Multipe记录删除不起作用CSRF-Cakephp [英] Multipe Record delete not working CSRF- Cakephp

问题描述

我找到了答案之一删除multipe记录，并尝试遵循它，但我一直收到相同的消息：

I've found one of the answers delete multipe record and tried following it, but I keep getting the same message:

CSRF令牌不匹配。

Cake\Http\Exception＼ requestInvalidCsrfTokenException

CSRF token mismatch.
Cake\Http\Exception\InvalidCsrfTokenException

'_Token' was not found in request data.

编辑：
删除按钮不适用于那些4控制器/表格（用户，潜在客户，联系人，客户，销售线索）
但它们确实可以在我的其他桌子上工作

Edit : The Delete button isn't working on thoses 4 Controller/Table (Users, Prospects, Contacts, Accounts, Leads) But they do work on my other table

这里是

AppController.php

AppController.php

  <?php

  namespace App\Controller;

  use Cake\Controller\Controller;
  use Cake\Event\Event;


 class AppController extends Controller
 {

public function initialize()
{

    parent::initialize();
    $this->loadComponent('RequestHandler', [
        'enableBeforeRedirect' => false,
    ]);
    $this->loadComponent('Flash');

    $this->loadComponent('Security');
    $this->loadComponent('Csrf');
}
public function pr($arr){
    echo "<pre>";
    print_r($arr);
    echo "</pre>";
    exit();
}
public function beforeRender(Event $event)
{
    if(!array_key_exists('_serialize', $this->viewVars) &&
        in_array($this->response->getType(), ['application/json', 'application/xml'])
){
        $this->set('_serialize', true);
    }

    if($this->request->getSession()->read('Auth.User')){
         $this->set('loggedIn', true);   
    } else {
        $this->set('loggedIn', false); 
    }
 }
 }

UsersController.php

UsersController.php

  <?php
    namespace App\Controller;

    use App\Controller\AppController;
    use Cake\I18n\Time;
    use Cake\Event\Event;
    use Cake\ORM\TableRegistry; 
    use Cake\Mailer\Email;
    use Cake\Auth\DefaultPasswordHasher;
    Use Cake\Utility\Security;
    use Cake\Routing\Router;

    class UsersController extends AppController
    {
   public function beforeFilter(Event $event)
  {
    parent::beforeFilter($event);

   $this->Security->setConfig('unlockedActions', ['add']);

  public function initialize(){
    parent::initialize();
    $this->loadComponent('Paginator');
    $this->loadComponent('Security');
  }
   public function delete($id = null) {
if (!$this->request->is('post')) {
    throw new MethodNotAllowedException();
}
$this->User->id = $id;
if (!$this->User->exists()) {
    throw new NotFoundException(__('Invalid user'));
}
if ($this->User->delete()) {
    $this->Session->setFlash(__('User deleted'));
    $this->redirect(array('action' => 'index'));
}
$this->Session->setFlash(__('User was not deleted'));
$this->redirect(array('action' => 'index'));
}

public function deleteall()
{

     if ($this->request->is('post'))
    {
        foreach($this->data['Users']['user_id'] as $key => $value)
        {
            $this->Subject->delete($value);
        }
        $this->Session->setFlash('User has been deleted.');
    }        
    $this->redirect(array('action' => 'index'));

   /* $this->request->allowMethod(['post', 'delete']);
    $user = $this->Users->get($id);
    foreach ($user as $value) {
        $this->Users->deleteAll(['id'=>$value]);
    }
    return $this->redirect(['action'=>'index']);*/
}
      public function isAuthorized($user)
{
    // Admin has full access
    if ($user['role'] == 'Admin') {
        return true;
    }
    // User can view and edit own account only
    if (in_array($this->request->action, ['view', 'edit', 'delete']) && $user['id'] == (int)$this->request->params['pass'][0]) {
        return true;
    }
    return false;
}    

   public function verification($token){
        $userTable = TableRegistry::get('Users');
        $verify = $userTable->find('all')->where(['token'=>$token])->first();
        $verify->verified = '1';
        $UserTable->save($verify);
    }    

这是

NotesController

NotesController

public function delete($id = null)
{
    $this->request->allowMethod(['post', 'delete']);
    $note = $this->Notes->get($id);
    if ($this->Notes->delete($note)) {
        $this->Flash->success(__('The note has been deleted.'));
    } else {
        $this->Flash->error(__('The note could not be deleted. Please, try again.'));
    }

    return $this->redirect(['action' => 'index']);
}

index.ctp

index.ctp

 <button type="submit" formaction="<?php echo $this->Url- 
 >build(['action'=>'deleteall']) ?>" class="btn btn-danger" 
 onclick="return confirm('Are yo u sure you want to delete users?')">
    Delete</button>
    </p>

 <th><input type="checkbox" class="selectall"/></th>

 <td><input type="checkbox" class="selectbox" name="ids[]" value="<?= 
 h($user->id) ?></td>"/></td>

<button type="submit" formaction="<?php echo $this->Url->build(['action' =>'delete', $user->id]) ?>" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?')">Delete</button>

推荐答案

您需要禁用CSRF和安全组件。您可以通过在控制器的beforeFilter方法中添加以下代码来禁用它们的特定操作。

You need to disable CSRF and Security components. You can disable them for specific actions by adding below code in your controller's beforeFilter method.

$actions = [
    'delete',
    'deleteall'
];

if (in_array($this->request->params['action'], $actions)) {
    // for csrf
    $this->eventManager()->off($this->Csrf);

    // for security component
    $this->Security->config('unlockedActions', $actions);
}

希望这会有所帮助。

这篇关于Multipe记录删除不起作用CSRF-Cakephp的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！