Question: Unable to submit form with CSRF in CodeIgniter 3.1.2


Unable to submit form with CSRF in CodeIgniter 3.1.2

Answers 0
Added at 2016-12-18 15:12

I have a CodeIgniter application still in development but I realized that when I turn on CSRF, it does not allow form submission. I am using form_open and the CSRF token is present on the form when I check the source on my form and yet get the error.

This is my login form

<div class="login-box-body">
<p class="login-box-msg">Log in</p>
<?php echo validation_errors()?"<div class='alert alert-danger'>".validation_errors()."</div>":'';
  echo !empty($error_msg)?"<div class='alert alert-danger'><span class='fa fa-warning'></span> ".$error_msg."</div>":''; 
  echo ($this->session->flashdata('msg'))?$this->session->flashdata('msg'):"";
  echo form_open('',['class'=>'form-horizontal','role'=>'form']); ?>

    <div class="form-group has-feedback">
    <?php echo form_label('Email', 'email', ['class'=>'control-label']);
      echo form_input(['type'=>'email','name'=>'email','value'=> $this->input->post('email'), 'class'=>'form-control','id'=>'email','required'=>'required','placeholder'=>'E-mail Address','autofocus name'=>'email']);?>
    <span class="glyphicon glyphicon-envelope form-control-feedback"></span>

  <div class="form-group has-feedback">
  <?php echo form_label('Password', 'password', ['class'=>'control-label']);
      echo form_password(['name'=>'password', 'class'=>'form-control','id'=>'password','required'=>'required','type'=>'password','placeholder'=>'Password']);?>
  <span class="glyphicon glyphicon-lock form-control-feedback"></span>

  <div class="form-group has-feedback">
    <div class="checkbox">
        <input type="checkbox"> Remember Me
  <div class="form-group has-feedback">
    <div class="text-center">
      <button type="submit" class="btn btn-primary btn-block btn-flat">Login</button>
  <?php echo form_close(); ?>
<div class="">
  <?php echo anchor('resetpassword',"Forgot Your Password");?><br />
  <!-- <a href="/projects/advert/resetpassword.php">Forgot Your Password?</a><br> -->
  Don't have an account? <?php echo anchor('account/register',"Register",['class'=>'text-center']); ?>

and here is a part of my config/config.php file

$config['base_url'] = 'http://localhost/tmpad/';

$config['encryption_key'] = '4%^&*9799809-nkhdfioup';

$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;

$config['cookie_prefix']    = '';
$config['cookie_domain']    = 'http://localhost/tmpad/';
$config['cookie_path']      = '/';
$config['cookie_secure']    = FALSE;
$config['cookie_httponly']  = FALSE;

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
$config['csrf_regenerate'] = TRUE;
$config['csrf_exclude_uris'] = array();

On submitting the form, I get the following error message:

An Error Was Encountered

The action you have requested is not allowed.

And I need CSRF to be turned on.

Source Show
◀ Wstecz