CSRF-Protector-PHP icon indicating copy to clipboard operation
CSRF-Protector-PHP copied to clipboard

Published 20 hours ago verified publisher icon mebjas

403 access forbidden by csrfprotector!

Open kathyitkywong opened this issue 2 years ago • 2 comments

hi.` I have a form but it returns "403 access forbidden by csrfprotector!" whenever I submitted the form. I read the discussion and tries each of them but it doesn't work. Any clue?

<?php
require 'config.php';
require_once 'header.php';
include_once __DIR__ .'/csrf/libs/csrf/csrfprotector.php';

//Initialise CSRFGuard library
csrfProtector::init();


$result = mysqli_query($con, "SELECT * FROM Qualification_End_Date"); 
$row = mysqli_fetch_array($result);

if(isset($_POST['submit'])) {
    $date = $_POST['e_day'];
    mysqli_query($con, "UPDATE Qualification_End_Date SET End_Date='$date'"); 
    
   echo "<script>clearPage();</script>";
   echo "<div id=\"statement\">".
        "<h2>Success!</h2><fieldset><p><div id=\"messageIcon\"><img src=\"./images/ok.png\" /> </div>".
        "<div id=\"messageContent\"><p>Qualification End Date has been updated.</p></div></p></fieldset></div>";
   exit;
}
echo "<h3><p>Update Qualification End Date</p></h3>";
echo "<form method=\"post\" action=\"\">".
      "<table><tr><td class=\"left\">Qualification End Date</td><td class=\"right\"><input type=\"date\" name=\"e_day\" value=\"".$row[0]."\" /></td></tr></table>".
	  "<div><p class=\"button\"><button type=\"submit\" name=\"submit\" class=\"submit\">Update</button></p></div></form>";

require_once 'footer.php';
?>

kathyitkywong avatar Jul 19 '23 09:07 kathyitkywong

When you look at the request details (request headers or form data) are you seeing a CSRF token? When you debug the request on the web server do you see a CSRF token in the $_REQUEST or $_POST variables?

CassadyCampos avatar Jul 28 '23 15:07 CassadyCampos

Hi,

When I loaded the page and inspect it, I can saw a script in the header session as follows but seems I can't see the token.

Cassady Campos @.***> 於 2023年7月28日 週五 下午11:24寫道:

When you look at the request details (request headers or form data) are you seeing a CSRF token? When you debug the request on the web server do you see a CSRF token in the $_REQUEST or $_POST variables?

— Reply to this email directly, view it on GitHub https://github.com/mebjas/CSRF-Protector-PHP/issues/158#issuecomment-1655882325, or unsubscribe https://github.com/notifications/unsubscribe-auth/BBL2M3LNQIE3XM6BDWRRGJLXSPKTPANCNFSM6AAAAAA2PTDTFI . You are receiving this because you are subscribed to this thread.Message ID: @.***>

kathyitkywong avatar Jul 31 '23 02:07 kathyitkywong