Hi again,
I have a php 7 page that points to my cacti page and insert username and password automatically
$this->arr_graph_detail = array(
'graph_url'=>'https://mycacti/'.$this->SW_folder.'/' . $this->graphs_type . '/',
'graph_user'=>'user', // Username di accesso
'graph_pass'=>'password' // Password di accesso
);
When I execute this php the automatic logon fails with this message.
It worked fine with older versions
Any idea?
Thnks
Message CSRF Timeout occurred due to inactivity, page refres
Moderators: Developers, Moderators
Message CSRF Timeout occurred due to inactivity, page refres
- Attachments
-
- Schermata 2019-04-05 alle 09.32.14.png (85.13 KiB) Viewed 13448 times
Re: Message CSRF Timeout occurred due to inactivity, page re
All incoming POST requests are checked to make sure that there is a CSRF value for the login, which you don't/won't have when your submitting. However, as your code below isn't complete, I can't be sure what you are doing or which page you are doing it against to be sure.
If you want a method of being able to automatically login to Cacti securely, check out my tokenauth plugin (https://github.com/netniv/plugin_tokenauth/) which I wrote as an example of how to do this kind of thing.
If you want a method of being able to automatically login to Cacti securely, check out my tokenauth plugin (https://github.com/netniv/plugin_tokenauth/) which I wrote as an example of how to do this kind of thing.
Cacti Developer & Release Manager
The Cacti Group
Director
BV IT Solutions Ltd
+--------------------------------------------------------------------------+
Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
The Cacti Group
Director
BV IT Solutions Ltd
+--------------------------------------------------------------------------+
Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
Re: Message CSRF Timeout occurred due to inactivity, page re
I explain me better with an example.
A customer would like to have all the monitoring services together in a single php page.
With the plugin graphs export I can store the png graphs files into one path and after that I can show
this main graphs in this page.
Example:
Customer PizzaMandolino'=>array(
'nomerouter'=>array(
array(
'graph_title'=>'PizzaMandolino - Gbit 0/0/1 - Link COLT 1Gbit',
'image_url'=>'graph_1315_45.png'
),
Then I add a button "Graphs details" that open cacti with the account of the customer
entering user and password automatically as if the customer had to make the logon manually
$this->arr_graph_detail = array(
'graph_url'=>'https://newcacti/'.$this->SW_folder.'/' . $this->graphs_type . '/',
'graph_user'=>'PizzaMandolino',
'graph_pass'=>'Mustache' // Password
With the old cacti version this was possible.
Is there a way to disable CSRF check in the logon process?
Thank you very much
A customer would like to have all the monitoring services together in a single php page.
With the plugin graphs export I can store the png graphs files into one path and after that I can show
this main graphs in this page.
Example:
Customer PizzaMandolino'=>array(
'nomerouter'=>array(
array(
'graph_title'=>'PizzaMandolino - Gbit 0/0/1 - Link COLT 1Gbit',
'image_url'=>'graph_1315_45.png'
),
Then I add a button "Graphs details" that open cacti with the account of the customer
entering user and password automatically as if the customer had to make the logon manually
$this->arr_graph_detail = array(
'graph_url'=>'https://newcacti/'.$this->SW_folder.'/' . $this->graphs_type . '/',
'graph_user'=>'PizzaMandolino',
'graph_pass'=>'Mustache' // Password
With the old cacti version this was possible.
Is there a way to disable CSRF check in the logon process?
Thank you very much
- Attachments
-
- Schermata 2019-04-06 alle 16.50.44.png (162.87 KiB) Viewed 13434 times
Re: Message CSRF Timeout occurred due to inactivity, page re
As I said, if you use the token_auth plugin I wrote, you can pass a token that is randomly generated and valid for a short period of time. That then allows the user in automatically from your other system via a GET request. There is no way to post directly without CSRF checks being in-place.
Cacti Developer & Release Manager
The Cacti Group
Director
BV IT Solutions Ltd
+--------------------------------------------------------------------------+
Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
The Cacti Group
Director
BV IT Solutions Ltd
+--------------------------------------------------------------------------+
Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
Re: Message CSRF Timeout occurred due to inactivity, page re
SOLVED
seems that the problem was solved setting to true the following variable:
#$GLOBALS['csrf']['defer'] = false;
$GLOBALS['csrf']['defer'] = true;
in the file .../include/vendor/csrf/csrf-magic.php
Now I can pass user and password in POST mode and log in automatically.
Thank you
Regards
seems that the problem was solved setting to true the following variable:
#$GLOBALS['csrf']['defer'] = false;
$GLOBALS['csrf']['defer'] = true;
in the file .../include/vendor/csrf/csrf-magic.php
Now I can pass user and password in POST mode and log in automatically.
Thank you
Regards
Re: Message CSRF Timeout occurred due to inactivity, page refres
had this problem on 1.2.13
solved by clearing cache in Firefox
solved by clearing cache in Firefox
knock and it shall be opened, ask and you shall receive, believe in order for it to happen, cry and you shall be comforted!
Who is online
Users browsing this forum: No registered users and 1 guest