CSRF Codeigniter 3 Validation


I have read about crsf protection in the codeignitor, but I can not find a decent tutorial on how to proceed after enabling csrf in the configuration file.

I have a form generated by a users/create controller function that submits to another users/submit_new .

I used the form helper class for the crsf field to be automatically generated.

I have this validation function on the submission function:

 if ($this->input->post(get_csrf_token_name()) == get_csrf_hash()) { $this->users_model->create(); } 

But all I get is an unauthorized action error.
What is the good way to validate csrf? Or do I do something wrong?

The answer

If you use CodeIgniter CSRF in the manner in which the user guide mentions, defining:

 $config['csrf_protection'] = TRUE; // this in application/config/config.php 

And you also use the form wizard to generate your form tag open, so you do not need to check the token and the hash as you do. CodeIgnite the fact for you.

Read the documents: https://www.codeigniter.com/user_guide/libraries/security.html#cross-site-request-forgery-csrf

If you still have problems, check out related issues:

codeigniter CSRF error: "The action you requested is not allowed".

The action you requested is not allowed.