Unable to verify data submission on forked Yii2 project

We’ve been building websites in Yii2 for a while and haven’t encountered anything like this before. Normally we would use composer create-project but this particular site was almost a clone of a previous one, so instead we forked the repository and amended.

On our contact form, we’re having the error “Unable to verify your data submission.”

Searching seems to point to this being an error with CSRF validation error. The code is nigh-on identical to that of the previous website which doesn’t have this error. I’m wondering if perhaps the yii2 project creator has an extra step that I’ve missed by creating a new fork.

I’ve tried manually running the post-create script through composer and generated a new cookie key this way but still no luck.

The CSRF token is definitely getting submitted in my POST form. There’s no CSRF token in my head tag, in neither the old site (which works) or this one.

Config/web.php:

$config = [
'id' => 'basic',
'basePath' => dirname(__DIR__),
'bootstrap' => ['log'],
'components' => [
    'request' => [
        'cookieValidationKey' => 'hM24d0f8om76ifNCKQEg',
    ],
    'cache' => [
        'class' => 'yiicachingFileCache',
    ],
    'user' => [
        'identityClass' => 'appmodelsUser',
        'enableAutoLogin' => true,
    ],
    'adminUser' => [
        'class' => 'yiiwebUser',
        'identityClass' => 'appmodulesadminmodelsAdmin',
        'enableAutoLogin' => true,
    ],
    'errorHandler' => [
        'errorAction' => 'site/error',
    ],
    'log' => [
        'traceLevel' => YII_DEBUG ? 3 : 0,
        'targets' => [
            [
                'class' => 'yiilogFileTarget',
                'levels' => ['error', 'warning'],
            ],
        ],
    ],
    'db' => require(__DIR__ . '/db.php'),
    'urlManager' => [
        'enablePrettyUrl' => true,
        'showScriptName' => false,
        'rules' => require(__DIR__ . '/routes.php')
    ],
    'view' => [
        'renderers' => [
            'twig' => [
                'class' => 'yiitwigViewRenderer',
                'cachePath' => '@runtime/Twig/cache',
                'options' => [
                    'auto_reload' => true,
                ],
            ],
        ],
    ],
],
'modules' => [
    'admin' => [
        'class' => 'appmodulesadminModule',
    ],
],
'params' => $params,
];

Composer.json:

{
"name": "yiisoft/yii2-app-basic",
"description": "Yii 2 Basic Project Template",
"keywords": ["yii2", "framework", "basic", "project template"],
"homepage": "http://www.yiiframework.com/",
"type": "project",
"license": "BSD-3-Clause",
"support": {
    "issues": "https://github.com/yiisoft/yii2/issues?state=open",
    "forum": "http://www.yiiframework.com/forum/",
    "wiki": "http://www.yiiframework.com/wiki/",
    "irc": "irc://irc.freenode.net/yii",
    "source": "https://github.com/yiisoft/yii2"
},
"minimum-stability": "stable",
"require": {
    "php": ">=5.4.0",
    "yiisoft/yii2": ">=2.0.5",
    "yiisoft/yii2-bootstrap": "*",
    "yiisoft/yii2-swiftmailer": "*",
    "yiisoft/yii2-gii": "^2.0",
    "yiisoft/yii2-twig": "^2.0"
},
"require-dev": {
    "yiisoft/yii2-codeception": "*",
    "yiisoft/yii2-debug": "*",
    "yiisoft/yii2-faker": "*"
},
"config": {
    "process-timeout": 1800
},
"scripts": {
    "post-create-project-cmd": [
        "yiicomposerInstaller::postCreateProject"
    ]
},
"extra": {
    "yiicomposerInstaller::postCreateProject": {
        "setPermission": [
            {
                "runtime": "0777",
                "web/assets": "0777",
                "yii": "0755"
            }
        ],
        "generateCookieValidationKey": [
            "config/web.php"
        ]
    },
    "asset-installer-paths": {
        "npm-asset-library": "vendor/npm",
        "bower-asset-library": "vendor/bower"
    }
}
}

Thanks!


Source: stackoverflow-php

PHP, Yii framework RBAC: write rule to create posts

I have tried to implement RBAC in my yii2 application, and I’ve followed this tutorial: http://www.yiiframework.com/doc-2.0/guide-security-authorization.html#rbac.

I have created an “admin” role, and assigned it the “createPost” permission, but my “admin” user can still not create posts. If I understood this correctly, now I have to implement a rule for creating posts and assign it to this permission. I can see that there is already an “AuthorRule”:

public function execute($user, $item, $params)
{          
   return isset($params['post']) ? $params['post']->createdBy == $user : false;
}

but I’m completely new to PHP and Yii and don’t know how to make another rule for creating posts.


Source: stackoverflow-php

Yii2 creates new session instead of opening existing

I am working on a simple logic of storing my shopping cart in session using Yii2 native yiiwebSession.
Every time I add an item to a cart I call a method:

public function actionAdd( ) {

    $id = Yii::$app->request->get('id');
    $product = Product::findOne($id);

    $session = Yii::$app->session;
    $session->open();

    $cart = new Cart();
    $cart->addToCart($product);

    $this->layout = false;
    return $this->render('cart-modal', compact('session'));
}

this method works with a Cart model and adds my item to the session:

public function addToCart($product, $qty = 1) {

    if(isset($_SESSION['cart'][$product->id])) {
        $_SESSION['cart'][$product->id]['qty'] += $qty;
    } else {
        $_SESSION['cart'][$product->id] = [
            'qty' => $qty,
            'title' => $product->title,
            'price' => $product->price,
            'image' => $product->image,
        ];
    }
}

and all goes well until I try add another item.
Then Yii instead of opening existing session creates a new one with this last item I’ve add. What can be the reason of this kind of behavior?

I’m working on a local web server OpenServer and haven’t changed any setting that might be related to sessions.


Source: stackoverflow-php