CodeIgniter Forums

Full Version: How to maintain use of CSRF for a login form when login form is site-wide?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

Hey all,

Is there any alternative than to having my login function be in a global controller? Basically I have a login form near the header of my site on all pages. However on the actual login page there is a form as well. If I try to login through the top header and use my login page it will not process it. Is there any alternative?

El Forum

Is there any reason why you can't have your global login form process through a single login controller?
<form action="<?php echo site_url('users/login'); ?>" method="post">

Then if a user goes to your actual controller, you can put in a conditional that hides the form on the top of the page if you want.

El Forum

There should be no issue?

Using the form_open/form_open_multipart should work if CSRF is enabled.