Home/ Questions/Q 9157739
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T13:05:42+00:00

I’m building a custom Joomla component and I added this to my form in

  • 0

I’m building a custom Joomla component and I added this to my form in my template (default.php) file (it is using a HTTP POST):

echo JHTML::_( 'form.token' ); //add hidden token field to prevent CSRF vulnerability

Then I check the token in my controller with:

JRequest::checkToken() or die( 'Invalid Token' );

But no matter what I do I get an Invalid Token. I have verified that a hidden type with a token is created in my form when I view sources on the html page. I also verified, in the controller, the value of the token is the same:

print_r(JUtility::getToken());

So if the token is the same value, why on earth is it exiting with an Invalid Token message?

EDIT: There is a key piece I failed to mention. My form is processed with jquery ajax in a separate js file that is added in my view.html.php. This is what the ajax POST looks like:

jQuery.ajax({
    type: 'POST',
    url: 'index.php?option=com_recordings&task=deletevideos&format=raw',
    data: {checkedarray:checked},
    success: function(data){
               //delete row
    }
});

The controller processes this:

function deletevideos()
{

    $video_list = JRequest::getVar('checkedarray', 0, 'post', 'array');
    //print_r(JUtility::getToken());
    JRequest::checkToken() or jexit( 'Invalid Token' );     

    $model = &$this->getModel();
    return $model->setDeleteVideos($video_list);
}

This then goes to the model that does the DB update. I saw this old post that might be relevant. It is not clear to me how/where I generate the token and where/how I validate that token. The post seems quite involved as it checks against users as well which I don’t think is needed in my case. Or maybe I misunderstand?

EDIT #2

Okay so the token is missing and I need to pass it into my js file. So I thought I could add this to my view.html.php:

    $addtoken = JUtility::getToken();
    $addtokenjs = 'jQuery(function() {
                    var token="'.$addtoken.'";
                    });';
    $doc->addScriptDeclaration( $addtokenjs );
    $doc->addScript(JURI::base()."components/com_recordings/js/recordings.js");

I have to put this in the document ready function because apparently addScriptDeclaration does not put anything ahead of my recordings.js file. Then pass the token into the ajax call:

jQuery.ajax({
    type: 'POST',
    url: 'index.php?option=com_recordings&task=deletevideos&format=raw'+token+'=1',
    data: {checkedarray:checked},
    success: function(data){
               //delete row
    }
});

Apparently I’m not doing this right as I get this error: ReferenceError: token is not defined.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It does not seem that you are passing token value in the ajax request.And that’s why you are getting this error.

    You can –
    1) append token to the url like this

    url: 'index.php?option=com_recordings&task=deletevideos&format=raw&'. JUtility::getToken() .'=1'

    2) Or send the whole form using Serialize.

    EDIT 2:-
    You can create a function called getToken like this-

     $addtokenjs = 'function getToken() {
                    var token="'.$addtoken.'";
                    return token;
                    };';

    And in url instead of calling token you can call getToken()

    url: 'index.php?option=com_recordings&task=deletevideos&format=raw'+getToken()+'=1'

    Hope this will work.

    • 0