I have a custom admin module in my magento website. I use a custom form submission.
Here is my module.xml file
<?xml version="1.0"?>
<layout>
<courses_adminhtml_book_update>
<update handle="courses_book_update"/>
<reference name="content">
<block type="courses/adminhtml_update" name="update" template="courses/update.phtml"/>
</reference>
</courses_adminhtml_book_update>
</layout>
and here is my phtml file.
<div>
<h3>Add Dates</h3><hr>
<table cellspacing="0" class="form-list" id="date_tbl">
<form id="edit_form" name="edit_form" method="post" action="<?=$this->getUrl('*/*/update')?>">
<tr>
<td class="label">New Date 1</td>
<td class="input-ele"><input type="text" name="date[]" id="t1" /></td>
<td class="img"><img src="<?=$this->getSkinUrl('images/grid-cal.gif')?>" alt="" class="v-middle" id="dt1" title="Date selector"></td>
</tr>
<tr id="date2">
<td class="label">New Date 2</td>
<td class="input-ele"><input type="text" name="date[]" id="t2" /></td> <td class="img"><img src="<?=$this->getSkinUrl('images/grid-cal.gif')?>" alt="" class="v-middle" id="dt2" title="Date selector"></td>
</tr>
<tr id="date3">
<td class="label">New Date 3</td>
<td class="input-ele"><input type="text" name="date[]" id="t3" /></td>
<td class="img"><img src="<?=$this->getSkinUrl('images/grid-cal.gif')?>" alt="" class="v-middle" id="dt3" title="Date selector"></td>
</tr>
</form>
</table>
<table cellspacing="0" class="form-list">
<tr>
<td class="label"><button onclick="editForm.submit()" class="scalable save" type="button"><span>Add Dates</span></button></td>
</tr>
</table>
</div>
<script type="text/javascript">
var editForm = new varienForm('edit_form');
</script>
When I submit the form, it redirects to the admin home page (dashboard). What am I doing wrong? Please help me with this.
Best Answer
You are missing the
form_key
. To protect against CSRF attacks all the backend forms use a security key witch is generated for each session. Each POST request must contain this security key.So add this inside your form: