Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Error when add CSRF token to Laravel form

I have a login form in Laravel:

<form class="form-signin" action="{{ URL::route('adminAuthen') }}" method="POST">
    {{ csrf_field() }}
    <h2 class="form-signin-heading">Admin Login</h2>
    <label for="inputUsername" class="sr-only">Email address</label>
    <input type="text" id="inputUsername" name="username" class="form-control" placeholder="Username" required autofocus>
    <label for="inputPassword" class="sr-only">Password</label>
    <input type="password" id="inputPassword" name="password" class="form-control" placeholder="Password" required>
    <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>

But I always got error when visit this form:

Call to undefined function csrf_field()

How can I fix this bug?

like image 449
Son Tran Avatar asked May 13 '15 06:05

Son Tran


People also ask

What are CSRF tokens in Laravel?

To protect your application, Laravel uses CSRF tokens. CSRF tokens are strings that are automatically generated and can be attached to a form when the form is created. They are used to uniquely identify forms generated from the server. The idea behind it is that when the server receives POST requests, the server checks for a CSRF token.

What happens if I make a request without adding the csrf token?

So, if you make a request without adding the CSRF Token, the request will be rejected. If you go to the file app/Http/Kernel.php you will see the VerifyCsrfToken middleware defined: <?php [...] class Kernel extends HttpKernel { [...] protected $middlewareGroups = [ 'web' => [ [...] \App\Http\Middleware\VerifyCsrfToken::class, [...]

How do I fix CSRF token mismatch in Ajax?

Error token mismatch Within the AJAX call itself, add another data property alongside the data that will be passed already form. and fixed CSRF token mismatch to correct. using this code, we can fix any of the CSRF tokens every time.

How do you handle CSRF errors?

The classic CSRF handling of error. This is when no CSRF tokens are inserted. However, once the SCRF token has been inserted. The time and tested mechanism to fight against such attacks are to create a layer of authentication which is going to be system generated.


2 Answers

I think there is no function called csrf_field() in laravel 5, use this instead of that.

<input type="hidden" name="_token" value="{{ csrf_token() }}">

Update 2016-03-17

Laravel introduce csrf_field() in version 5.1

{{ csrf_field() }} this will generate csrf token field,

like image 100
Kalhan.Toress Avatar answered Oct 01 '22 14:10

Kalhan.Toress


You can replace your {{ csrf_field() }} with this:

<input type="hidden" name="_token" value="{{ csrf_token() }}">

You might have misunderstood this because of master documentation page of laravel. I don't why they did that. But this one is what I found to be working on the laravel-5.

like image 24
Aditya Giri Avatar answered Oct 01 '22 14:10

Aditya Giri