CSRF Codeigniter 3 Validation


I have read about crsf protection in the codeignitor, but I can not find a decent tutorial on how to proceed after enabling csrf in the configuration file.

I have a form generated by a users/create controller function that submits to another users/submit_new .

I used the form helper class for the crsf field to be automatically generated.

I have this validation function on the submission function:

 if ($this->input->post(get_csrf_token_name()) == get_csrf_hash()) { $this->users_model->create(); } 

But all I get is an unauthorized action error.
What is the good way to validate csrf? Or do I do something wrong?

The answer

If you use CodeIgniter CSRF in the manner in which the user guide mentions, defining:

 $config['csrf_protection'] = TRUE; // this in application/config/config.php 

And you also use the form wizard to generate your form tag open, so you do not need to check the token and the hash as you do. CodeIgnite the fact for you.

Read the documents: https://www.codeigniter.com/user_guide/libraries/security.html#cross-site-request-forgery-csrf

If you still have problems, check out related issues:

codeigniter CSRF error: "The action you requested is not allowed".

The action you requested is not allowed.

Related articles

CodeIgniter - form validation and POST data


I have a form that displays questions from a questionnaire. Some questions are True / False (radio buttons), but some are free text entries. Each questionnaire can include any number of questions, which are stored in a lookup table as well as the res

Codeigniter and validation form message


I'm not a pro, but know my way around PHP, I'm new to Codeigniter. Summer through these tutorials: http://net.tutsplus.com/articles/news/codeigniter-from-scratch-day-5-crud/ OK, so I have a page that lists the users, clicking on the users name will g

Codeigniter form validation does not show errors


I am new to Codegniter so go slowly. I'm building a simple login form and I managed to redirect to a page when the login information is correct. However, if I submit an empty form, I get no error message. I also use set_value in the form field and co

Codeigniter form validation reminder in the template


Hi, I hope you can help me with that. I have seen many of the same questions on this issue and none of them work for me. I am using Codeigniter 2.2.2 and I am trying to create form validation in the template so that it can be accessed by multiple con

Codeigniter form validation reminder rule problem


I use the Codeigniter 3.x form validation reminder method in combination and needed to validate a field. The problem is, when I pipe them: trim | required | callback_some_method, the callback method appears to take precedence over trim and required a

Using CodeIgniter form validation in a view


I have a footer view that is included in all my pages that contains a form. I would like to be able to use CI Form Validation Library to validate the form. Is it possible? Currently, the form returns to the current page using the PHP_SELF environment

Codeigniter Form Validation not Setting Rules


I was stuck for a while trying to configure my validation rules, on my controller, I have this: public function login () { $this->load->library('form_validation'); $this->form_validation->set_rules(array( 'field'=>'username', 'label'=>'U