×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

mimic tpl in php with html in?

mimic tpl in php with html in?

mimic tpl in php with html in?

(OP)
How do I do this

CODE

<input type="hidden" name="csrftoken" value="{_CSRFTOKEN}"> 

with a php file that uses standard html in the form? this doesn't work

CODE

<input type="hidden" name="csrftoken" value="<?php echo $_CSRFTOKEN; ?>"> 

RE: mimic tpl in php with html in?

(OP)
I just get this within the source

CODE

<b>Notice</b>:  Undefined variable: csrftoken in <b>/home/garyjacobjack/public_html/auctioneerslive.co.uk/importdata_trk_access.php</b> on line <b>112</b><br />
"> 

RE: mimic tpl in php with html in?

Have you defined that csrftoken variable in importdata_trk_access.php? Something suggests that you have not. You probably need to process $_POST["csrftoken"] or $_GET["csrftoken"] (instead of $csrftoken), depending on your form method.

RE: mimic tpl in php with html in?

(OP)
I hawe the include file at the top where this is in another file...

RE: mimic tpl in php with html in?

Can you show us the part of the code that defines the $_CSRFTOKEN variable?

The error is jus saying your $_CSRFTOKEN does not exist. So it can't be echoed out. The echo statement is correct, so make sure your variable actually defined.

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

RE: mimic tpl in php with html in?

The name suggests this shouls be a cross site request forgery token (for allowing cross site scripting with special permission).
This is not an automatic or superglobal variable of PHP. So this might be specific to your template engine.

You might look into the template engine source code (if available), how it handles such placeholders. It could be this comes from a session variable. For sure it's not a native PHP concept you can simply translate to $_CSRFTOKEN just because you could do that with other {_variable} expressions.

Could you simply tell us, what template engine you want to replace? tpl is a very commonly used file extension used for example by Smarty for its templates. There is a freedom in that, because include or require can take any file name with any file extension, even ssi is not needing special mime types. So tpl is stating nothing specific ringing any bell for us and seeing, ah, that's what you talk about. Be more specific, please.

Bye, Olaf.

RE: mimic tpl in php with html in?

(OP)
its not smarty, for instance the call to template file here

CODE

$template->set_filenames(array(
		'body' => 'sell.tpl'
		));

$template->display('body'); 

the sell.tpl has this variable set, this is the only instance in the sell.tpl file,

CODE

<input type="hidden" name="csrftoken" value="{_CSRFTOKEN}"> 

user_login.php creates a token

CODE

// generate a random unguessable token
		$_SESSION['csrftoken'] = md5(uniqid(rand(), true)); 
I dont know if about php to understand how all this goes together and why tpl files have uppercase varibles because i cant find that varaible
_CSRFTOKEN

RE: mimic tpl in php with html in?

Well, the {} syntax is one Smarty also uses, it's not processed by PHP, but by the template enngine.

I suspect the display method of the $template object injects the value of the {_CSRFTOKEN} expression, so you might find something parsing out {} expressions and acting on them case by case, eg turning {_CSRFTOKEN} to it's value perhaps in $_SESSION['csrftoken']. As sell.tpl still contains the curly braces expression it's most likely the display() method making that replacement.

Why don't you simply check, whether the html output contains the same value as $_SESSION['csrftoken']? Then you know the PHP way to get this value in. You're so close in seeing what might happen, you jsut have to verify that. echo $_SESSION['csrftoken'] and compare that with the html output of current code.

I'm not questioning the removal of the template engine, but it would also be a thought, why not simple keep it as is?

Bye, Olaf.

RE: mimic tpl in php with html in?

Variables do not magically get created. If $_CSRFTOKEN is not defined anywhere then you cannot use it.

As Olaf points out, {_CSRFTOKE} is likely just the way the template replaces its own variables. You cannot simply convert that to a PHP variable and expect to work if the PHP variable is not set anywhere else.

If the value you are looking for comes from a session you could do something like: $_CSRFTOKEN = $S_SESSION['csrftoken'] anywhere prior to trying to place in the form and it should technically work. But values do not auto-magically go from one place to an other.

If you are trying to move away form the template, then you need to look inside, and understand what the template is doing and how its settings its tokens or variables. If you want to do things manually, then you need to know where the values are coming from.



----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

RE: mimic tpl in php with html in?

A template engine is not simply a str_replace, it can in short be something like PHP initially was itself, a simply interpreter of commands variable names or expressions can be a simple part of that.
If you want to replace a template engine by native PHP usage, then you can only pray the engine wasn't used extensively and with all it's features, or you have to reprogram much of its parsing engine and variable and expression handling etc etc.

Or you stay with the templates.

$template has to be defined/instanciated at one place. Find the source of this object and you know the used template engine at least. This could very much help mto know aht you want to replace. At the moment it looks you want to replace something quite good, even though it is monolithically only rendering full html pages and not html snippets only. You might rather tackle this on the level of the tlp files and work on the templates instead of the code.

In general, you are deep diving into this, instead of looking at the outmost level of things. What PHP framework is used, what template engine? You might work on framework internals here, you don't do that, unless you are the framework developer.

Bye, Olaf.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close