Jump to:

3392 Posts in 976 Topics by 852 members

Template Questions

SilverStripe Forums » Template Questions » [resolved] How do you retrieve the SecurityID value?

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1971 Views
  • 1k2k3
    Avatar
    Community Member
    15 Posts

    [resolved] How do you retrieve the SecurityID value? Link to this post

    How do I retrieve the current SecurityID value after a page has been refreshed?

    And then put that value into a Hidden Input Box within the SilverStripe Theme for example.

    <input class="hidden nolabel" type="hidden" id="Form_Form_SecurityID" name="SecurityID" value="Current SecurityID value here" />

    The reason I would like to be able to retrieve this value on refresh. Is because I'm using a newsletter module http://ssorg.bigbird.silverstripe.com/newsletter-module/ and I have hard coded the form into my SilverStripe theme using the 'Page Source' from the subscription page created within the CMS.

    Screen dump: http://img707.imageshack.us/img707/314/newsletterareasample.jpg

    <!-- Newsletter Code start -->
       <div id="stylized">
       <form id="Form_Form" action="/silverstripe/subscription/Form" method="post" enctype="application/x-www-form-urlencoded">
                   <img alt="Resources" src="$ThemeDir/images/Newsletter.gif" />
                   <label>Email
                   <span class="small">Add a valid address:</span>
                   </label>
       <p id="Form_Form_error" class="message " style="display: none"></p>
       <fieldset>
             <div class="field CompositeField nolabel" id="MemberInfoSection">
                <div id="Email" class="field text">
                   <div class="middleColumn">
                   <input type="text" class="text" id="Form_Form_Email" name="Email" value="" />
                   </div>
                </div>
             </div>
          <input class="hidden nolabel" type="hidden" id="Form_Form_SecurityID" name="SecurityID" value="12119" />
          <div class="clear"><!-- --></div>
       </fieldset>
          <div class="Actions">
             <input class="action "
             id="Form_Form_action_doSubscribe"
             type="submit"
             name="action_doSubscribe"
             value="Submit"
             title="Submit" />
          </div>
       </form>
       </div>
       <!-- Newsletter Code start -->

    At the moment though because the valve '12119' does not change, the first subscription into the newsletter module works A okay but the second and third subscriptions return the error.

    SecurityID doesn't match, possible CSRF attack.

  • 1k2k3
    Avatar
    Community Member
    15 Posts

    Re: [resolved] How do you retrieve the SecurityID value? Link to this post

    Resolved. even though it just took a little bit of researching I hope this helps other people who may of had same issue.

    The variable $securityID from \silverstripe\sapphire\forms\form.php, stores the SecurityID value I was looking for.

    I found it by looking through the document : http://svn.silverstripe.com/open/modules/sapphire/branches/trunk-ssbook/forms/Form.php

          // Protection against CSRF attacks
          if($this->securityTokenEnabled()) {
             $securityID = Session::get('SecurityID');

             if(!$securityID || !isset($vars['SecurityID']) || $securityID != $vars['SecurityID']) {
                $this->httpError(400, "SecurityID doesn't match, possible CSRF attack.");
             }
          }

    My code for the newsletter area is..

       <!-- Newsletter Code start -->
       <div id="stylized">
       <form id="Form_Form" action="/silverstripe/subscription/Form" method="post" enctype="application/x-www-form-urlencoded">
                   <img alt="Resources" src="$ThemeDir/images/Newsletter.gif" />
                   <label>Email
                   <span class="small">Add a valid address:</span>
                   </label>
       <p id="Form_Form_error" class="message " style="display: none"></p>
       <fieldset>
             <div class="field CompositeField nolabel" id="MemberInfoSection">
                <div id="Email" class="field text">
                   <div class="middleColumn">
                   <input type="text" class="text" id="Form_Form_Email" name="Email" value="" />
                   </div>
                </div>
             </div>
          <input class="hidden nolabel" type="hidden" id="Form_Form_SecurityID" name="SecurityID" value="$securityID" />
          <div class="clear"><!-- --></div>
       </fieldset>
          <div class="Actions">
             <input class="action "
             id="Form_Form_action_doSubscribe"
             type="submit"
             name="action_doSubscribe"
             value="Submit"
             title="Submit" />
          </div>
       </form>
       </div>
       <!-- Newsletter Code end -->

    Which returns a confirmation page.

    Your Subscription to the newsletter has been successful.

  • qbahamutp
    Avatar
    Community Member
    8 Posts

    Re: [resolved] How do you retrieve the SecurityID value? Link to this post

    Thanks so much for sharing this

    1971 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.