All POST requests lead to die("Invalid CSRF token") message.

Closed
Advanced Security - PHP Register/Login System Advanced Security - PHP Register/Login System September 09, 2018
Login to reply
Vsevolod Ukrainsky
5 years ago

Thank you very much.

After I learned the article, everything works just fine!

Milos Stojanovic Support Agent
5 years ago

Hey,

Those lines are for CSRF protection. I would recommend you to check the CSRF Protection and Forms documentation article to learn more about it.

-Milos

Vsevolod Ukrainsky
5 years ago

What is the purpose of these lines?

if ($_SERVER['REQUEST_METHOD'] == 'POST' && ! ASCsrf::validate($_POST)) {
    die('Invalid CSRF token.');
}

I have extended the AS Login System to my pages. One of them uses the post to a form handler. So from a page which uses AS Login System I post to a form handler like this:

<form method="post" action="handlers/_add_event.php">

However the _add_event.php handler fails with the Invalid CSRF token message.
Is there any way to change this behavior? I want to make sure that the handler smoothly accepts the $_POST data, processes it and at the end redirects to a page which initiated the post - a page which supports AS Login System variables.