Login

reesethebeast · 11-19-2017, 09:22 AM

(11-18-2017, 12:43 PM)skunkbad Wrote:
(11-18-2017, 10:16 AM)reesethebeast Wrote: Thanks Skunkbad, I actually already use Community Auth on my site for autentication. I see that the Token class is present (Form Tokens Library - V1.0.2). I will give this a try.

So, is there a manual on how to implement and start using this class in place of CSRF?

There is no documentation for the tokens library. If you use the form_open function then it adds the token to your form. If you're using AJAX and need a token, just create a hidden form element for the token, then add the value to your POST. On the server side, if you check $this->tokens->match then you know if there was a match, and you can proceed. There's nothing fancy about it. All the work is done by the library.

Since using a token removes it from the array of tokens, if you are using AJAX then you need to pass back a new token, and apply it to the hidden form element. You get a new token with $this->tokens->token();

Thanks Skunkbad. I turned off CSRF and I can see the Community Auth token in my form. I added a check in MY_Controller for the token match and if not matched, I redirect back to the original page. The check is always returning a non match.

Code:
if($this->tokens->match)

{

}

Once this is working I will need to change all of my AJAX code to look for "token" versus the Codeigniter token name from the config file.
Is there a cay to rename the Community auth token so I can use what I defined in the config.php file? This way I can leave this reference as is and just add $this->tokens->token(); to my AJAX code?