
'group_id' => '3',
'address' => '3',
'phone' => 'xxxxx',
'category' => 'P',
'communication_in' => 'E',
'created' => '2014-11-29 16:27:19',
'modified' => '2014-11-29 16:27:19',
'Group' => array(
'id' => '3',
'name' => 'Administrators',
'created' => '2014-11-16 21:01:35',
'modified' => '2014-11-16 21:01:35'
)
)
\app\Controller\UsersController.php (line 204)
array(
'Config' => array(
'userAgent' => '4af162a3a94462226b6e93c6806203aa',
'time' => (int) 1417317929,
'countdown' => (int) 10,
'language' => 'eng'
),
'Auth' => array(
'User' => array(
'id' => '10',
'name' => 'super',
'is_active' => '1',
'email' => 'super#test.com',
'group_id' => '3',
'address' => '3',
'phone' => 'xxxx',
'category' => 'P',
'communication_in' => 'E',
'created' => '2014-11-29 16:27:19',
'modified' => '2014-11-29 16:27:19',
'Group' => array(
'id' => '3',
'name' => 'Administrators',
'created' => '2014-11-16 21:01:35',
'modified' => '2014-11-16 21:01:35'
)
)
)
)
Last created session file:
Config|a:4:{s:9:"userAgent";s:32:"4af162a3a94462226b6e93c6806203aa";s:4:"time";i:1417317929;s:9:"countdown";i:10;s:8:"language";s:3:"eng";}Auth|a:1:{s:4:"User";a:12:{s:2:"id";s:2:"10";s:4:"name";s:5:"super";s:9:"is_active";s:1:"1";s:5:"email";s:14:"super#test.com";s:8:"group_id";s:1:"3";s:7:"address";s:1:"3";s:5:"phone";s:10:"xxxxx";s:8:"category";s:1:"P";s:16:"communication_in";s:1:"E";s:7:"created";s:19:"2014-11-29 16:27:19";s:8:"modified";s:19:"2014-11-29 16:27:19";s:5:"Group";a:4:{s:2:"id";s:1:"3";s:4:"name";s:14:"Administrators";s:7:"created";s:19:"2014-11-16 21:01:35";s:8:"modified";s:19:"2014-11-16 21:01:35";}}}

Facepalm of the day:
Many hours later, I finally thought to check phpinfo(), and of course, the session.cookie-domain was set to the remote site. I suppose at some point last week I edited the wrong PHP ini file.

Dynamic configuration parameters via parse_ini_file()

I have a snippet of configuration code that looks like this:
$config = array(
'layer one' => array(
'host' => 'one.example.com',
'prefix' => '',
'isRemote' => false
),
'layer two' => array(
'host' => 'two.example.com',
'prefix' => '/Example/two/public/index.php/',
'isRemote' => true
),
'layer three' => array(
'host' => 'three.example.com',
'prefix' => '/Example/three/public/index.php/',
'isRemote' => true
)
);
I'm trying to migrate this configuration to an .ini file. The problem is, there can be an arbitrary number of the "layers" listed above, but they all must have the same set of attributes: host, prefix, and isRemote.
What's the way to represent this in an .ini file loaded by parse_ini_file()?
Thanks.

ZF2 authentication session is not working

I am using ZF2 authentication. It writes the authentication credentials into the storage properly.
Also I can see my session variable being set (checked by print_r($_SESSION)).
My doubts are:
1. the function, hasIdentity() from AuthenticationService.php always returns false even if the authentication is successful As a result I can't log in.
In my config/autoload/global.php I have config like this:
'session' => array(
'config' => array(
'class' => 'Zend\Session\Config\SessionConfig',
'options' => array(
'name' => 'testsuitestudio',
'remember_me_seconds' => $lifeTime,
'gc_maxlifetime' => $lifeTime,
'gc_divisor' =>1,
'gc_probability' =>1,
'cookie_lifetime' =>$lifeTime,
'cookie_domain' => $subDomainVar,
'cache_expire' => $lifeTime,
'save_path' => $sessionDirectory
),
),
'storage' => 'Zend\Session\Storage\SessionArrayStorage',
'validators' => array(
array(
'Zend\Session\Validator\RemoteAddr',
'Zend\Session\Validator\HttpUserAgent',
),
),
),
2. If I comment out :'cookie_domain' => $subDomainVar, from the above array, it works fine.
What could be the issue?

