====== Jelix - The revealing, Token ======

Since Jelix of 1.1RC1, the appearance of the "fight" against [[http://fr.wikipedia.org/wiki/Cross-Site_Request_Forgeries|CSRF]] with the tokens, not only to secure your forms, fully automatically and transparently, but not only!

How ?

Let suppose we edit an article 1 from the url http://localhost/article/edit/1

the code of the method "edit" will be :

<code php>
function edit {
// get the ID from the URL 
$id = (integer) $this->param('id');
// if the validate button is not used, we initiate a form
if ($this->param('validate') == '') {
   $form = jForms::get('article~artdao',$id);
}
// the the validate button is submitted
else {
   // get the form instance
   $form = jForms::fill('article~artdao');
   $form->saveToDao('article~artdao',$id);
}
}
</code>

What will happened with this code ?

  - The access of the edit page will be fine.
  - The save of the data wont be fin and we will haev an error message :

<code>
[exception 835]  Invalid form token, you should fill the form correctly from the site ..lib/jelix/forms/jFormsBase.class.php 142
</code>
Even if we empty the cache of the application nothing will change, nothing will work...

So what's wrong ; why this error message ?

Just because during the initialisation of the $form instance (with jForms::get() ) we gave the ID parameter but we didnt use it with : 
<code php>
   $form = jForms::fill('article~artdao');
</code>
So, replace the code above, by this one 
<code php>
   $form = jForms::fill('article~artdao',$id);
</code>
and then the error message about the token will gone with the wind ;)

So here is a way to check that our form is correctly manage with the anti CSRF  function ;-)