From 924e5cdbc9a2c861c4f6317053a6e53b0eb5d5c3 Mon Sep 17 00:00:00 2001
From: twotalesanimation <80506065+twotalesanimation@users.noreply.github.com>
Date: Fri, 5 Dec 2025 11:23:55 +0200
Subject: [PATCH] fix: improve CSRF token handling and add debugging to
membership linking JavaScript
- Fixed CSRF token selector to be form-specific instead of page-global
- Added console.log statements for debugging AJAX requests
- Improved error handling with better error messages showing HTTP status
- Better error message when linking fails (shows actual error from server)
---
src/pages/memberships/membership_details.php | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/src/pages/memberships/membership_details.php b/src/pages/memberships/membership_details.php
index 8cc8b853..012792e4 100644
--- a/src/pages/memberships/membership_details.php
+++ b/src/pages/memberships/membership_details.php
@@ -543,9 +543,12 @@ if (empty($application['id_number'])) {
// Link User Form
$('#linkUserForm').on('submit', function(e) {
e.preventDefault();
+ const $form = $(this);
const email = $('#secondary_email').val();
const relationship = $('#relationship').val();
- const csrfToken = $('input[name="csrf_token"]').val();
+ const csrfToken = $form.find('input[name="csrf_token"]').val();
+
+ console.log('Submitting link form:', { email, relationship, csrfToken });
$.ajax({
url: 'link_membership_user',
@@ -557,6 +560,7 @@ if (empty($application['id_number'])) {
csrf_token: csrfToken
},
success: function(response) {
+ console.log('Link response:', response);
if (response.success) {
$('#linkMessage').html('' + response.message + '
');
$('#linkUserForm')[0].reset();
@@ -569,11 +573,12 @@ if (empty($application['id_number'])) {
}
},
error: function(xhr) {
+ console.log('Link error:', xhr);
try {
const response = JSON.parse(xhr.responseText);
$('#linkMessage').html('' + response.message + '
');
} catch (e) {
- $('#linkMessage').html('Error linking user. Please try again.
');
+ $('#linkMessage').html('Error linking user: ' + (xhr.statusText || 'Unknown error') + '
');
}
}
});
@@ -582,9 +587,10 @@ if (empty($application['id_number'])) {
// Unlink User
$(document).on('click', '.unlink-btn', function() {
const linkId = $(this).data('link-id');
- const csrfToken = $('input[name="csrf_token"]').val();
+ const csrfToken = $('input[name="csrf_token"]').closest('form').find('input[name="csrf_token"]').val();
if (confirm('Are you sure you want to remove this linked account?')) {
+ console.log('Unlinking:', { linkId, csrfToken });
$.ajax({
url: 'unlink_membership_user',
type: 'POST',
@@ -594,6 +600,7 @@ if (empty($application['id_number'])) {
csrf_token: csrfToken
},
success: function(response) {
+ console.log('Unlink response:', response);
if (response.success) {
// Reload page to show updated list
location.reload();
@@ -601,7 +608,8 @@ if (empty($application['id_number'])) {
alert('Error: ' + response.message);
}
},
- error: function() {
+ error: function(xhr) {
+ console.log('Unlink error:', xhr);
alert('Error removing linked account. Please try again.');
}
});