Why captcha reload not work when I am adding the CSRF in ZEND? - zend-form

When I am adding the below code the reload captcha work fine
In ZEND FORM:
$this->setName("login");
$this->setMethod('post');
$this->addElement('text', 'username', array(
'filters' => array('StringTrim', 'StringToLower'),
'validators' => array(
array('StringLength', false, array(0, 50)),
),
'required' => true,
'label' => 'Username:',
));
$this->addElement('password', 'password', array(
'filters' => array('StringTrim'),
'validators' => array(
array('StringLength', false, array(0, 50)),
),
'required' => true,
'label' => 'Password:',
));
// Add a captcha
$this->addElement('captcha', 'captcha', array(
'label' => 'Please enter the 5 letters displayed below:',
'required' => true,
'captcha' => array(
'captcha' => 'Figlet',
'wordLen' => 5,
'timeout' => 300
)
));
$captcha = $this->createElement('captcha', 'captcha', array(
'required' => true,
'captcha' => array(
'captcha' => 'Image',
'font' => APPLICATION_PATH . '/../public/fonts/arial.ttf',
'fontSize' => '24',
'wordLen' => 5,
'height' => '50',
'width' => '150',
'imgDir' => APPLICATION_PATH.'/../public/captcha',
'imgUrl' => Zend_Controller_Front::getInstance()->getBaseUrl().'/captcha',
'dotNoiseLevel' => 50,
'lineNoiseLevel' => 5,
),
'description' => 'Refresh Captcha Image'
));
$captcha->setLabel('Please type the words shown:');
$captcha->removeDecorator("htmlTag")->removeDecorator('label');
$captcha->addDecorator('Errors', array('class' => 'err-username', 'style' => 'display:none'));
$captcha->addDecorator('Description', array('id' => 'refreshcaptcha'));
$this->addElement($captcha);
$this->getElement('captcha')->removeDecorator("htmlTag")->removeDecorator('label');
// And finally add some CSRF protection
/*$this->addElement('hash', 'csrf', array(
'ignore' => true,
));*/
$this->addElement('submit', 'login', array(
'required' => false,
'ignore' => true,
'label' => 'Login',
));
In phtml:
<script type="text/javascript">
$(document).ready(function() {
$('#refreshcaptcha').click(function() {
$.ajax({
url: "<?php echo $this->url(array('controller' => 'auth', 'action' => 'refresh'), 'default', false) ?>",
dataType:'json',
success: function(data) {
$('#contactForm img').attr('src', data.src);
$('#captcha-id').attr('value', data.id);
}
});
});
});
</script>
<?php
//Default
//$this->form->setAction($this->url());
//echo $this->form;
?>
<?php
$errorsMessages = $this->form->getMessages();
//http://www.websitefactors.co.uk/zend-framework/2011/06/error-class-on-form-field-errors-using-zend-form/
?>
<?php
foreach($this->form->getMessages() as $elemName=>$messages) {
foreach($messages as $message) {
$label = $this->form->getElement($elemName)->getLabel();
echo $this->escape($label.' '.$message)."<br>" ;
}
}
?>
<div id="contactForm">
<form method="<?php echo $this->form->getMethod(); ?>" action="<?php echo $this->form->getAction(); ?>">
<?php echo $this->form->username->renderViewHelper(); ?>
<?php echo $this->form->password->renderViewHelper(); ?>
<?php echo $this->form->captcha; ?>
<?php //echo $this->form->csrf->renderViewHelper(); ?>
<?php echo $this->formSubmit('submit', 'Sign in',array('class'=>'button')); ?>
</form>
</div>
When I click the "Refresh Captcha Image", the captcha image is replaced without refreshing the page and it works fine, but when I add the below CSRF (cross site request forgery) code and reload the captcha code and then submit, login is never successful. It gives me the error: "Value is required and can't be empty" or "Please type the words shown: Captcha value is wrong"
$this->addElement('hash', 'csrf', array(
'ignore' => true,
));


Zend_Form_Element_Hash gets generated on every request. So what is happening is when you click "Refresh Captcha Image" a new request is generated. Then, when you submit your form, you've already used up your request so the csrf check fails since the tokens are out of sync.
To fix this you could do the wrong thing and just increase your hop count to some high number. This will help to negate the security you're after, though. One way to correctly fix this is to re-initialize the token in your auth controller in the refresh() action. You can then send back a json_encoded response that contains this new token.
....
$form->captcha->initCsrfToken(); //recreate token and send it back
$responseArray['hash'] = $form->captcha->getValue();
echo Zend_Json::encode($responseArray);
After you do the ajax call, you can then replace the token with what you get back from your refresh() action. Example:
var newHash = jQuery.parseJSON(data).hash;
$('#yourcsrfelement').val(newHash);

Related

how to automatically enter data from form one to another form yii2

I have a MySQL table and model resume which contains fields
'resume_id', 'lao', 'persen', 'eom', 'tgt_perpetugas' and 'tgt_pergeseran'
I also have another table/model resumes which also contains
'resumes_id', 'lao', 'persen', 'eom', 'tgt_perpetugas' and 'tgt_pergeseran'
Suppose the resume table is already filled with
'resume_id', 'lao', 'persen', 'eom', 'tgt_perpetugas','tgt_pergeseran'
When I am entering data in resumes form, when I select the 'lao' via drop-down field related to resume table, I want the related
'persen', 'eom', 'tgt_perpetugas' and 'tgt_pergeseran'
fields to be auto-filled. my reference but 'Error in ajax request'. how to automatically enter data from form one to another form yii2
how to fix the error or is there a recommendation?
My _form.php for 'resumes' looks like this
<?php
use yii\helpers\Html;
use yii\widgets\ActiveForm;
use kartik\select2\Select2;
use yii\helpers\ArrayHelper;
use app\models\Resume;
$routeAjax = \yii\helpers\Url::toRoute("resume/resumes");
$js=<<<JS
function getRelatedFields(lao_id){
$.ajax({
url: '$routeAjax',
dataType: 'json',
method: 'GET',
data: {id: lao_id},
success: function (data, textStatus, jqXHR) {
$('#resumes-persen').val(data.persen);
$('#resumes-eom').val(data.eom);
$('#resumes-tgt_perpetugas').val(data.tgt_perpetugas);
$('#resumes-tgt_pergeseran').val(data.tgt_pergeseran);
},
beforeSend: function (xhr) {
alert('loading!');
},
error: function (jqXHR, textStatus, errorThrown) {
console.log('An error occured!');
alert('Error in ajax request'+textStatus'\n'+errorThrown);
}
});
}
JS;
$this->registerJs($js, \yii\web\View::POS_READY);
?>
<div class="resumes-form">
<?php $form = ActiveForm::begin(); ?>
<?= $form->field($model, 'lao')->widget(Select2::classname(), [
'data' => ArrayHelper::map(Resume::find()->all(),'lao','lao'),
'language' => 'en',
'options' => ['placeholder' => 'Pilih LAO'],
'pluginOptions' => [
'allowClear' => true
],
'pluginEvents'=>[
'select2:select' => 'function(e){getRelatedFields(e.params.data.id);}',
]
]); ?>
<?= $form->field($model, 'persen')->textInput(['type' => 'number','maxlength' => true, 'readOnly'=>false])->label('Perpetugas %') ?>
<?= $form->field($model, 'eom')->textInput(['maxlength' => true])->label('EOM') ?>
<?= $form->field($model, 'tgt_perpetugas')->textInput(['maxlength' => true, 'readOnly'=>true])->label('Target Perpetugas') ?>
<?= $form->field($model, 'tgt_pergeseran')->textInput(['maxlength' => true, 'readOnly'=>true])->label('Target Pergeseran') ?>
<center>
<div class="form-group">
<?= Html::submitButton($model->isNewRecord ? 'Create' : 'Update', ['class' => $model->isNewRecord ? 'btn btn-success' : 'btn btn-primary']) ?>
</div>
</center>
<?php ActiveForm::end(); ?>
</div>
And in the ResumesController,I have added. this:
public function actionResumes($id){
// you may need to check whether the entered ID is valid or not
$model = \app\models\Resume::findOne(['lao'=>$id]);
return \yii\helpers\Json::encode([
'eom'=>$model->eom,
'persen'=>$model->persen,
'tgt_pergeseran'=>$model->tgt_pergeseran,
'tgt_perpetugas'=>$model->tgt_perpetugas
]);
}

What I understand is that you want the fields
'persen', 'eom', 'tgt_perpetugas', 'tgt_pergeseran'
against the lao saved in the Resume model matching the dropdown() in the Resumes form lao field.
If that is correct then first you need to use the Select2 event select2:selectrather than using the traditional onchange event. Make a few changes to your Select2 and the script on top of the view.
Replace your select2 with the following
<?= $form->field($model, 'lao')->widget(Select2::classname(), [
'data' => ArrayHelper::map(Lao::find()->all(),'lao_id','lao_id'),
'language' => 'en',
'options' => ['placeholder' => 'Pilih LAO'],
'pluginOptions' => [
'allowClear' => true
],
'pluginEvents'=>[
'select2:select' => 'function(e){getRelatedFields(e.params.data.id);}',
]
]); ?>
Replace the script on top of the view with the following
$routeAjax = \yii\helpers\Url::toRoute("resume/resumes");
$js=<<<JS
function getRelatedFields(lao_id){
$.ajax({
url: '$routeAjax',
dataType: 'json',
method: 'GET',
data: {id: lao_id},
success: function (data, textStatus, jqXHR) {
$('#resumes-persen').val(data.persen);
$('#resumes-eom').val(data.eom);
$('#resumes-tgt_perpetugas').val(data.tgt_perpetugas);
$('#resumes-tgt_pergeseran').val(data.tgt_pergeseran);
},
beforeSend: function (xhr) {
alert('loading!');
},
error: function (jqXHR, textStatus, errorThrown) {
console.log('An error occured!');
alert('Error in ajax request'+textStatus'\n'+errorThrown);
}
});
}
JS;
$this->registerJs($js, \yii\web\View::POS_READY);
Then you want to populate the similar fields from the Resume model to the Resumes ActiveForm when you select any option in the lao dropdown. You should be fetching the lao in the Resume model not id in the Resumes model.
So replace your action with the below
public function actionResumes($id)
{
// you may need to check whether the entered ID is valid or not
$model = \app\models\Resume::findOne(['lao' => $id]);
return \yii\helpers\Json::encode([
'eom' => $model->eom,
'persen' => $model->persen,
'tgt_pergeseran' => $model->tgt_pergeseran,
'tgt_perpetugas' => $model->tgt_perpetugas
]);
}

Yii2 Pjax and GridView - refresh is not working properly

I am using the Pjax and GridView, and trying to make it work properly after the status of the item is changed. Currently, after the action is over, and server sends back the result, the whole GridView will be replaced with the text (response from the controller).
The Pjax code:
<?php
Pjax::begin(['id' => 'product-manage']);
echo GridView::widget([
'dataProvider' => $productsProvider,
'filterModel' => $filterModel,
'filterPosition' => 'header',
'columns' => [
['class' => 'yii\grid\SerialColumn'],
....
['class' => 'yii\grid\ActionColumn',
'header' => 'Actions',
'buttons' => [
....
'toggle-publish' => function ($url, $model) {
$html = $model->published ? '<span class="glyphicon glyphicon-remove"></span>' : '<span class="glyphicon glyphicon-ok"></span>';
return Html::a($html, $url, [
'title' => $model->published ? 'Unpublish' : 'Publish',
'data-pjax' => 'product-manage',
'data' => [
'confirm' => $model->published ? 'Are you sure you want to unpublish ' . $model->inci . ' ?' : 'Are you sure you want to publish ' . $model->inci . ' ?',
'method' => 'post',
],
]);
},
],
'template' => '<span class="block text-center">{view}</span>
<span class="block text-center">{update}</span>
<span class="block text-center">{toggle-default-product}</span>
<span class="block text-center">{toggle-publish}</span>'
],
],
]);
Pjax::end();
?>
Controller:
$response = Yii::$app->response;
$response->format = \yii\web\Response::FORMAT_JSON;
$response->statusCode = 200;
$response->data = Yii::$app->controller->renderPartial('/partials/_alerts', [
'message' => $message,
'type' => 'success'
]);
return $response;
What am I doing wrong here?

click yii2 gridview linkpager's page no, jump error

the gridview if on right of the page,left is some menus,when click on page no 2,it dose not only refresh the gridview,but all page including left part are lost——a totally new page come out!help~
there is the debugging Screenshot:
my action is
public function actionList()
{
$model = new Loan();
$dataProvider = new ActiveDataProvider([
'query' => $model->find(),
'pagination' => [
'pagesize' => '1',
],
]);
return $this->renderPartial('list', ['model' => $model, 'dataProvider' => $dataProvider]);
}
my view is:
<?php
use yii\grid\GridView;
use yii\grid\SerialColumn;
use yii\helpers\Html;
use yii\helpers\Url;
use yii\widgets\LinkPager;
?>
<?=GridView::widget([
'dataProvider' => $dataProvider,
'layout'=> '{items}{pager}',
'columns' => [
['attribute' =>'loan_type','label'=>'借款类型','options' => ['width' => '80']],
['attribute' =>'amount','label'=>'金额','options' => ['width' => '80']],
['attribute' =>'rate','label'=>'还款利率','options' => ['width' => '80']],
['attribute' =>'fee','label'=>'手续费','options' => ['width' => '80']],
['attribute' =>'status','label'=>'状态','options' => ['width' => '80'] ],
['attribute' =>'comment','label'=>'审核意见','options' => ['width' => '80']],
['attribute' => 'created_at','value' =>function($model){return date('Y-m-d',strtotime($model->created_at));},'label'=>'申请时间','options' => ['width' => '150']],
[
'class' => 'yii\grid\ActionColumn',
'header' => '操作',
'template' => '{audit}',
'buttons' => [
'audit' => function ($url,$model) {
return Html::a('<span id="xxxx" class="glyphicon glyphicon-user"></span>','#',['title'=>'审核',
'onclick'=>"
$.ajax({
type: 'GET',
dataType: 'text',
url: 'http://182.92.4.87:8000/index.php?r=loan/pj', //目标地址
error: function (XMLHttpRequest, textStatus, errorThrown) {alert(XMLHttpRequest.status + ':' + XMLHttpRequest.statusText); },
success: function (page)
{
$('.ucRight').html(page);
}
});
return false;",
]);},
],
'urlCreator' => function ($action, $model, $key, $index) {
return Yii::$app->getUrlManager()->createUrl(['loan/list','id' => $model->status]);
},
'headerOptions' => ['width' => '80'],
],
],
]);
?>

The reason for your problem is that you haven't prevented the html link from directing to a new page, so your user is clicking on the link, which then loads a new page with the contents returned by the server; in this case a page of information with no layout applied. You need to add event.preventDefault() before the ajax call to stop this behaviour.
However, as #arogachev said, if you simply want to use pagination without a page refresh, then just use pjax. That is what pjax is designed for,

dependent dropdownlistGroup Yii Booster

I just learning Yiibooster recently and stuck with this..
I have a dependent dropdownlistgroup using yii booster with ajax so kelas data will be generated after matkul selected. It works fine if i using dropdownlist from yii but i want a nice form using Yiibooster form.
<?php
echo $form->dropDownListGroup(
$model,
'matkul',
array(
'wrapperHtmlOptions' => array(
'class' => 'col-sm-5',
),
'widgetOptions' => array(
'data' => $matkullist,
'htmlOptions' => array('multiple' => false),
),
'prompt'=>'Select',
array(
'ajax'=> array(
'type'=>'POST', //request type
'url'=>CController::createUrl('Kp/Getkelas'), //url to call.
'update'=>'#'.CHtml::activeId($model,'kelas'), //selector to update
)
)
)
); ?>
<?php echo $form->dropDownListGroup(
$model,
'kelas',
array(
'wrapperHtmlOptions' => array(
'class' => 'col-sm-5',
),
'widgetOptions' => array(
'htmlOptions' => array('multiple' => false),
)
)
);?>
The problem is the ajax does not work when i use dropdownlistgroup, when i test it with normal dropdownlist like below code its work normal, sorry for my english.
echo CHtml::dropDownList('country_id','', array(1=>'USA',2=>'France',3=>'Japan'),
array(
'ajax' => array(
'type'=>'POST', //request type
'url'=>CController::createUrl('Kp/Getkelas'), //url to call.
'update'=>'#city_id', //selector to update
)));
echo CHtml::dropDownList('city_id','', array());

I'm not hear about the function dropdownListGroup.
using Yiibooster, you can add the dropdown as,
$this->widget(
'booster.widgets.TbSelect2',
array(
'asDropDownList' => false,
'name' => 'clevertech',
'options' => array(
'tags' => array('clever', 'is', 'better', 'clevertech'),
'placeholder' => 'type clever, or is, or just type!',
'width' => '40%',
'tokenSeparators' => array(',', ' ')
)
)
);
ref link : http://yiibooster.clevertech.biz/widgets/forms_inputs/view/select2.html

You should put ajax options in widgetOptions -> htmlOptions -> ajax
$form->dropDownListGroup($model, 'beer', array(
'widgetOptions' => array(
'data' => CHtml::listData(Beer::model()->findAll(), 'id', 'name'),
'htmlOptions' => array(
'ajax' => array(
'type' => 'POST',
'url' => Yii::app()->createUrl('/beer'),
'update' => '#beer',
)
),
)
);

not most efficient solution but it works,
looking the html at the end, we have
<div class="form-group">
<?php echo $form->labelEx($model,'matkul',array('class' => 'col-sm-3 control-label')); ?>
<div class="col-sm-5 col-sm-9">
<?php echo $form->dropDownList($model,'matkul',$matkullist ó array(),
array('class' => 'form-control','ajax'=>array('type'=>'POST','url'=>CController::createUrl('Kp/Getkelas'),'update'=>'#'.CHtml::activeId($model,'kelas')),'empty'=>'Select')); ?>
<?php echo $form->error($model,'matkul'); ?>
</div>
</div>
important is that 'class' put the html class, 'class' => 'col-sm-3 control-label' and 'class' => 'form-control', for dropDownList

Cakephp 2.5.2 Auth always returns false

The Auth is returning false. Hashed password matches the hashed password in database, but still returns false.
Here is the model:
App::uses('AppModel', 'Model');
class User extends AppModel {
public $validate = array(
'username' => array(
'notEmpty' => array(
'rule' => array('notEmpty'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'password' => array(
'notEmpty' => array(
'rule' => array('notEmpty'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
);
public function beforeSave($options = array()) {
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] =AuthComponent::password($this->data[$this->alias]['password']);
;
}
return true;
}
}
Here is the AppController:
class AppController extends Controller {
public $components = array(
'Session',
'Auth' => array(
'authenticate' => array(
'Form' => array(
)
),
'loginAction'=>array(
'controller'=>'users',
'action'=>'login'
),
'loginRedirect' => array(
'controller' => 'references',
'action' => 'admin_index'
),
'logoutRedirect' => array(
'controller' => 'home',
'action' => 'index',
'home'
)
)
);
public function beforeFilter() {
$this->Auth->allow('index', 'view');
}
}
Here is the UsersController:
public function login(){
var_dump($this->Auth->login());die;
if ($this->request->is('post')) {
if ($this->Auth->login()) {
return $this->redirect(array('controller'=>'references', 'action'=>'admin_index'));
}
$this->Session->setFlash(__('Invalid username or password, try again'));
}
}
And the view :
<div class="users form">
<?php echo $this->Session->flash('auth'); ?>
<?php echo $this->Form->create('User',array('action'=>'login')); ?>
<fieldset>
<legend>
<?php echo __('Please enter your username and password'); ?>
</legend>
<?php echo $this->Form->input('username');
echo $this->Form->input('password');
?>
</fieldset>
<?php echo $this->Form->end(__('Login')); ?>
</div>
I have tried using BlowFish but its not working, so I switched to Auth default hashing and the hashes when creating user and then loging in match so the hashing is working fine. I dont get what the problem is, so please help.

after a half an hour i tried again and now its working. Who knows what was the problem. Anyway, thanks for reading and post answers if you find any issue in code above. Thanks!