What is the purpose of these lines?
if ($_SERVER['REQUEST_METHOD'] == 'POST' && ! ASCsrf::validate($_POST)) {
die('Invalid CSRF token.');
}
I have extended the AS Login System to my pages. One of them uses the post to a form handler. So from a page which uses AS Login System I post to a form handler like this:
<form method="post" action="handlers/_add_event.php">
However the _add_event.php handler fails with the Invalid CSRF token message.
Is there any way to change this behavior? I want to make sure that the handler smoothly accepts the $_POST data, processes it and at the end redirects to a page which initiated the post - a page which supports AS Login System variables.
Thank you very much.
After I learned the article, everything works just fine!