We are moving our forum in GitHub Discussions. For questions about Phalcon v3/v4 you can visit here and for Phalcon v5 here.

How to use token in simple sign up form

hi, I dont use token in my sign up form please give me one sample that correct to use it ? tnx for help

edited Sep '14

I'm assuming by token you mean CSRF? How are you constructing your forms? If you're using the form builder you can do something similar to the below:

    $securityToken = new \Phalcon\Forms\Element\Hidden('securityToken');
    $securityToken->addValidator(new \Phalcon\Validation\Validator\Identical(array(
        'message'   => 'CSRF validation failed',
        'value' => $this->security->getSessionToken()


my code is:

add form token like this:

$this->add(new Hidden('token', array(
            'name' => $this->security->getTokenKey(),
            'value' => $this->security->getToken()

add form token to html like this:

 <form role="form" method="post" action="{{ url("user/save") }}" enctype="multipart/form-data" >
                                    {{ form.render("token") }}

add token check to controller like this:

if (!$this->security->checkToken()) {
                return $this->dispatcher->forward(array(
                        'controller' => 'user',
                        'action' => 'index'

but return always true! and not worked

yes i have, exactly use this structur in my code, but always tokecheck return true!!!!