I am using Symfony 1.4 forms for a simple login module. The form, pretty basic has it’s code listed below:
<?php
class LoginForm extends sfFormSymfony
{
public function configure()
{
$this->setWidgets(
array('username' => new sfWidgetFormInputText(),
'password' => new sfWidgetFormInputPassword(),));
// 'remember_me' => new sfWidgetFormSelectCheckbox(array('choices'=>array('true'=>''))),));
$this->widgetSchema->setNameFormat('login[%s]');
$this->setValidators(array(
'username' => new sfValidatorString(array('required'=>true)),
'password' => new sfValidatorString(array('required'=>true)),
));
}
}
The form renders fine in the template page as expected. FYI, I use $form[‘username’]->render method to individually render the methods where I like them instead of echoing the form out.
Upon post (recognized) I bind values to the form like this:
$this->form->bind($request->getParameter('login'));
However, it fails against the condition
$this->form->isValid();
Both the fields are not being left empty and the credentials are correct, so this seems something more insidious to me.
Upon doing a var_dump($this->form->getValues()); it returns an empty array which I believe implies that the values were not retrieve nor bound.
Can anybody spot where I possibly am messing up ?
Thanks
As of symfony 1.3, csrf protection is enabled by default. This means that all your forms get a csrf token field, named
_csrf_tokenby default – it’s a hidden field that’s unique to your session and the given form type.If you don’t render and submit this field with the rest of your form it will be invalid – it detects a csrf attack, so it’s good this way.
The short fix is to render the token field:
But the better way is to render all hidden fields in one go (I usually did this next to the submit button):