X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   Dev Questions (X-Cart 5) (https://forum.x-cart.com/forumdisplay.php?f=56)
-   -   Issue in calling an ajax request in admin area. (https://forum.x-cart.com/showthread.php?t=75093)

ajeetsingh 03-16-2017 03:51 AM

Issue in calling an ajax request in admin area.
 
Hello, I am X-Cart developer from Webkul Software Private Limited, UP, INDIA.
I have an issue in process of ajax calling in admin area on a page.
like: I had created a page with a button at admin area, I want to call a ajax request to click on that button. But when i click on that button to call a function which was already written in the same controller file but an error notice has occurs like below:
"The form could not be identified as a form generated by X-Cart. The reason may be that a substantial period of time has elapsed since you opened the page with this form or the page was opened in more than one browser tab. If you did not open the page with this form, you might be under a CSRF attack."
So can anyone Please help me.
My code are below:
1. In controller File the action is as below.
PHP Code:

/**
* Export action
*
* @return void
*/
protected function doActionSaveDemo(){
   
$tpId = \XLite\Core\Request::getInstance()->nIds;
   echo 
'tpId : '.$tpId;



2. Ajax request is as below:
PHP Code:

function xyz(idss){
   
core.post(
   
URLHandler.buildURL({target'number_demos'action'savedemo'}),
   function(
XMLHttpRequesttextStatusdatavalid) {
     if (
valid && data) {
         
console.log(data);
      }else{
            
console.log('Not valid');
     }
   },
   { 
nIdsidss }
 );    




Here number_demos is the controller which class is NumberDemos

qualiteam 03-17-2017 12:02 AM

Re: Issue in calling an ajax request in admin area.
 
The buildURL function doesn't add the form_id parameter that protects backend forms and links from hijacking.

When is your function called? Is there a link or a form on the page that you want to follow/submit?
If so, you can get the URL via jQuery, something like this:
Code:

var url = jQuery('form#my_form').attr('action');
or
Code:

var url = jQuery('a#my_link').attr('href');

ajeetsingh 03-17-2017 06:47 AM

Re: Issue in calling an ajax request in admin area.
 
1 Attachment(s)
Hello qualiteam,

As you suggest about to use admin url i have done same but my issue is remain same. the code is as below :
PHP Code:

<script>
jQuerydocument ).ready(function() {    
  var 
wkUrldds self.location;        
  var 
wkUrl=wkUrldds+'skins/admin/modules/Webkulsoftware/WebPushNotification/notify.php';    
        
jQuery('body').on('click','.notifybtn',function(){
            var 
idss jQuery(this).val();
            var 
urll jQuery('form').attr('action');
            
sendPushNotification(idssurll);
        });

        function 
sendPushNotification(idssurll){
            
            
jQuery.ajax({
                
urlurll+'?target=notif_tmplts&action=notify',
                
data: {ididss,urllurll},
                
type'POST',
                
success: function (data) {
                    if(
data != ''){
                        
console.log(data);
                    }else{
                         
console.log('Not a valid data');
                    }                   
                }
            });
        }

    });
    </
script



And the controller function is as below:

PHP Code:

protected function doActioNotify(){
    
$tpId = \XLite\Core\Request::getInstance()->nIds;
    echo 
$tpId



In that case the ajax call is done but when i click on the ajax url in console then it redirect on the page where a notice is appear that i have no permission to access that page. I have also provide the snapshot of that page below;

qualiteam 03-20-2017 09:09 PM

Re: Issue in calling an ajax request in admin area.
 
Every backend URL is signed with a unique identifier that can be used only once.

As far as I understand you use the same URL twice: the first time you send a background request to that URL, and the second time you try to follow it from the JavaScript console. It won't work this way, unfortunately. As soon as you send an AJAX request, the URL becomes expired and won't work from the console.

Daemos 03-20-2017 10:16 PM

Re: Issue in calling an ajax request in admin area.
 
Hello, ajeetsingh

You should define the list of actions not secured by formid checking in your NotifTmplts controller to overcome this problem:

PHP Code:

/**
 * Define the actions with no secure token
 *
 * @return array
 */
public static function defineFreeFormIdActions()
{
    
$list parent::defineFreeFormIdActions();
    
$list[] = 'notify';
    return 
$list;



ajeetsingh 03-22-2017 07:54 AM

Re: Issue in calling an ajax request in admin area.
 
Hello Daemos ,

Thank you to help me, Your suggestion is working for me.:D/


All times are GMT -8. The time now is 10:32 PM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.