I am getting this error
Warning: Undefined array key "csrf_token" in C:\Users\ThaOracle\Projects\salesinventoryapp\engine\tg_helpers\validation_helper.php on line 598
Fatal error: Uncaught TypeError: hash_equals(): Argument #1 ($known_string) must be of type string, null given in C:\Users\ThaOracle\Projects\salesinventoryapp\engine\tg_helpers\validation_helper.php:600 Stack trace: #0
Which is thrown from the file engine/tg_helpers/validation_helper.php:598
I am also using the form_open() and form_close() helper which sets the $_SESSION['csrf_token'].
Why can't the session value be read?
Undefined array key csrf_token
2 years ago
2 years ago
#1
2 years ago
#2
I want everybody to know that I looked at this with good intentions but there's no information whatsoever about how to recreate the issue. So, I can't help. Maybe somebody else can.
Best of luck.
Best of luck.
2 years ago
#3
Sorry, if I was not clear enough.
The error happens when I submit the login form.
The code for the login form view is this
While the controller methods
Whenever the form is submitted I get the error "Undefined array key "csrf_token"" originating from this line of code in engine\tg_helpers\validation_helper.php:598
What I have tried.
Clearly the $_SESSION['csrf_token'] is being set in the form_close helper and cant be read. So i tried the suggestions in https://stackoverflow.com/questions/17242346/php-session-lost-after-redirect but no success.
I also checked if the hidden csrf field exists in the form view. Which it does.
I also checked if the session is working properly by running
for the page[dot]php
My Environment setup
PHP v8.2
MySQL v8.0
Laragon
Windows 11
I have other apps running on other php frameworks where I use sessions and i have no issues there.
I would highly appreciate suggestions and fixes on this issue.
Thanks.
K.
The error happens when I submit the login form.
The code for the login form view is this
While the controller methods
Whenever the form is submitted I get the error "Undefined array key "csrf_token"" originating from this line of code in engine\tg_helpers\validation_helper.php:598
What I have tried.
Clearly the $_SESSION['csrf_token'] is being set in the form_close helper and cant be read. So i tried the suggestions in https://stackoverflow.com/questions/17242346/php-session-lost-after-redirect but no success.
I also checked if the hidden csrf field exists in the form view. Which it does.
I also checked if the session is working properly by running
for the page[dot]php
My Environment setup
PHP v8.2
MySQL v8.0
Laragon
Windows 11
I have other apps running on other php frameworks where I use sessions and i have no issues there.
I would highly appreciate suggestions and fixes on this issue.
Thanks.
K.
2 years ago
#4
Thank you.
I can see that you're being helpful by giving us much more information and I appreciate that. However, there's still not enough information for me to solve this. Maybe somebody else can solve it.
What would be helpful to me would be:
1). What are you trying to do? For example, "I'm trying to log a user in by checking his login credentials against a 'members' table".
2). What is the URL you're on when you're experiencing the error?
3). What's the name of the module that the controller code is being taken from?
4). What is the URL that you're going to in order to be presented with the form?
Now, ALL of the above can probably be ascertained by looking at your code. For example, it looks to me like you have a login form that's available from your base URL followed by 'login'. However, that is an unusual way of working. It's not how building of login forms has been covered in any tutorials and whilst it might be a perfectly good way to work, it's sort of non-standard. There's nothing wrong with being non-standard. Actually, I love it! However, I shouldn't have to dig around into your code trying to get answers to basic questions like those above.
All of this... and I'll say it again... ALL OF THIS if 100% my fault.
I need to build a feature that gives users an opportunity to clearly set out their issues will all of the information that's required. This thread is a perfect example of somebody with a legitimate problem and perfectly good intentions, taking the time to be clear and thorough but still running into challenges. Again, that's my fault. I apologise.
I'll leave with the following:
1). Your base URL (as indicated by the constant BASE_URL) should end with a forwardslash. That being the case, you should not have your target URLs inside things like form_open functions being declared with a forwardslash. That's bound to cause errors. So instead of:
You should say:
2). This thread has inspired the creation of some improvements to the Help Bar. Thank you!
3). If you contact me, using the contact form on this website, I'll be happy to arrange a Skype call with you were you can show me your screen and I'll give you personal one-on-one help live. No charge.
That's your vibe and thank you for choosing Trongate.
I can see that you're being helpful by giving us much more information and I appreciate that. However, there's still not enough information for me to solve this. Maybe somebody else can solve it.
What would be helpful to me would be:
1). What are you trying to do? For example, "I'm trying to log a user in by checking his login credentials against a 'members' table".
2). What is the URL you're on when you're experiencing the error?
3). What's the name of the module that the controller code is being taken from?
4). What is the URL that you're going to in order to be presented with the form?
