Catch WireCSRFException and display message to user

[Torsten Baldes]

Hi, 

I'm using the form api to build my forms (like this: https://processwire.com/talk/topic/2089-create-simple-forms-using-api/) and today someone got a WireCSRFException which resulted in an Internal Server Error. 

Because of this, I have 2 questions:

What could be the reason for this failed token check?

How can I catch this error and display a message on my page (above/below the form)? The Internal Server Error page seems a little bit rude and irritating for the average user.

 

Thanks!

 

 

 

[Zeka]

 try {
                $form->processInput($input->post);
                $session->CSRF->validate();
            }
                        
            catch (WireCSRFException $e) {

                echo "Processing aborted. Suspected attempt to forge the submission. IP logged." . $e->getMessage();
                /*
                 * Some code to execute whenever the token gets spoofed
                 * Like sending a notification mail with the spoofer's IP address
                 */

                die(); // live a great life and die() gracefully.
            }

or

// when processing form (POST request), check to see if token is present
if($session->CSRF->hasValidToken()) {
  // form submission is valid
  // okay to process
} else {
  // form submission is NOT valid
  throw new WireException('CSRF check failed!');
}