(Codeigniter) Ion Auth CSRF Error:This form post did not pass our security checks (when loading views) -
i'm using ion auth authentication library in codeigniter. when load footer view, csrf error(this form post did not pass our security checks). when remove footer view, works fine though! there i'm doing wrong here? thanks!
function edit_user($id) { //i'm posting last part of code of edit_user function in auth controller $this->load->view('layout/header'); $this->_render_page('auth/edit_user', $this->data); $this->load->view('layout/footer'); // i'm getting error when load footer view. } this code in views.
<h1><?php echo lang('edit_user_heading');?></h1> <p><?php echo lang('edit_user_subheading');?></p> <div id="infomessage"><?php echo $message;?></div> <?php echo form_open(uri_string());?> <p> <?php echo lang('edit_user_fname_label', 'first_name');?> <br /> <?php echo form_input($first_name);?> </p> <p> <?php echo lang('edit_user_lname_label', 'last_name');?> <br /> <?php echo form_input($last_name);?> </p> <p> <?php echo lang('edit_user_company_label', 'company');?> <br /> <?php echo form_input($company);?> </p> <p> <?php echo lang('edit_user_phone_label', 'phone');?> <br /> <?php echo form_input($phone);?> </p> <p> <?php echo lang('edit_user_password_label', 'password');?> <br /> <?php echo form_input($password);?> </p> <p> <?php echo lang('edit_user_password_confirm_label', 'password_confirm');?><br /> <?php echo form_input($password_confirm);?> </p> <h3><?php echo lang('edit_user_groups_heading');?></h3> <?php foreach ($groups $group):?> <label class="checkbox"> <?php $gid=$group['id']; $checked = null; $item = null; foreach($currentgroups $grp) { if ($gid == $grp->id) { $checked= ' checked="checked"'; break; } } ?> <input type="checkbox" name="groups[]" value="<?php echo $group['id'];?>"<?php echo $checked;?>> <?php echo $group['name'];?> </label> <?php endforeach?> <?php echo form_hidden('id', $user->id);?> <?php echo form_hidden($csrf); ?> <p><?php echo form_submit('submit', lang('edit_user_submit_btn'));?></p> <?php echo form_close();?>
ion auth csrf protection older. ci-2 have
this provide security when posting form, ex: post local or server?
ion auth controller file, see codes below:
// have valid request? if ($this->_valid_csrf_nonce() === false) { show_error($this->lang->line('error_csrf')); } if remove these validation, not csrf error
you can enable security ci core lib
http://ellislab.com/codeigniter/user-guide/libraries/security.html
$config['csrf_protection'] = true; you have use form_open() tag triggger csrf protection.
Comments
Post a Comment