Now, ALL of the above can probably be ascertained by looking at your code. For example, it looks to me like you have a login form that's available from your base URL followed by 'login'. However, that is an unusual way of working. It's not how building of login forms has been covered in any tutorials and whilst it might be a perfectly good way to work, it's sort of non-standard. There's nothing wrong with being non-standard. Actually, I love it! However, I shouldn't have to dig around into your code trying to get answers to basic questions like those above.
All of this... and I'll say it again... ALL OF THIS if 100% my fault.
I need to build a feature that gives users an opportunity to clearly set out their issues will all of the information that's required. This thread is a perfect example of somebody with a legitimate problem and perfectly good intentions, taking the time to be clear and thorough but still running into challenges. Again, that's my fault. I apologise.
I'll leave with the following:
1). Your base URL (as indicated by the constant BASE_URL) should end with a forwardslash. That being the case, you should not have your target URLs inside things like form_open functions being declared with a forwardslash. That's bound to cause errors. So instead of:
You should say:
2). This thread has inspired the creation of some improvements to the Help Bar. Thank you!
3). If you contact me, using the contact form on this website, I'll be happy to arrange a Skype call with you were you can show me your screen and I'll give you personal one-on-one help live. No charge.
That's your vibe and thank you for choosing Trongate.
2 years ago
#5
Hi vimkaf,
My 2-cents here is a quick check I did by creating a new app with the Desktop app, then a module with the VS Code extension; copying your view and controller code you have shared. Commenting out the custom validation callback and the user checks in "login_check()" to the db as I don't have those tables. Insert a die("csrf check OK"); right after the validation_helper->run(); and I DON'T get that error you mention above:
Also, to test we are in fact getting to validation_helper.php->csrf_protect():
All the above is telling me - I can't recreate your issue with a fresh app created with the Desktop app using your code. Please check as I did, if you get the same result - you may have issues with the copy of the engine you are using.
I'm using Windows 11 with Xampp upgraded to php8. 3
I haven't tried your dev environment using Laragon which might be your issue.
My 2-cents here is a quick check I did by creating a new app with the Desktop app, then a module with the VS Code extension; copying your view and controller code you have shared. Commenting out the custom validation callback and the user checks in "login_check()" to the db as I don't have those tables. Insert a die("csrf check OK"); right after the validation_helper->run(); and I DON'T get that error you mention above:
Also, to test we are in fact getting to validation_helper.php->csrf_protect():
All the above is telling me - I can't recreate your issue with a fresh app created with the Desktop app using your code. Please check as I did, if you get the same result - you may have issues with the copy of the engine you are using.
I'm using Windows 11 with Xampp upgraded to php8. 3
I haven't tried your dev environment using Laragon which might be your issue.
2 years ago
#6
UPDATE!!
I have found the root cause of the issue. It was Laragon's virtual host. I was using Laragon's virtual hosts feature to run the app. My base URL formerly was http://salesinventory.local after switching to http://localhost/salesinventory I no longer get the error.
Suggestion (Your Questions)
I also have a suggestion regarding the Help Bar. It would be helpful if a user can find the question he/she has posted in the forum without having to search or scroll through several questions.
Thanks to DC and DaFa for their time.
I have found the root cause of the issue. It was Laragon's virtual host. I was using Laragon's virtual hosts feature to run the app. My base URL formerly was http://salesinventory.local after switching to http://localhost/salesinventory I no longer get the error.
Suggestion (Your Questions)
I also have a suggestion regarding the Help Bar. It would be helpful if a user can find the question he/she has posted in the forum without having to search or scroll through several questions.
Thanks to DC and DaFa for their time.
2 years ago
#7
Well, now we are getting somewhere! I can now recreate the error you are seeing with Xampp when I map 127.0.0.1 in the HOST file found in:then add the following:I know this is not the same as doing a vhost in Apache, but the result is the same here. Now when I goto:in the URL, I seeIf I var_dump() the session in the form viewfileWe can see the $csrf_tokenbut it is getting lost on the return URL in the form:If we add the full URL to the return URL in the form toIt all just works.
This might be a job for DC to add some graceful error-trapping when either the $_SESSION['csrf_token'] is being set or when reading it back in.
As for your suggestion about "if a user can find the question he/she has posted in the forum without having to search or scroll through several questions" - that already exists. Just click on the user's name to the right of this panel and then "View All Posts From This User" - this might be an admin thing DC has enabled for Dan and me, so not sure if you see it too.
Please also, close off this thread now we have a solution to your query.
ps. also please close off your other thread
This might be a job for DC to add some graceful error-trapping when either the $_SESSION['csrf_token'] is being set or when reading it back in.
As for your suggestion about "if a user can find the question he/she has posted in the forum without having to search or scroll through several questions" - that already exists. Just click on the user's name to the right of this panel and then "View All Posts From This User" - this might be an admin thing DC has enabled for Dan and me, so not sure if you see it too.
Please also, close off this thread now we have a solution to your query.
ps. also please close off your other thread