The CSRF token could not be verified

More
2 years 11 months ago #142652 by sheraz01
I have downloaded XAMPP lime survey and created a survey on local host.
When I try to access it using REMOTE CONTROL API it gives me the following error


<body>
<h1>Bad Request</h1>
<h2>The CSRF token could not be verified.</h2>
<p>
The request could not be understood by the server due to malformed syntax.
Please do not repeat the request without modifications.
</p>
<p>
If you think this is a server error, please contact the webmaster.
</p>



This is my code in java

HttpPost post = new HttpPost("http://192.168.8.100//index.php/admin/remotecontrol");
post.setHeader("Content-type", "application/json");
try {
post.setEntity( new StringEntity("{\"method\": \"get_session_key\", \"params\": [\"admin\", \"password\" ], \"id\": 1}"));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
try {
HttpResponse response = client.execute(post);
if(response.getStatusLine().getStatusCode() == 200){
HttpEntity entity = response.getEntity();
Log.d("vall",EntityUtils.toString(entity));
String sessionKey = parse(EntityUtils.toString(entity));
post.setEntity( new StringEntity("{\"method\": \"list_groups\", \"params\": [ \""+sessionKey+"\", \"578915\" ], \"id\": 1}"));
response = client.execute(post);
if(response.getStatusLine().getStatusCode() == 200){
entity = response.getEntity();
Log.d("outputt",EntityUtils.toString(entity));
}
}

Please Log in or Create an account to join the conversation.

LimeSurvey Partners
More
2 years 11 months ago #142660 by LouisGac
I don't know the remote control API, but in general, you use a post request to post information (and in general, to do that you need a CSRF token), and to get an information you use a GET request.

Reading your code, it seems you're using a post request to get the key...

www.w3schools.com/TAGS/ref_httpmethods.asp

(still not sure it will solve your problem, just a general approach)

Please Log in or Create an account to join the conversation.

More
2 years 11 months ago #142722 by sheraz01
Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>: Cannot modify header information - headers already sent in <b>Unknown</b> on line <b>0</b><br />


this is the error im receiving now

Please Log in or Create an account to join the conversation.

More
2 years 11 months ago #142740 by DenisChenu
In fact CRSF token must be disable for this part in internal.php
github.com/LimeSurvey/LimeSurvey/blob/ma...ig/internal.php#L114

We can not use CRSF token : usage is to
1 : add a session value
2: add an hidden input box with the session value
3: control if sessionValue==postedValue

Did you update the request part in config ?
Denis

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in or Create an account to join the conversation.

More
2 years 11 months ago #142833 by sheraz01
Hello Denis,
I've resolved those issues.

I have a couple of questions now?

1. The Iss or Isa file representing the Survey structure, How do I view or use them?

2. Is there an API to view the selectable answer to a question such as multiple choice or radio choice question?

Thanks

Please Log in or Create an account to join the conversation.

More
2 years 11 months ago #142836 by DenisChenu

sheraz wrote: Hello Denis,
I've resolved those issues.
....

It can be great to explain how you fix it .....

1. The Iss or Isa file representing the Survey structure, How do I view or use them?

lss is XML , then an XML viewer or a text editor. lsa is a zip archive with lss + token.csv + responses.(don 't remind the format). Unzip it and look at the file.

2. Is there an API to view the selectable answer to a question such as multiple choice or radio choice question?

Don't know

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in or Create an account to join the conversation.

More
2 years 6 months ago #151035 by manavaahuja07
I am getting same error how you resolve this error plz explain in details.

Please Log in or Create an account to join the conversation.

More
2 years 6 months ago #151073 by manavaahuja07
OK I solved my self.

Please Log in or Create an account to join the conversation.

More
2 years 6 months ago #151074 by DenisChenu

manavaahuja07 wrote: OK I solved my self.

Can you explain the issue ?
Maybe you can improve LimeSUrvey or manual for all other user's ?

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in or Create an account to join the conversation.

More
1 year 6 days ago #173945 by Mazi
@all, if you asked for help here and later successfully fixed such issues, then please tell others how you did that. That is how a forum from users to users should work.

Thanks!

Best regards/Beste Grüße,
Dr. Marcel Minke
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)survey-consulting.com
Want to use your survey offline -> www.offlinesurveys.com

Please Log in or Create an account to join the conversation.

More
1 week 5 days ago #188717 by JackAttack
Can somebody tell me how to solve this issue?

Please Log in or Create an account to join the conversation.

More
1 week 5 days ago #188718 by Mazi

JackAttack wrote: Can somebody tell me how to solve this issue?

So which Limesurvey version do you use and when exactly does that error show up?

Can you easily reproduce it? If so, what are the steps to do so?

Best regards/Beste Grüße,
Dr. Marcel Minke
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)survey-consulting.com
Want to use your survey offline -> www.offlinesurveys.com

Please Log in or Create an account to join the conversation.

More
1 week 5 days ago - 1 week 5 days ago #188719 by JackAttack
I am using the latets version limesurvey3.17.16

I am running a shell script which was used with an older limesurvey version which should delete a specific survey and import it again. so to say reset it

I get severals "HTTP request sent, awaiting response... 400 Bad Request" responses but the output then is "400: bad request - The CSRF token could not be verified"

I can send you the link to the php file which then executes the shell script

edit: maybe the error is in the shell line 'IN=$(grep "\"YII_CSRF_TOKEN\"" login.rsp)' ?

edit2: still get the same error but here are some options to disable CSRF or set a CSRF cookie but still no difference manual.limesurvey.org/Optional_settings
Last edit: 1 week 5 days ago by JackAttack. Reason: how to cope with that?

Please Log in or Create an account to join the conversation.

More
1 week 5 days ago #188727 by Mazi
Sorry, but it is nearly impossible for us to help with custom coded scripts. There can be a dozen reasons why this fails.

Best regards/Beste Grüße,
Dr. Marcel Minke
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)survey-consulting.com
Want to use your survey offline -> www.offlinesurveys.com

Please Log in or Create an account to join the conversation.

More
1 week 4 days ago #188734 by JackAttack
I found out that the 'grep' command is not available at my host. so it has nothing to do with LimeSurvey. thanks anyways for your offer

I will come back if I need further help

Please Log in or Create an account to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now
Join our Newsletter!