yii2无法验证您提交的数据

pwuypxnk  于 2022-11-09  发布在  其他
关注(0)|答案(5)|浏览(171)

我用的是nginx,PHP 5.5.14,php-fpm,yii 2,mac操作系统。
我修改了yii的配置,将会话存储在数据库中(postgress,用户是超级用户)。这是我的配置:

'session' => [
        'class' => 'yii\web\DbSession',
        'sessionTable' => 'session',
    ],

现在,当我尝试注册新用户,我得到了这个错误:

Bad Request (#400)
Unable to verify your data submission

下面是日志的一部分:

10  17:25:57.434    info    yii\db\Command::query   SELECT "data" FROM "session" WHERE "expire">1425993957 AND "id"='cfg9sutufqchr1tdose4cack15'
/Users/pupadupa/Dev/www/mint-office-web/components/Controller.php (41)
11  17:25:57.442    info    yii\web\Session::open   Session started
/Users/pupadupa/Dev/www/mint-office-web/components/Controller.php (41)
12  17:25:57.450    error   yii\web\HttpException:400   exception 'yii\web\BadRequestHttpException' with message 'Не удалось проверить переданные данные.' in /Users/pupadupa/Dev/www/mint-office-web/vendor/yiisoft/yii2/web/Controller.php:110
Stack trace:

# 0 /Users/pupadupa/Dev/www/mint-office-web/components/Controller.php(41): yii\web\Controller->beforeAction(Object(app\controllers\user\RegistrationAction))

# 1 /Users/pupadupa/Dev/www/mint-office-web/vendor/yiisoft/yii2/base/Controller.php(149): app\components\Controller->beforeAction(Object(app\controllers\user\RegistrationAction))

# 2 /Users/pupadupa/Dev/www/mint-office-web/vendor/yiisoft/yii2/base/Module.php(455): yii\base\Controller->runAction('registration', Array)

# 3 /Users/pupadupa/Dev/www/mint-office-web/vendor/yiisoft/yii2/web/Application.php(83): yii\base\Module->runAction('user/registrati...', Array)

# 4 /Users/pupadupa/Dev/www/mint-office-web/vendor/yiisoft/yii2/base/Application.php(375): yii\web\Application->handleRequest(Object(yii\web\Request))

# 5 /Users/pupadupa/Dev/www/mint-office-web/web/index.php(20): yii\base\Application->run()

# 6 {main}

13  17:25:57.454    trace   yii\base\Controller::runAction  Route to run: index/error

顺便说一句,
1.我在head部分有<?= Html::csrfMetaTags() ?>,在我的表单中有csrf输入,所以看起来不是问题所在
1.我不想做public $enableCsrfValidation = false;,因为我认为这不是解决方案,而是变通办法。

**我如何了解导致此错误的原因?**正如我前面提到的,问题仅在将会话存储在数据库中时出现。

一些附加信息:我可以从会话中设置和获取变量。例如,我把它放在Controller.phpbeoreAction

Yii::$app->session->set('test', 'qwe');
$t = Yii::$app->session->get('test') ;
var_dump($t);

但是在那之后如果我这样评论第一行

//Yii::$app->session->set('test', 'qwe');
$t = Yii::$app->session->get('test') ;
var_dump($t);

并刷新页面-我收到空值(顺便说一句,刷新后我可以在cookie中看到Cookie:PHPSESSID=cfg9sutufqchr1tdose4cack15)。
因此,似乎有一些问题与会话(DbSession)或可能是我的php/php-fpm/nginx设置。
我的UserController.php

<?php

namespace app\controllers;

use app\components\Controller;
use app\models\Client;
use app\models\User;
use yii\filters\AccessControl;
use yii\web\BadRequestHttpException;
use yii\web\NotFoundHttpException;

class UserController extends Controller
{

    public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'only' => ['logout', 'employee'],
                'rules' => [
                    [
                        'actions' => ['logout',],
                        'allow' => true,
                        'roles' => ['@'],
                    ],
                    [
                        'actions' => ['employee', 'employee_add'],
                        'allow' => true,
                        'roles' => [ROLE_CLIENT_ADMIN],
                    ],
                ],

            ],
        ];
    }

    public function actions()
    {
        return [
            'login' => 'app\controllers\user\LoginAction',
            'logout' => 'app\controllers\user\LogoutAction',
            'restore' => 'app\controllers\user\RestoreAction',
            'registration' => 'app\controllers\user\RegistrationAction',
            'employee' => 'app\controllers\user\EmployeeAction',
            'employee_add' => 'app\controllers\user\EmployeeAddAction',
            //'passwd' => 'app\controllers\user\PasswdAction',
            'captcha' => [
                'class' => 'yii\captcha\CaptchaAction',
                'fixedVerifyCode' => YII_ENV === 'dev' ? 'testme' : null,
            ],
        ];
    }

