Symfony form values do not bind

Question

I am using Symfony 1.4 forms for a simple login module. The form, pretty basic has it's code listed below:

<?php 

class LoginForm extends sfFormSymfony 
{
 public function configure()
 {
  $this->setWidgets( 
         array('username' => new sfWidgetFormInputText(),
               'password' => new sfWidgetFormInputPassword(),));
              // 'remember_me' => new sfWidgetFormSelectCheckbox(array('choices'=>array('true'=>''))),));

   $this->widgetSchema->setNameFormat('login[%s]');
   $this->setValidators(array(
         'username' =>  new sfValidatorString(array('required'=>true)),        
         'password' =>  new sfValidatorString(array('required'=>true)),
     ));
 }

}

The form renders fine in the template page as expected. FYI, I use $form['username']->render method to individually render the methods where I like them instead of echoing the form out.

Upon post (recognized) I bind values to the form like this:

$this->form->bind($request->getParameter('login')); 

However, it fails against the condition

$this->form->isValid();

Both the fields are not being left empty and the credentials are correct, so this seems something more insidious to me.

Upon doing a var_dump($this->form->getValues()); it returns an empty array which I believe implies that the values were not retrieve nor bound.

Can anybody spot where I possibly am messing up ?

Thanks

Answer 1

If you really need to, you can use a little snippet to display errors like this:

foreach ($this->getErrorSchema() as $field => $error) {

    if ($error instanceof sfValidatorErrorSchema) {
        foreach ($error as $field => $error) break;
    }

    echo $field . ' => ' . $error; // e.g. "Field name" => "Error message".

}

Answer 2

As of symfony 1.3, csrf protection is enabled by default. This means that all your forms get a csrf token field, named _csrf_token by default - it's a hidden field that's unique to your session and the given form type.

If you don't render and submit this field with the rest of your form it will be invalid - it detects a csrf attack, so it's good this way.

The short fix is to render the token field:

echo $form["_csrf_token"]->render();

But the better way is to render all hidden fields in one go (I usually did this next to the submit button):

echo $form->renderHiddenFields();

Answer 3

@Maerlyn resolved this. For future reference:

The form fields were being rendered individually instead of using vanilla echo $form. Because of this, I did not render $form['_csrf_token']->render() which should have been done. Due to which the login failed. Render the csrf_token field as well and you are good to go.