CODEWITHSUNDEEP
ajaxjoomlatoken
fefe
fefe

Reputation: 9055

joomla token is not getting recognized by controllers method

I'm trying to set up a token on ajax post but is not getting recognized by the controllers method. The javascrip looks as it follows

jQuery(document).ready(function() {
    jQuery('#source').change(function() {
        jQuery('#fileupload').addClass('fileupload-processing');
        var data = jQuery('#source option:selected').val();
        jQuery.post('index.php', {
            'option': 'com_tieraerzte',
            'task': 'parser.importColumns',
            'tmpl': 'component',
            'token':'<?php echo JUtility::getToken()?>',
            'app': data,
            'dataType': 'html',
        }, function(result) {
            jQuery('td.add_column').html(result);
            jQuery('button#parse.btn').show();
            //edit the result here
            return;
        });
    });

the token is getting generated and posted

in the controller I check the existance of toke but throws me Invalid Token

controller check toke

 JRequest::checkToken('request') or jexit( 'Invalid Token' );

Upvotes: 1

Views: 3251

Answers (2)

3ehrang
3ehrang

Reputation: 629

In your ajax call method use url as :

$.ajax({
              url: '/index.php?option=com_itemreview&task=item.userReviewVote&<?php echo JSession::getFormToken(); ?>=1',
              type: 'post',
              data: {'data': submitvalue},
              dataType: 'json',
              success: function(response) {
              }
});

for more information see here:

http://joomlabuzz.com/blog/27-preventing-cross-site-request-forgery-in-joomla

https://docs.joomla.org/How_to_add_CSRF_anti-spoofing_to_forms

Upvotes: 0

Don Gilbert
Don Gilbert

Reputation: 740

You're almost there, it's just a little mixed up. The Joomla! Form Token is generated and submitted as a input name with a value of 1. So, the token looks like this in your form:

<input type="hidden" name="1LKJFO39UKSDJF1LO8UFANL34R" value="1" />

With that in mind, when submitting via AJAX, you need to set the parameter name to your token name, with a value of 1. I accomplish something similar by just using the jQuery('selector').serialize() method:

Joomla.autoSave = function () {
  jQuery.ajax({
    url: "index.php?option=com_gazebos&task=product.apply&tmpl=component",
    type: "POST",
    data: jQuery("#product-form").serialize(),
    success: function (data) {
      console.log("autosaved");
    }
  });
};

Doing this pulls in all the form data (including the form token from the hidden input) and formats it as a query string, then sends it with the request. However, it seems to me that you might not want to do that and you are really only wanting to submit a single bit of data, not the whole form. So, let's rework your code a little bit to get the desired effect:

/**
 * First, let's alias $ to jQuery inside this block,
 * then setup a var to hold our select list dom object.
 */
jQuery(document).ready(function ($) {
    var sourceSelect = $('#source');

    sourceSelect.change(function () {
        $('#fileupload').addClass('fileupload-processing');

        /**
         * Use the token as a parameter name and 1 as the value,
         * and move the dataType param to after the success method.
         */
        $.post('index.php',
          {
            'option':   'com_tieraerzte',
            'task':     'parser.importColumns',
            'tmpl':     'component',
            'app':      sourceSelect.val(),
            '<?php echo JSession::getFormToken()?>': 1
          },
          function(result) {
            $('td.add_column').html(result);
            $('button#parse.btn').show();
            //edit the result here
            return;
          },
          'html'
        );
    });
});

Finally, this code is assuming you have this js code either in your view.html.php or in your views/parser/tmpl/default.php. If you have it in a separate .js file, then your php code won't execute and give you the token.

Upvotes: 9

Related Questions