XF 2.1 Security error occurred. Please press back, refresh the page, and try again.

[Deleted member 91401]

I'm setting up a custom PHP page.

I'm using this as my callback:

<xf:callback class="Pages\Index" method="getHtml"></xf:callback>

I have a folder structure like this: src/addons/Pages/Index.php

Inside the index.php file is this:

<?php
namespace Pages;
class Bin
{
  public static function getHtml()
  {
    include 'custompage.php';
  }
}

and then custompage.php is the page that has mixed html and php for submitting a POST form. the page loads fine, but as soon as I click "submit" I get the error:

Security error occurred. Please press back, refresh the page, and try again.

I've tried adding <xf:csrf /> under the <form> tag but that doesn't solve the problem either.

Any help would be massively appreciated.

 

[TickTackk]

<xf:callback class="Pages\Index" method="getHtml"></xf:callback>

namespace Pages; class Bin

Class name sure doesn't look right in at least one place

 

[Deleted member 91401]

Class name sure doesn't look right in at one place

Sorry I forgot to chang that part of the code before copying it in.

<?php
namespace Pages;
class Index
{
  public static function getHtml()
  {
    include 'custompage.php';
  }
}

The page loads fine, it's just that when I click submit on the form it generates the security error but doesn't actually generate a security or server error in the admincp so finding it hard to troubleshoot.

 

[TickTackk]

The page loads fine, it's just that when I click submit on the form it generates the security error but doesn't actually generate a security or server error in the admincp so finding it hard to troubleshoot.

That generic security error usually means CSRF/Cookie is missing or wrong in the request you make. What is your end goal with the callback?

 

[Deleted member 91401]

That generic security error usually means CSRF/Cookie is missing or wrong in the request you make. What is your end goal with the callback?

You type something into the form, click submit and it checks the data you submitted against an external API and presents you with data based on the search results from the API.

Here is the current form code:

<form action="" class="form-horizontal" method="post">
        <xf:csrf />
            <div class="form-group">
                <label class="col-sm-3 col-md-3 control-label" for="btc"><font color="#5741bf">BTC</font></label>
                <div class="col-sm-7 col-md-6">
                    <input class="form-control" name="btc" type="number" maxlength="16" required>
                </div>
            </div>

            <br>

            <div class="form-group">
                <div class="col-sm-offset-3 col-xs-8 col-sm-4"><button class="btn btn-primary btn-block btn-lg" type="submit">Submit</button></div>
                <div class="col-xs-4 col-sm-3 col-md-2"><button class="btn btn-default btn-block btn-lg" type="reset">Clear</button></div>
            </div>
            <xf:csrf />
        </form>
<xf:csrf />
        </div>
            <br>
            <?php if (isset($response)){ ?>
            <?php echo $bin !== '' ? "<h1 style=\"text-align: center;\">BTC: " . $_POST['bin'] . "</h1>" : ""; ?>
            <?php echo (property_exists($response, 'scheme') and $response->scheme !== null) ? "<h2 style=\"text-align: center;\">Scheme: " . ucfirst($response->scheme) . "</h2>"  : "" ?>
            <?php echo (property_exists($response, 'type') and $response->type !== null) ? "<h2 style=\"text-align: center;\">Type: " . ucfirst($response->type) . "</h2>"  : "" ?>
            <?php echo (property_exists($response, 'brand') and $response->brand !== null) ? "<h2 style=\"text-align: center;\">Brand: " . ucfirst($response->brand) . "</h2>"  : "" ?>
            <?php echo (property_exists($response, 'country') and $response->country !== null) ? "<h2 style=\"text-align: center;\">Country: " . ucfirst($response->country->name) . "</h2>"  : "" ?>
            <?php echo (property_exists($response, 'btc') and $response->btc !== null) ? "<h2 style=\"text-align: center;\">BTC: " . ucfirst($response->btc->name) . "</h2>"  : "" ?>
            <?php } ?>
    </div>

 

[Deleted member 91401]

@Chris D any ideas?

 

[Chris D]

The HTML you enter into your PHP callback script is not compiled by XF so <xf:csrf /> will not work. In fact, if you inspect the HTML of the page you will probably see <xf:csrf /> right in the HTML which isn't real HTML.

You actually need to include the PHP code that generates the CSRF token:

<?php echo \XF::app()->templater()->fnCsrfInput(\XF::app()->templater(), $null); ?>

That should do it.

 

[Deleted member 91401]

The HTML you enter into your PHP callback script is not compiled by XF so <xf:csrf /> will not work. In fact, if you inspect the HTML of the page you will probably see <xf:csrf /> right in the HTML which isn't real HTML.

You actually need to include the PHP code that generates the CSRF token:

<?php echo \XF::app()->templater()->fnCsrfInput(\XF::app()->templater(), $null); ?>

That should do it.

Should I place this at the top of the file with the HTML form?

Thank you so much man I've been banging my head against the wall for days

 

[Chris D]

You need to place it inside your form element. By convention we tend to add it at the bottom of the form element, so just before your closing </form> tag.

 

[Deleted member 91401]

You need to place it inside your form element. By convention we tend to add it at the bottom of the form element, so just before your closing </form> tag.

tried it, all working now. thanks so much.