    /**
     * @param int $clientId
     * @return Client
     * @throws BadRequestHttpException
     * @throws NotFoundHttpException
     */
    public function getClient($clientId)
    {
        if (!\Yii::$app->user->can(ROLE_ADMIN)) {
            /* @var User $user */
            $user = \Yii::$app->user->identity;
            $clientId = $user->client_id;
        }
        if (!$clientId) {
            throw new BadRequestHttpException('Bad request');
        }

        $client = Client::find()->where(['id' => $clientId])->one();
        if (!$client) {
            throw new NotFoundHttpException('Компания не найдена');
        }

        return $client;
    }

}

我的RegistrationAction.php

<?php
namespace app\controllers\user;

use app\models\UserConfirm;
use Yii;
use app\components\Action;
use app\forms\RegistrationForm;
use yii\web\NotFoundHttpException;

class RegistrationAction extends Action
{

    public function run($key = null)
    {
        if ($key !== null) {
            /* @var UserConfirm $confirm */
            $confirm = UserConfirm::find()->andWhere('expire > NOW()')->andWhere([
                    'key' => $key,
                    'action' => 'reg'
                ])->one();
            if (!$confirm) {
                throw new NotFoundHttpException('Key not found');
            }

            $user = $confirm->user;
            $user->enabled = true;
            $user->last_login = date('Y-m-d H:i:s');
            $user->save();

            $confirm->delete();

            Yii::$app->user->login($user, 0);
            return $this->controller->goHome();
        }

        $model = new RegistrationForm();
        if ($model->load($_POST) && $model->validate() && $model->register()) {

            $subject = Yii::$app->name . ' - Success';
            $message = $this->controller->renderPartial(
                '//email/registration',
                [
                    'username' => $model->email,
                    'password' => $model->password,
                    'key' => $model->key,
                    'keyExpire' => $model->keyExpire
                ]
            );

            $res = Yii::$app->mailer->compose()
                ->setTo($model->email)
                ->setFrom([Yii::$app->params['from'] => Yii::$app->params['fromName']])
                ->setSubject($subject)
                ->setHtmlBody($message)
                ->send();

            Yii::$app->session->setFlash('registrationFormSubmitted');
            return $this->controller->refresh();
        }

        return $this->controller->render('registration', ['model' => $model]);
    }

}
rpppsulh

rpppsulh1#

您的工作阶段识别码似乎已变更。请检查第二次要求后,工作阶段Cookie的值是否已变更。当您错误设定为工作阶段Cookie设定的网域时,就会发生这种情况,请确定它与您URL中的主机名称相符。

oaxa6hgo

oaxa6hgo2#

我认为这种情况发生在服务器混乱的时候,我所需要做的就是重新启动我的apache服务器。
适用于MacOSx上的apache

sudo apachectl restart

对于Linux上的Apache

sudo service apache2 restart

sudo service httpd restart
k2arahey

k2arahey3#

i hv used this while calling logout 
 $menuItems[] = [
                 'label' => 'Logout (' . Yii::$app->user->identity->username . ')',
                 'url' => ['/site/logout'],
                 //  'linkOptions' => ['data-method' => 'get']
                 'data-method' => 'get'
             ];

in main .php change post to get 
---------------------------------------------------
and have changes this also
   $url = Html::a('Logout',
             ['/site/logout'],
             ['class' => 'btn btn-success', 'data-method' => 'get']);

this is also in main.php
--------------------------------------------------------------------
in behaviour of site controller also

 public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'only' => ['logout', 'signup','index'],
                'rules' => [
                    [
                        'actions' => ['signup'],
                        'allow' => true,
                        'roles' => ['?'],
                    ],
                    [
                        'actions' => ['logout','index'],

                        'allow' => true,
                        'roles' => ['@'],
                    ],
                ],
            ],
            'verbs' => [
                'class' => VerbFilter::className(),
                'actions' => [
                   'logout' => ['get'],
                ],
            ],
        ];
    }

change post to get...and it will work....
niknxzdl

niknxzdl4#

我所做的是,我只是让后端和前端的“csrfParam”不同,在“php init”命令之后,一切都正常了。
不确定这是否是一个错误,或者如果我们使用DBsession,我们必须设置不同的“csrfParam”。

jmo0nnb3

jmo0nnb35#

不知道是不是太晚了,但我发现这个解决方案在类似的Yii2框架在POST表单请求中吐出400个坏请求的情况下对我很有效。
只需在表单中添加以下代码,手动添加一个CSRF键输入字段,Yii2就会接受数据提交:

<?php

use Yii;
echo Html::tag('input', '', ['type' => 'hidden', 'name' => '_csrf-backend', 'value' => Yii::$app->request->getCsrfToken()]);

?>

注意:这是高级模板。从长远来看,我建议不要使用基于短标签的框架,因为PHPers会知道这是一个诅咒。

相关问题