Jump to content

Catch WireCSRFException and display message to user


Torsten Baldes
 Share

Recommended Posts

Hi, 

I'm using the form api to build my forms (like this: https://processwire.com/talk/topic/2089-create-simple-forms-using-api/) and today someone got a WireCSRFException which resulted in an Internal Server Error. 

Because of this, I have 2 questions:

What could be the reason for this failed token check?

How can I catch this error and display a message on my page (above/below the form)? The Internal Server Error page seems a little bit rude and irritating for the average user.

 

Thanks!

 

 

 

Link to comment
Share on other sites

 try {
                $form->processInput($input->post);
                $session->CSRF->validate();
            }
                        
            catch (WireCSRFException $e) {

                echo "Processing aborted. Suspected attempt to forge the submission. IP logged." . $e->getMessage();
                /*
                 * Some code to execute whenever the token gets spoofed
                 * Like sending a notification mail with the spoofer's IP address
                 */

                die(); // live a great life and die() gracefully.
            }

or

// when processing form (POST request), check to see if token is present
if($session->CSRF->hasValidToken()) {
  // form submission is valid
  // okay to process
} else {
  // form submission is NOT valid
  throw new WireException('CSRF check failed!');
}

 

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...