Multipe记录删除不起作用CSRF-Cakephp

时间:2018-06-27 18:20:11

标签: cakephp csrf

我找到了答案delete multipe record之一,并尝试遵循它,但是我不断收到相同的消息:

  

CSRF令牌不匹配。
  Cake \ Http \ Exception \ InvalidCsrfTokenException

'_Token' was not found in request data.

编辑: 删除按钮在这4个控制器/表格(用户,潜在客户,联系人,客户,潜在客户)上不起作用 但是它们确实可以在我的其他桌子上工作

这是

AppController.php

  <?php

  namespace App\Controller;

  use Cake\Controller\Controller;
  use Cake\Event\Event;


 class AppController extends Controller
 {

public function initialize()
{

    parent::initialize();
    $this->loadComponent('RequestHandler', [
        'enableBeforeRedirect' => false,
    ]);
    $this->loadComponent('Flash');

    $this->loadComponent('Security');
    $this->loadComponent('Csrf');
}
public function pr($arr){
    echo "<pre>";
    print_r($arr);
    echo "</pre>";
    exit();
}
public function beforeRender(Event $event)
{
    if(!array_key_exists('_serialize', $this->viewVars) &&
        in_array($this->response->getType(), ['application/json', 'application/xml'])
){
        $this->set('_serialize', true);
    }

    if($this->request->getSession()->read('Auth.User')){
         $this->set('loggedIn', true);   
    } else {
        $this->set('loggedIn', false); 
    }
 }
 }

UsersController.php

  <?php
    namespace App\Controller;

    use App\Controller\AppController;
    use Cake\I18n\Time;
    use Cake\Event\Event;
    use Cake\ORM\TableRegistry; 
    use Cake\Mailer\Email;
    use Cake\Auth\DefaultPasswordHasher;
    Use Cake\Utility\Security;
    use Cake\Routing\Router;

    class UsersController extends AppController
    {
   public function beforeFilter(Event $event)
  {
    parent::beforeFilter($event);

   $this->Security->setConfig('unlockedActions', ['add']);

  public function initialize(){
    parent::initialize();
    $this->loadComponent('Paginator');
    $this->loadComponent('Security');
  }
   public function delete($id = null) {
if (!$this->request->is('post')) {
    throw new MethodNotAllowedException();
}
$this->User->id = $id;
if (!$this->User->exists()) {
    throw new NotFoundException(__('Invalid user'));
}
if ($this->User->delete()) {
    $this->Session->setFlash(__('User deleted'));
    $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('User was not deleted'));
$this->redirect(array('action' => 'index'));
}

public function deleteall()
{

     if ($this->request->is('post'))
    {
        foreach($this->data['Users']['user_id'] as $key => $value)
        {
            $this->Subject->delete($value);
        }
        $this->Session->setFlash('User has been deleted.');
    }        
    $this->redirect(array('action' => 'index'));

   /* $this->request->allowMethod(['post', 'delete']);
    $user = $this->Users->get($id);
    foreach ($user as $value) {
        $this->Users->deleteAll(['id'=>$value]);
    }
    return $this->redirect(['action'=>'index']);*/
}
      public function isAuthorized($user)
{
    // Admin has full access
    if ($user['role'] == 'Admin') {
        return true;
    }
    // User can view and edit own account only
    if (in_array($this->request->action, ['view', 'edit', 'delete']) && $user['id'] == (int)$this->request->params['pass'][0]) {
        return true;
    }
    return false;
}    

   public function verification($token){
        $userTable = TableRegistry::get('Users');
        $verify = $userTable->find('all')->where(['token'=>$token])->first();
        $verify->verified = '1';
        $UserTable->save($verify);
    }    

这是

上的有效删除

NotesController

public function delete($id = null)
{
    $this->request->allowMethod(['post', 'delete']);
    $note = $this->Notes->get($id);
    if ($this->Notes->delete($note)) {
        $this->Flash->success(__('The note has been deleted.'));
    } else {
        $this->Flash->error(__('The note could not be deleted. Please, try again.'));
    }

    return $this->redirect(['action' => 'index']);
}

index.ctp

 <button type="submit" formaction="<?php echo $this->Url- 
 >build(['action'=>'deleteall']) ?>" class="btn btn-danger" 
 onclick="return confirm('Are yo u sure you want to delete users?')">
    Delete</button>
    </p>

 <th><input type="checkbox" class="selectall"/></th>

 <td><input type="checkbox" class="selectbox" name="ids[]" value="<?= 
 h($user->id) ?></td>"/></td>

<button type="submit" formaction="<?php echo $this->Url->build(['action' =>'delete', $user->id]) ?>" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?')">Delete</button>

1 个答案:

答案 0 :(得分:0)

您需要禁用CSRF和安全组件。您可以通过在控制器的beforeFilter方法中添加以下代码来针对特定操作禁用它们。

$actions = [
    'delete',
    'deleteall'
];

if (in_array($this->request->params['action'], $actions)) {
    // for csrf
    $this->eventManager()->off($this->Csrf);

    // for security component
    $this->Security->config('unlockedActions', $actions);
}

希望这会有所帮助。