1

I have a form that keeps getting the "The CSRF token is invalid. Please try to resubmit the form." I have been unable to find the cause.

I know it is something simple. any help would be appreciated.

In the controller I have this:

public function settingsAction()
{   
    $request = $this->getRequest();

    /* @var $user User */
        $user = $this->get('security.context')->getToken();

    $settingsForm = $this->createForm(new SettingsFormType(), array($user));
    $billingForm = $this->createForm(new BillingFormType(), array($user));
    $accountForm = $this->createForm(new AccountFormType(), array($user));



        return $this->render('DeductrDeductrBundle:Settings:settings.html.twig', array(
                'settingsForm' => $settingsForm->createview(),'billingForm' => $billingForm->createview(),'accountForm' =>$accountForm->createview(),));
}

public function createAction()
{
    $em = $this->getDoctrine()->getEntityManager();

    $form = $this->createForm(new RegistrationFormType('Deductr\UserBundle\Entity\User'));

    $form->bind($this->getRequest());

    if ($form->isValid()) {
        $user = $form->getData();

        $em->persist($user);
        $em->flush();

        return $this->redirect('/settings');
    }

The .twig file has this: 

{% extends 'DeductrDeductrBundle:Base:base.html.twig' %}


{% block body %}
<div name='personal' style="padding-left:25px; width:600px;">
<h5>Personal Information</h5>
{#src/Deductr/DeductrBundle/Resources/views/settings/settings.html.twig #}
<form action="{{ path('user_registration_create') }}" {{ form_enctype(settingsForm) }}" method="POST" {{ form_enctype(settingsForm) }}>

 <table>
        <tr>
            <td>First Name</td>

            <td>Last Name</td>
            <td>&nbsp;</td>
        </tr>
        <tr>
            <td>
        {{ form_widget(settingsForm.first_name, {'attr': {'class' : 'half'}}) }}
            </td>

            <td>
                {{ form_widget(settingsForm.last_name, {'attr':    {'class' : 'half'}}) }}
            </td>
            <td>&nbsp;</td>
        </tr>
        <tr>
            <td colspan="3">Company</td>
        </tr>
        <tr>
            <td colspan="3">
                {{ form_widget(settingsForm.company, {'attr': {'class' : 'half'}}) }}

            </td>
        </tr>
        <tr>
            <td colspan="3">Address 1</td>
        </tr>
        <tr>
            <td colspan="3">
                {{ form_widget(settingsForm.address1, {'attr': {'class' : 'half'}}) }}

            </td>
        </tr>
        <tr>
            <td colspan="3">Address 2</td>
        </tr>
        <tr>
            <td colspan="3">
                {{ form_widget(settingsForm.address2, {'attr': {'class' : 'half'}}) }}

            </td>
            </tr>
            <tr>
            <td colspan='2'>
                <label for 'city'>City</label>
            </td>
            <td>&nbsp;</td>

            </tr>

        <tr>
            <td colspan='2'>
                {{ form_widget(settingsForm.city, {'attr': {'class': 'half'}}) }}
            </td>
            <td>&nbsp;</td>
        </tr>
        <tr>
            <td><label for 'state'>State</label>
            <td>
                <label for 'zip'>Zip/Postal</label>
            </td>
            <td>
                <label for 'phone'>Phone Number</label>
            </td>

        </tr>
            <tr>
            <td>
                {{ form_widget(settingsForm.province, {'attr': {'class': 'half'}}) }}
            </td>
            <td>
                {{ form_widget(settingsForm.postal_code, {'attr': {'class': 'half'}}) }}
            </td>
            <td>
                {{ form_widget(settingsForm.phone, {'attr': {'class': 'half'}}) }}
            </td>

        </tr>
        <tr>
    <td>&nbsp;</td>         
    <td>&nbsp;</td>
    <td><input type="submit" value="{{ 'submit'|trans({}, 'DeductrUserBundle') }}" /></td>
</tr>
 </table> 
 {{ form_row (settingsForm._token) }} 
</form>

</div>
<div id="billing" style="padding-left:25px; width:600px;">
<h5>Billing Information</h5>
<form action="" method="POST" {{ form_enctype(billingForm) }}>
    {{ form_row (billingForm._token) }}

 <table>
    <!--    <tr>
            <td>First Name</td>

            <td>Last Name</td>
            <td>&nbsp;</td>
        </tr>
        <tr>
            <td>
        {{ form_widget(billingForm.fname, {'attr': {'class' : 'half'}}) }}
            </td>

            <td>
                {{ form_widget(billingForm.lname, {'attr': {'class' : 'half'}}) }}
            </td>
            <td>&nbsp;</td>
        </tr>
        <tr>
            <td colspan="3">Address 1</td>
        </tr>
        <tr>
            <td colspan="3">
                {{ form_widget(billingForm.billingAddress1, {'attr': {'class' : 'half'}}) }}

            </td>
        </tr>
        <tr>
            <td colspan="3">Address 2</td>
        </tr>
        <tr>
            <td colspan="3">
                {{ form_widget(billingForm.billingAddress2, {'attr': {'class' : 'half'}}) }}

