I am getting Bad Request (#400) error while I am trying to login into a system. I am working on localhost.
Main layout:
<html lang="<?= Yii::$app->language ?>">
<head>
<meta charset="<?= Yii::$app->charset; ?>">
<meta name="viewport"
content="width=device-width, initial-scale=1, maximum-scale=1"/>
<?= Html::csrfMetaTags(); ?>
<title><?= Html::encode($this->title); ?></title>
<?php $this->head(); ?>
</head>
<body></body>
</html>
View (login.php
):
<?php
use yii\helpers\Html;
use yii\bootstrap\ActiveForm;
$this->title = 'Login';
$this->params['breadcrumbs'][] = $this->title; ?>
<div class="container w-xxl w-auto-xs">
<a href class="navbar-brand block m-t">OpenXcell Pvt. Ltd.</a>
<div class="m-b-lg">
<div class="wrapper text-center">
<strong>Sign in to get in touch</strong>
</div>
<form action="/advanced/admin/site/login"
method="post"
name="form"
class="form-validation">
<div class="list-group list-group-sm">
<div class="list-group-item">
<input type="text" placeholder="Email" required
class="form-control no-border" name="username">
</div>
<div class="list-group-item">
<input type="password" placeholder="Password" required
class="form-control no-border" name="password">
</div>
</div>
<button type="submit" class="btn btn-lg btn-primary btn-block">
Log in
</button>
</form>
</div>
</div>
Site Controller:
<?php namespace backend\controllers;
use Yii;
use yii\filters\AccessControl;
use yii\web\Controller;
use app\models\LoginForm;
use yii\filters\VerbFilter;
class SiteController extends Controller {
public function behaviors() {
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['login', 'error'],
'allow' => true
],
[
'actions' => ['logout', 'index'],
'allow' => true,
'roles' => ['@']
]
]
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => ['logout' => ['post']]
]
];
}
public function actions() {
return ['error' => ['class' => 'yii\web\ErrorAction']];
}
public function actionIndex() {
return $this->render('index');
}
public function actionLogin() {
$model = new LoginForm();
if ($model->load(Yii::$app->request->post()) && $model->login()) {
return $this->goBack();
} else {
return $this->render('login', ['model' => $model]);
}
}
public function actionLogout() {
Yii::$app->user->logout();
return $this->goHome();
}
}
Model:
<?php namespace app\models;
use Yii;
use yii\base\Model;
class LoginForm extends Model {
public $username;
public $password;
public $rememberMe = true;
private $_user = false;
public function rules() {
return [
[['username', 'password'], 'required'],
['rememberMe', 'boolean'],
['password', 'validatePassword']
];
}
public function validatePassword($attribute, $params) {
if (!$this->hasErrors()) {
$user = $this->getUser();
if (!$user || !$user->validatePassword($this->password)) {
$this->addError($attribute, 'Incorrect username or password.');
}
}
}
public function login() {
$duration = $this->rememberMe ? 3600 * 24 * 30 : 0;
if ($this->validate()) {
return Yii::$app->user->login($this->getUser(), $duration);
} else {
return false;
}
}
public function getUser() {
if ($this->_user === false) {
$this->_user = User::findByUsername($this->username);
}
return $this->_user;
}
}
Why am I getting this error? What is wrong in my code?
Add CSRF token. If you don't want to use ActiveForm
, then add this token explicitly (in case of ActiveForm is used, the token will be added automatically):
<form action="" method="post">
<input type ="hidden"
name ="<?php echo Yii::$app->request->csrfParam; ?>"
value="<?php echo Yii::$app->request->csrfToken; ?>">
</form>
To disable CSRF validation for the whole controller:
class DemoController extends Controller {
public $enableCsrfValidation = false;
}
To disable CSRF validation for a certain action:
class DemoController extends Controller {
public function beforeAction($action) {
if (in_array($action->id, ['example'])) {
$this->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}
}
Also, read about security-passwords.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With