We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.
  1. Home
  2. General

how to use two csrf on the same page?

hi all,

i have two form on same page (login and signup ), via forms i created two csrf object but when only loginform is working , its working but when two , csrf is invalid i got.

how can i solve it ?

LoginForm.php

// CSRF
        $csrf = new Hidden('csrf');

        $csrf->addValidator(new Identical(array(
            'value' => $this->security->getSessionToken(),
            'message' => 'CSRF Doğrulaması Hatalı'
        )));

        $this->add($csrf);

Signupform.php

$csrf = new Hidden('csrfa');

        $csrf->addValidator(new Identical(array(
            'value' => $this->security->getSessionToken(),
            'message' => 'CSRF validation failed'
        )));

        $this->add($csrf);

on main.phtml

on login form: <?php echo $login_form->render('csrf',array('value' => $this->security->getToken()));?> on signup form : <?php echo $signup_form->render('csrfa',array('value' => $this->security->getToken()));?>

how can i solve it ? Thanks for all



98.9k

Why do you need two CSRF in the same page? It will increase the token processing twice.



39.3k

How can i do that what im trying to do ?



5.0k
edited Mar '14

Once generate, many use in forms:

$sessionToken =  $this->security->getSessionToken();
$token =  $this->security->getToken();

$form1->sessionToken = $sessionToken;
$form1->token = $token;
$form2->sessionToken = $sessionToken;
$form2->token = $token;


2.4k

@geass can you put your code or explain how you were able display both login and sign up on the same page? i'm trying to do the same, i'm trying to chane Vokuro to show both forms on the index page but i couldn't do it. i asked that question but haven't received a reply yet. i'd appreciate if you could help me out.