X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   Changing design (https://forum.x-cart.com/forumdisplay.php?f=51)
-   -   Custom form in admin POST fails (https://forum.x-cart.com/showthread.php?t=68385)

Kman 12-30-2013 04:59 PM
Custom form in admin POST fails
 
A module that I built populates a non-X-Cart table with data about a product, which is used to display information on the customer side. It runs fine in version 4.1.12.

I am developing a new site for us in 4.6.1. I have this script running as an option from the Product Management page, in the "In this Section" tab. OK so far. It diaplays the correct information but when I POST data I get the dreaded:

Warning: The form could not be identified as a form generated by X-Cart. The reason may be that a substantial period of time has elapsed, or more than pages have been opened since you opened the page with this form. If you did not open the page with this form, you might be under a CSRF attack.

I have added the POST vars to the $trusted_post_variables in /admin/configuration.php.

What am I missing?

qualiteam 01-04-2014 06:13 AM
Re: Custom form in admin POST fails
 
Back-end forms are signed with a random number to prevent CSRF attacks.

So, before posting the data you should add the number too. Here is the code that does the job:

PHP Code:
if (
        defined('AREA_TYPE')
        && !empty($login)
        && in_array(constant('AREA_TYPE'), array('A''P'))
        && function_exists('func_generate_formid')
        && !$formid_generated
    ) {
        // Generate new form id
        $templater->register_outputfilter('func_substitute_formid');
        $formid_generated true;
    } 

Kman 01-18-2014 03:24 PM
Re: Custom form in admin POST fails
 
Thank you for this, ALex.

Using this, I am getting a fatal PHP error:

PHP Fatal error: Call to a member function register_outputfilter() on a non-object

I am including auth.php and security.php

Your help is appreciated. Our new 4.6.1 store is live now and I NEED this module.

qualiteam 01-20-2014 10:38 PM
Re: Custom form in admin POST fails
 
This is because $templater variable (and a few other variables) should be instantiated before executing the example.

I'm sorry for being unclear. The above is not the exact code that you should use (because the code depends on where you use it). It is just an example of how the random number is injected in one of the forms generated by X-Cart itself.

You are to look through the rest of the script with the above code to understand where all the variables are taken from. Also, perhaps the "if" condition will be different in your situation.


All times are GMT -8. The time now is 11:49 PM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.