Php 由于注册过程中有两个实体,CSRF无效
我有两个实体和一个表格用于注册过程。当我添加csrf令牌时,它可能适用于其中一个,而不是两个Php 由于注册过程中有两个实体,CSRF无效,php,symfony,csrf,Php,Symfony,Csrf,我有两个实体和一个表格用于注册过程。当我添加csrf令牌时,它可能适用于其中一个,而不是两个 <form action="" method="post" class="registerForm" id="registerForm" novalidate> <div class="form-row"> <div class="form-group col-lg-6"> <input type="text" c
<form action="" method="post" class="registerForm" id="registerForm" novalidate>
<div class="form-row">
<div class="form-group col-lg-6">
<input type="text" class="form-control inner-blue-shadow" name="company[name]" id="companyName" placeholder="Име на фирма" required/>
<div class="invalid-feedback"></div>
<div class="valid-feedback"></div>
</div>
<div class="form-group col-lg-6">
<input type="text" class="form-control inner-blue-shadow" name="company[bulstat]" id="bulstat" placeholder="Булстат" required/>
<div class="invalid-feedback"></div>
<div class="valid-feedback"></div>
</div>
</div>
<div class="form-group">
<input type="text" class="form-control inner-blue-shadow" name="user[username]" id="username" placeholder="Потребителско име" required/>
<div class="invalid-feedback"></div>
<div class="valid-feedback"></div>
</div>
<div class="form-group">
<input type="email" class="form-control inner-blue-shadow" name="user[email]" id="email" placeholder="Имейл адрес" required/>
</div>
<div class="form-group">
<input type="password" class="form-control inner-blue-shadow" name="user[password]" id="password" placeholder="Парола" required/>
<div class="invalid-feedback"></div>
<div class="valid-feedback"></div>
</div>
{{ form_row(form._token) }}
<div class="text-center"><button type="submit" id="registerButton">Create account</button></div>
</form>
2.公司:
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder->add('name', TextType::class);
$builder->add('bulstat', TextType::class);
}
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults(array(
'data_class' => 'AppBundle\Entity\Company',
'csrf_protection' => true,
'csrf_field_name' => '_token',
'csrf_token_id' => 'task_item'
));
}
正在创建表单的控制器:
$company = new Company();
$companyForm = $this->createForm(CompanyType::class, $company);
$companyForm->handleRequest($request);
$user = new User();
$userForm = $this->createForm(UserType::class, $user);
$userForm->handleRequest($request);
如何修复它?这基本上是一个如何将两个实体合并为一种形式的问题。还有其他一些问题可以解决这个问题,但有些问题有点陈旧过时。这个问题也是一个没有利用Symfony提供的功能,并且比开发人员更加努力工作的例子 具体地说,Symfony采用现成的csrf,不需要特殊配置。你可以用它做更多的事情,但是从一个默认的工作实现开始,然后在必要时进行调整会更容易。以类似的方式,twig具有表单的默认呈现。表单工作后,您可以使用各种样式工具使其看起来漂亮 首先简化EntityType类并添加RegisterType:
class UserType extends AbstractType
{
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults(array(
'data_class' => User::class,
));
}
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('username', TextType::class)
->add('email', EmailType::class)
->add('password', PasswordType::class);
}
}
class CompanyType extends AbstractType
{
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults(array(
'data_class' => Company::class,
));
}
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('name', TextType::class)
->add('bulstat', TextType::class);
}
}
class RegisterType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('user', UserType::class)
->add('company', CompanyType::class)
->add('register', SubmitType::class);
}
}
现在调整控制器代码并使用默认的表单呈现:
public function register(Request $request)
{
$user = new User();
$company = new Company();
$register = ['user' => $user, 'company' => $company];
$form = $this->createForm(RegisterType::class, $register);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
dump($user);
dump($company);
}
return $this->render('register.html.twig',['form' => $form->createView()]);
}
# register.html.twig
{% extends 'base.html.twig' %}
{% block body %}
<h1>Register</h1>
{{ form(form) }}
{% endblock %}
公共功能寄存器(请求$Request)
{
$user=新用户();
$company=新公司();
$register=['user'=>$user,'company'=>$company];
$form=$this->createForm(RegisterType::class,$register);
$form->handleRequest($request);
如果($form->isSubmitted()&&&$form->isValid()){
转储($用户);
倾销($公司);
}
返回$this->render('register.html.twig',['form'=>$form->createView());
}
#register.html.twig
{%extends'base.html.twig%}
{%block body%}
登记
{{形式(形式)}}
{%endblock%}
此时,您应该有一个工作表单。然后,您可以添加验证和持久性,并使表单看起来更美观。您好,您还可以添加控制器的代码吗。这里有两张表格,你必须分别处理每一张表格是的,我会的。代码太长了,但我会在处理代码的地方添加代码。我一直在想,CSRF只适用于一种形式,对吗?如果我设法把这两个结合成一个呢?只是个主意。我不知道怎么做,甚至不知道它是否有效。是的,一个表单可以包含两个实体。我认为(从发布的代码中)您没有使用Symfony框架?我确实使用了它。你为什么会想到这样一个主意?绝对是Symfony。先生,如果您能为我提供任何适当的方法来克服这个障碍,我将不胜感激。方法“IsValid”返回false,这意味着有一些错误。既然我们已经将三个表单包装成一个表单,我如何能够单独访问每个表单消息?如果我是正确的,我会得到两个错误,这是关于无效的CSRF和有一些额外的字段。开箱即用,我发布的代码将呈现任何错误。查看文档以了解更多详细信息。
public function register(Request $request)
{
$user = new User();
$company = new Company();
$register = ['user' => $user, 'company' => $company];
$form = $this->createForm(RegisterType::class, $register);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
dump($user);
dump($company);
}
return $this->render('register.html.twig',['form' => $form->createView()]);
}
# register.html.twig
{% extends 'base.html.twig' %}
{% block body %}
<h1>Register</h1>
{{ form(form) }}
{% endblock %}