laravel 5.4 - TokenMismatchException in VerifyCsrfToken.php line 68:on shared hosting subdomain -
i developed laravel on xampp server in laravel 5.4. app working fine on local machine. after uploading copy online shared server, getting tokenmismatchexception in verifycsrftoken.php line 68: exception on login. laravel app running on sub-domain. main domain running wordpress site.
this did setup laravel app on remote server:
#1. created subdomain #2. created directory in public_html #3. uploaded laravel files in laravel subdirectory under public_directory #4. pointed subdomain root public_html/laravel/public when load laravel.mydomain.com in browser, login form loads expected. after clicking login button, kissed annoying tokenmismatchexception in verifycsrftoken.php line 68: exception.
the suggestions got in forums including {{ csrf_field() }} in login form in place.
i have tried following solutions solve issue without luck:
> #1. clear browser cache > #2. clear config cache > #3. change session driver file database. session table generates new session on refresh indicating not problem > > #4. running key:generate artisan command > #5. changing session_domain env variable null match sudmain name in config/session.php > #6. checked config files psr-2 code standard , found no violation http://www.php-fig.org/psr/psr-2/ #7. commenting out \app\http\middleware\verifycsrftoken::class, in kernel.php. when this, after login, loops login form. here login blade:
@extends('layout.login') @section('content') <div class="container"> <div class="row"> <div class="col-md-8 col-md-offset-2"> <div class="panel panel-default"> <div class="panel-heading"><i class="fa fa-lock"></i> login</div> <div class="panel-body"> @if(session::has('message')) <div class="alert alert-success"> {{ session::get('message') }} </div> @endif @if($errors->any()) <div class="alert alert-danger"> @foreach($errors->all() $error) <p>{{ $error }}</p> @endforeach </div> @endif <form class="form-horizontal" id="user-loginfrm" role="form" method="post" action="{{ route('login') }}" novalidate> {{ csrf_field() }} <div class="form-group{{ $errors->has('email') ? ' has-error' : '' }}"> <label for="email" class="col-md-4 control-label">e-mail address</label> <div class="col-md-6"> <input id="email" type="email" class="form-control" name="email" value="{{ old('email') }}" required autofocus> @if ($errors->has('email')) <span class="help-block"> <strong>{{ $errors->first('email') }}</strong> </span> @endif </div> </div> <div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}"> <label for="password" class="col-md-4 control-label">password</label> <div class="col-md-6"> <input id="password" type="password" class="form-control" name="password" required> @if ($errors->has('password')) <span class="help-block"> <strong>{{ $errors->first('password') }}</strong> </span> @endif </div> </div> <div class="form-group"> <div class="col-md-6 col-md-offset-4"> <div class="checkbox"> <label> <input type="checkbox" name="remember" {{ old('remember') ? 'checked' : ''}}> remember me </label> </div> </div> </div> <div class="form-group"> <div class="col-md-8 col-md-offset-4"> <button type="submit" class="btn btn-primary"> login ! </button> <a class="btn btn-link" href="{{ url('/password/reset') }}"> forgot password? </a> </div> </div> </form> </div> </div> </div> </div> </div> @endsection login controller
<?php namespace app\http\controllers\auth; use app\http\controllers\controller; use illuminate\foundation\auth\authenticatesusers; use illuminate\support\facades\redirect; use illuminate\http\request; use auth; class logincontroller extends controller { /* |-------------------------------------------------------------------------- | login controller |-------------------------------------------------------------------------- | | controller handles authenticating users application , | redirecting them home screen. controller uses trait | conveniently provide functionality applications. | */ use authenticatesusers; /** * redirect users after login. * * @var string */ protected $redirectto = '/home'; /** * create new controller instance. * * @return void */ public function __construct() { $this->middleware('guest', ['except' => 'logout']); } public function login(request $request) { $this->validate($request,[ 'email'=>'required|email','password'=>'required']); if (auth::attempt(['email' => $request->get('email'), 'password' => $request->get('password'),'activated'=>1,'banned'=>0])) { // authentication passed... return redirect()->intended('/'); } return redirect()->back()->with(['message', 'could not log in!']); //} } //logout user public function logout() { auth::logout(); return redirect::route('login'); } } app/http/middleware/verifycsrftoken.php <?php namespace app\http\middleware; use illuminate\foundation\http\middleware\verifycsrftoken baseverifier; class verifycsrftoken extends baseverifier { /** * uris should excluded csrf verification. * * @var array */ protected $except = [ // ]; } **app/http/kernel.php** <?php namespace app\http; use illuminate\foundation\http\kernel httpkernel; class kernel extends httpkernel { /** * application's global http middleware stack. * * these middleware run during every request application. * * @var array */ protected $middleware = [ \illuminate\foundation\http\middleware\checkformaintenancemode::class, ]; /** * application's route middleware groups. * * @var array */ protected $middlewaregroups = [ 'web' => [ \app\http\middleware\encryptcookies::class, \illuminate\cookie\middleware\addqueuedcookiestoresponse::class, \illuminate\session\middleware\startsession::class, \illuminate\view\middleware\shareerrorsfromsession::class, \app\http\middleware\verifycsrftoken::class, \illuminate\routing\middleware\substitutebindings::class, ], 'api' => [ 'throttle:60,1', 'bindings', ], ]; /** * application's route middleware. * * these middleware may assigned groups or used individually. * * @var array */ protected $routemiddleware = [ 'auth' => \illuminate\auth\middleware\authenticate::class, 'auth.basic' => \illuminate\auth\middleware\authenticatewithbasicauth::class, 'bindings' => \illuminate\routing\middleware\substitutebindings::class, 'can' => \illuminate\auth\middleware\authorize::class, 'guest' => \app\http\middleware\redirectifauthenticated::class, 'throttle' => \illuminate\routing\middleware\throttlerequests::class, 'role' => \zizaco\entrust\middleware\entrustrole::class, 'permission' => \zizaco\entrust\middleware\entrustpermission::class, 'ability' => \zizaco\entrust\middleware\entrustability::class, ]; } i using zizaco entrust role based authentication
i hoping out there point out solution. kindly help.
Comments
Post a Comment