 |
 |
|
 |
|
 |
|
| ||||||||||
|
Shopping cart software Solutions for online shops and malls | |||||||||
|
|
|
||||||||
| X-Cart Home |  FAQ |
Forum rules |
Calendar |
User manuals |
Login |
 |
Custom form in admin POST fails | |||
 |
|
||
|
|
Thread Tools | Search this Thread |
|
#1
12-30-2013, 04:59 PM
|
|||||||
|
|||||||
Custom form in admin POST fails
A module that I built populates a non-X-Cart table with data about a product, which is used to display information on the customer side. It runs fine in version 4.1.12.
I am developing a new site for us in 4.6.1. I have this script running as an option from the Product Management page, in the "In this Section" tab. OK so far. It diaplays the correct information but when I POST data I get the dreaded: Warning: The form could not be identified as a form generated by X-Cart. The reason may be that a substantial period of time has elapsed, or more than pages have been opened since you opened the page with this form. If you did not open the page with this form, you might be under a CSRF attack. I have added the POST vars to the $trusted_post_variables in /admin/configuration.php. What am I missing?
__________________
4.6.1 Gold Plus, working on moving to the latest 4.x soon reBOOT Template (the best!) AlteredCart Checkout One, Checkout One Tools & Checkout One Payments AlteredCart SmartSearch & Search by Filters AlteredCart On Sale CDSEO xCMS BCS Point of Sale, Pre-order / Back Order Magnetic One's Autoresponder Heavily modified |
|||||||
|
#2
01-04-2014, 06:13 AM
|
|||||||||
|
|||||||||
|
Re: Custom form in admin POST fails
Back-end forms are signed with a random number to prevent CSRF attacks.
So, before posting the data you should add the number too. Here is the code that does the job: PHP Code:
__________________
Alex Solovev, Qualiteam --- User manual Video tutorials X-Cart FAQ You are welcome to press "Thanks" button if you find this post useful  Click here to learn how to apply patches X-Cart Extensions |
|||||||||
|
#3
01-18-2014, 03:24 PM
|
|||||||
|
|||||||
|
Re: Custom form in admin POST fails
Thank you for this, ALex.
Using this, I am getting a fatal PHP error: PHP Fatal error: Call to a member function register_outputfilter() on a non-object I am including auth.php and security.php Your help is appreciated. Our new 4.6.1 store is live now and I NEED this module.
__________________
4.6.1 Gold Plus, working on moving to the latest 4.x soon reBOOT Template (the best!) AlteredCart Checkout One, Checkout One Tools & Checkout One Payments AlteredCart SmartSearch & Search by Filters AlteredCart On Sale CDSEO xCMS BCS Point of Sale, Pre-order / Back Order Magnetic One's Autoresponder Heavily modified |
|||||||
|
#4
01-20-2014, 10:38 PM
|
|||||||||
|
|||||||||
|
Re: Custom form in admin POST fails
This is because $templater variable (and a few other variables) should be instantiated before executing the example.
I'm sorry for being unclear. The above is not the exact code that you should use (because the code depends on where you use it). It is just an example of how the random number is injected in one of the forms generated by X-Cart itself. You are to look through the rest of the script with the above code to understand where all the variables are taken from. Also, perhaps the "if" condition will be different in your situation.
__________________
Alex Solovev, Qualiteam --- User manual Video tutorials X-Cart FAQ You are welcome to press "Thanks" button if you find this post useful Click here to learn how to apply patches X-Cart Extensions |
|||||||||
|
|
|||
|
X-Cart forums © 2001-2020
|
|||
