Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

403 access forbidden by csrfprotector! #158

Open
kathyitkywong opened this issue Jul 19, 2023 · 2 comments
Open

403 access forbidden by csrfprotector! #158

kathyitkywong opened this issue Jul 19, 2023 · 2 comments

Comments

@kathyitkywong
Copy link

kathyitkywong commented Jul 19, 2023
edited

hi.` I have a form but it returns "403 access forbidden by csrfprotector!" whenever I submitted the form. I read the discussion and tries each of them but it doesn't work. Any clue?

<?php
require 'config.php';
require_once 'header.php';
include_once __DIR__ .'/csrf/libs/csrf/csrfprotector.php';

//Initialise CSRFGuard library
csrfProtector::init();


$result = mysqli_query($con, "SELECT * FROM Qualification_End_Date"); 
$row = mysqli_fetch_array($result);

if(isset($_POST['submit'])) {
    $date = $_POST['e_day'];
    mysqli_query($con, "UPDATE Qualification_End_Date SET End_Date='$date'"); 
    
   echo "<script>clearPage();</script>";
   echo "<div id=\"statement\">".
        "<h2>Success!</h2><fieldset><p><div id=\"messageIcon\"><img src=\"./images/ok.png\" /> </div>".
        "<div id=\"messageContent\"><p>Qualification End Date has been updated.</p></div></p></fieldset></div>";
   exit;
}
echo "<h3><p>Update Qualification End Date</p></h3>";
echo "<form method=\"post\" action=\"\">".
      "<table><tr><td class=\"left\">Qualification End Date</td><td class=\"right\"><input type=\"date\" name=\"e_day\" value=\"".$row[0]."\" /></td></tr></table>".
	  "<div><p class=\"button\"><button type=\"submit\" name=\"submit\" class=\"submit\">Update</button></p></div></form>";

require_once 'footer.php';
?>
@CassadyCampos
Copy link

When you look at the request details (request headers or form data) are you seeing a CSRF token?
When you debug the request on the web server do you see a CSRF token in the $_REQUEST or $_POST variables?

@kathyitkywong
Copy link
Author

kathyitkywong commented Jul 31, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CassadyCampos @kathyitkywong