Yii framework new column in database not showing in output of $model->getAttributes() method call?

Yii version 1.1.8
I have added a column to a table in a mysql database,
but the new column is not showing in output of $model->getAttributes() method call
I deleted all files in protected/runtime folder, but still no column
config: 'schemaCachingDuration' => 0, // in seconds. <1 means off
I can add data to the new column directly in the database.
Are there any other things that I can do to debug this?
index.php
<?php
// change the following paths if necessary
$yii=dirname(__FILE__).'/../../framework/yii.php';
$config=dirname(__FILE__).'/protected/config/main.php';
// remove the following line when in production mode
//debug
defined('YII_DEBUG') or define('YII_DEBUG',true );
//show profiler
defined('YII_DEBUG_SHOW_PROFILER') or define('YII_DEBUG_SHOW_PROFILER',true);
//enable profiling
defined('YII_DEBUG_PROFILING') or define('YII_DEBUG_PROFILING',true);
//trace level
defined('YII_TRACE_LEVEL') or define('YII_TRACE_LEVEL',0);
//execution time
defined('YII_DEBUG_DISPLAY_TIME') or define('YII_DEBUG_DISPLAY_TIME',false);
require_once($yii);
Yii::createWebApplication($config)->run();
main.php
<?php
return CMap::mergeArray(array(
'timeZone'=>'UTC',
'basePath' => dirname(__FILE__) . DIRECTORY_SEPARATOR . '..',
'catchAllRequest' => null, // null if online, array('site/offline') if offline,
'sourceLanguage' => 'en_ca',
'theme' => 'td',
'charset' => 'UTF-8',
'preload' => array('log'),
'import' => array(
'application.models.*',
'application.components.*',
'application.extensions.*'
),
'modules' => array(
),
// application components
'components' => array(
'format' => array(
),
'user' => array(
// enable cookie-based authentication
'allowAutoLogin' => true,
'autoRenewCookie' => true,
),
'widgetFactory' => array(
'enableSkin' => true,
),
'urlManager' => array(
),
),
'db' => array(
'class' => 'CDbConnection',
'connectionString' => 'mysql:host=localhost;dbname=mydb',
'emulatePrepare' => true,
'initSQLs'=>array("set time_zone='+00:00'"),
'username' => 'root',
'password' => '',
'charset' => 'utf8',
'tablePrefix' => 'tbl_',
'enableParamLogging' => true, //show parameter values in log
// 'schemaCachingDuration' => 0, // in seconds. <1 means off
'enableProfiling' => YII_DEBUG_PROFILING, //show sql profile info in log
'nullConversion' => true,
//'initSQLs'=>array('set time_zone="+00:00"')
),
'errorHandler' => array(
),
'log' => array(
'class' => 'CLogRouter',
'routes' => array(
array(
'class' => 'CFileLogRoute',
'levels' => 'error, warning',
'filter' => 'CLogFilter',
'enabled' => !YII_DEBUG
),
array(
'class' => 'CPhpMailerLogRoute',
'levels' => 'error',
'emails' => 'neilmcguigan+tderror#gmail.com',
'filter' => 'CLogFilter',
'enabled' => false,
),
array(
'class' => 'CWebLogRoute', // show log messages on web pages
'enabled' => YII_DEBUG,
'filter' => 'CLogFilter',
//'showInFireBug' => false
),
array(
'class' => 'CProfileLogRoute',
'enabled' => YII_DEBUG,
'showInFireBug' => false
)
),
),
'request' => array(
),
'securityManager'=>array(
)
),
// application-level parameters that can be accessed
// using Yii::app()->params['paramName']
'params' => array(
),
), require(dirname( __FILE__ ) . '/override.php'));

Having just went through this problem -- I found out the new field names need to be in the attributeLabels function in the model
public function attributeLabels()
{
return array(
'id' => 'ID',
'newfield' => 'New Field',
...
Be careful with using the "better still update overwrite your whole model" suggestion if you are like me and have a lot of custom code in your models. As Sankalp Singha suggests, Just copy the "diff" (green part) from using gii and add the part from attributeLabels to your code.

After you have added a new column in your table then just go to Gii and then click on model generator. In that put the name of your table again and then click preview. There would be an option of diff click on that and then copy the highlighted green code and copy paste it in your original modal or better still update overwrite your whole modal. Then check if you are able to get the values inside and are able to get the attributes. This should work.