CodeIgniter Forums

Full Version: How to maintain use of CSRF for a login form when login form is site-wide?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]Unknown[/eluser]
Hey all,

Is there any alternative than to having my login function be in a global controller? Basically I have a login form near the header of my site on all pages. However on the actual login page there is a form as well. If I try to login through the top header and use my login page it will not process it. Is there any alternative?

El Forum

[eluser]Aken[/eluser]
Is there any reason why you can't have your global login form process through a single login controller?
Code:
<form action="<?php echo site_url('users/login'); ?>" method="post">

Then if a user goes to your actual example.com/users/login controller, you can put in a conditional that hides the form on the top of the page if you want.

El Forum

[eluser]gRoberts[/eluser]
There should be no issue?

Using the form_open/form_open_multipart should work if CSRF is enabled.

Cheers