            </td>
            </tr>
            <tr>
            <td colspan='2'>
                <label for 'city'>City</label>
            </td>
            <td>&nbsp;</td>

            </tr>

        <tr>
            <td colspan='2'>
                {{ form_widget(billingForm.billingCity, {'attr': {'class': 'half'}}) }}
            </td>
            <td>&nbsp;</td>
        </tr>
        <tr>
            <td><label for 'state'>State</label>
            <td>
                <label for 'zip'>Zip/Postal</label>
            </td>
            <td>
                <label for 'phone'>Phone Number</label>
            </td>

        </tr>
            <tr>
            <td>
                {{ form_widget(billingForm.billingState, {'attr': {'class': 'half'}}) }}
            </td>
            <td>
                {{ form_widget(billingForm.billingZip, {'attr': {'class': 'half'}}) }}
            </td>
            <td>
                {{ form_widget(billingForm.billingPhone, {'attr': {'class': 'half'}}) }}
            </td>

        </tr> -->
<tr>
    <td colspan='3'>
     <h5>Payment Information</h5>
    </td>
</tr>
    <tr>
        <td>Expiration Date</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
    </tr>
        <tr>
        <td>{{ form_widget(billingForm.expMonth, {'attr': {'class': 'half'}}) }}</td>
        <td>{{ form_widget(billingForm.expYear, {'attr': {'class': 'half'}}) }}</td>
        <td>&nbsp;</td>
    </tr>
    <tr>
    </tr>
    <tr>
        <td>Credit Card Type</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
    </tr>
        <tr>
        <td>{{ form_widget(billingForm.ccType, {'attr': {'class': 'half'}}) }}</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
    </tr>
    <tr>
    </tr>
    <tr>
        <td>Credit Card Number</td>
        <td>&nbsp;</td>
        <td>CVV</td>
    </tr>
        <tr>
        <td>{{ form_widget(billingForm.cardNumber, {'attr': {'class': 'half'}}) }}</td>
        <td>&nbsp;</td>
        <td>{{ form_widget(billingForm.cvv, {'attr': {'class': 'half'}}) }}</td>
    </tr>
    <tr>
    </tr>
<tr>
    <td>&nbsp;</td>         
    <td>&nbsp;</td>
    <td><input type="submit" value="{{ 'submit'|trans({}, 'DeductrUserBundle') }}" /></td>

</tr>
</table>
</div>
</form>

</div>
<div id="account" style="padding-left:25px; width:600px;">
<h5>Account Information</h5>
<form action="" method="POST" {{ form_enctype(accountForm) }}>
    {{ form_row (accountForm._token) }}
<table>
    <tr>
        <td colspan='2'>Email</td>
        <td>&nbsp;</td>
    </tr>
    <tr>
        <td colspan='3'>{{ form_widget(accountForm.email, {'attr': {'class': 'half'}}) }}</td>
    </tr>
    <tr>
        <td colspan='2'>Password</td>
        <td>Confirm Your Password</td>
    </tr>
    <tr>
        <td>{{ form_widget(accountForm.password, {'attr': {'class': 'half'}}) }}</td>
        <td>&nbsp;</td>
        <td>{{ form_widget(accountForm.confPass, {'attr': {'class': 'half'}}) }}</td>
    </tr>
    <tr>
    <td colspan='2'>&nbsp;</td>
    <td><input type="submit" value="{{ 'submit'|trans({}, 'DeductrUserBundle') }}" /></td>

</tr>
</table>
 </form>
</div>
{% endblock %}
Adam Mills
  • 11
  • 1
  • 1
  • 6

3 Answers3

5

If this is your entire form template, it's probably this:

<form action="{{ path('user_registration_create') }}" {{ form_enctype(settingsForm) }}" method="POST" {{ form_enctype(settingsForm) }}>
    {{ form_row (settingsForm._token) }}

make sure to include form_rest(settingsForm)

But also, why three forms on one page? If you are new to Symfony, try getting one form to work on a page first. You would - in your case, need three form_rests - one per instance of each form I think.

Hard to tell without more code tbh.

sashkello
  • 17,306
  • 24
  • 81
  • 109
confused_by_php
  • 51
  • 1
0

I think you are mixing two different form types.

You're rendering form of type SettingsFormType and submitting it to createAction which creates form of type RegistrationFormType.

It is likely possible that form name is taken into account when CSRF token is being generated. That being said, your token is bound to be different and incorrect each time - no matter what ;)

Hope this sheds some light on your problem ;)

Jovan Perovic
  • 19,846
  • 5
  • 44
  • 85
0

I found the answer. I was not adding this:

/** 
 * Creates a new settungsUser entity. 
 * 
 * @Route("/settings/create", name="user_settings") 
 * @Method("POST") 
 * @Template("DeductrDeductrBundle:Settings:settings.html.twig")
 * 
 */

once I updated the path in the twig it worked.

thanks for all the help.

user2140919
  • 3
  • 2
Adam Mills
  • 11
  • 1
  • 1
  • 6