Page 1 of 1
delete_x
Posted: 2022-10-19 09:46
by AhmedBR
Hi,
I am trying to create a link to delete a record using this line:
Code: Select all
sales_order_view.php?SelectedID=%ID%&delete_x=%ID%
Tried these also
Code: Select all
sales_order_view.php?SelectedID=%ID%&delete_x=1
Code: Select all
sales_order_view.php?&filterer_id=%ID%&delete_x=1
based on:
https://bigprof.com/appgini/help/advanc ... parameters
addNew_x works fine
Code: Select all
sales_view.php?filterer_customer_id=1&addNew_x=1
But delete_x I am always getting this message:
Code: Select all
Oops! Something went wrong with this page. Please go back and retry.
(user has permission to delete, so it is not permission)
What am I doing wrong?
Thanks
Re: delete_x
Posted: 2022-10-19 09:51
by jsetzer
Are you replacing
%ID% by a real Primary Key before opening the URL?
Something like...
Code: Select all
TABLENAME_view.php?SelectedID=1&delete_x=1
should work.
The string "%ID%" is probably not a real primary key in your table.
Re: delete_x
Posted: 2022-10-19 10:30
by AhmedBR
Thanks for the reply Jan.
jsetzer wrote: ↑2022-10-19 09:51
Are you replacing
%ID% by a real Primary Key before opening the URL?
Yes, and it is the Primary Key.
Should work, but it does not, I keep getting that error message!
if I use print, dvprint with the same %ID% etc. all working 100%, just delete not working.
I guess I have to keep digging to find where the problem is.
Re: delete_x
Posted: 2022-10-19 10:48
by jsetzer
From generated sourcecode I can see that you need to be logged in. Deleting requires CSRF token AND JWT authentication.
Code: Select all
...
elseif($delete_x != '') {
// delete only if either a csrf or jwt token is provided
if(!csrf_token(true) && !jwt_check_login()) die($this->translation['csrf token expired or invalid']);
...
Usually those should be set automatically when opening a DV or TV.
So, from within AppGini generated code deleting a record by primary key
TABLENAME_view.php?SelectedID=1234&delete_x=1 should work. I am using such URLs from time to time, so, I'm pretty sure it should work.
Questions:
Are you calling that URL from within AppGini generated view? and
are you logged in?
Re: delete_x
Posted: 2022-10-20 00:20
by AhmedBR
Questions: Are you calling that URL from within AppGini generated view? and are you logged in?
Yes, as super admin (so it is not logged in nor permission issue, if I open the record I can use the delete button without a problem!)
From within the tabelview using buttons.
- delete.jpg (16.37 KiB) Viewed 4244 times
All other buttons are working 100%, must be something else, cannot figure it out yet.
Thanks
Re: delete_x
Posted: 2022-10-20 00:24
by AhmedBR
I think it is going to be something totally unexpected, something like this one:
viewtopic.php?f=11&t=4811#p19712
Re: delete_x
Posted: 2022-10-20 07:25
by jsetzer
I have searched the code for the error message you have given "csrf token expired or invalid". It occurs multiple times in code. Related to
delete_x, it occurs in
datalist.php:
Code: Select all
...
elseif($delete_x != '') {
// delete only if either a csrf or jwt token is provided
if(!csrf_token(true) && !jwt_check_login()) die($this->translation['csrf token expired or invalid']);
...
So, I still think this is related to authentication and security.
You are logged in, so, auth should
not be a problem.
But I'm wondering if there is a (valid)
csrf_token in your Table View.
I have checked a standard generated table view and there we have that token:
Code: Select all
<input type="hidden" id="csrf_token" name="csrf_token" value="160f547e28aexxxxxxxxxxxxxxxxxxxx">
Can you please open sourcecode of your table view and check if there is the code for rendering the
<input ... name="csrf_token" ... />.
It should be somewhere immetiately below the comment
<!-- Add header template below here .. -->
Re: delete_x
Posted: 2022-10-20 08:25
by pbottcher
Hi,
did you try
sales_order_view.php?SelectedID=1&delete_x=1
assuming you have a record with PK=1
Re: delete_x
Posted: 2022-10-20 09:25
by AhmedBR
jsetzer wrote: ↑2022-10-20 07:25
It should be somewhere immetiately below the comment
<!-- Add header template below here .. -->
Yes, the token is there:
- token.jpg (13.92 KiB) Viewed 4219 times
Re: delete_x
Posted: 2022-10-20 09:26
by AhmedBR
pböttcher wrote: ↑2022-10-20 08:25
Hi,
did you try
sales_order_view.php?SelectedID=1&delete_x=1
assuming you have a record with PK=1
Thanks for the reply pböttcher ,
Yes, same message.
Re: delete_x
Posted: 2022-10-20 10:41
by pbottcher
Hi,
can you open the detail view and then add the url (with your server data) directly into the browser (replace the SelectedID=1 with the currently selected id)
Did it delete the record?
if Yes, do the same, from the tableview. Remember to set a valid ID for the SelectedID.
Re: delete_x
Posted: 2022-10-20 12:48
by AhmedBR
Same message.
Tried also with detail_view same page as table_view, and as a separate page!
Same message!
If you click the delete button (of appgini), the record is deleted!
and if you use mass delete the record is also deleted.
Re: delete_x
Posted: 2022-10-20 14:16
by pbottcher
Ah, ok
so you need to catch the csrf token from that page and add it to the called url as parameter
Code: Select all
sales_order_view.php?SelectedID=1&delete_x=1&csrf_token=XXXXXXXXXXXXXX
Re: delete_x
Posted: 2022-10-21 08:39
by AhmedBR
pböttcher wrote: ↑2022-10-20 14:16
Code: Select all
sales_order_view.php?SelectedID=1&delete_x=1&csrf_token=XXXXXXXXXXXXXX
Thanks Pböttcher, that did the trick!
Re: delete_x
Posted: 2022-10-21 10:31
by jsetzer
Great, Ahmed! Glad it works now.
Thanks @pböttcher for the simple hack, brilliant idea to just pass the token in GET-parameter!
Re: delete_x
Posted: 2022-10-21 10:56
by AhmedBR
jsetzer wrote: ↑2022-10-21 10:31
Great, Ahmed! Glad it works now.
Thanks @pböttcher for the simple hack, brilliant idea to just pass the token in GET-parameter!
Thank you Both.