[eluser]Johan André[/eluser]
You can use this (I made a library of it, code is mainly by someone else):
Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Formkey
{
private $formkey;
private $old_formkey;
function __construct()
{
$this->ci = & get_instance();
$this->ci->load->library('session');
$this->ci->load->library('form_validation');
if($this->ci->session->userdata('formkey'))
{
$this->old_formkey = $this->ci->session->userdata('formkey');
}
}
private function generate_key()
{
$ip = $this->ci->input->ip_address();
$uniqid = uniqid(mt_rand(), true);
return md5($ip . $uniqid);
}
public function render_field()
{
$this->formkey = $this->generate_key();
$this->ci->session->set_userdata('formkey', $this->formkey);
return form_hidden('formkey', $this->formkey);
}
public function validate()
{
if($this->ci->input->post('formkey') == $this->old_formkey)
{
return TRUE;
}
else
{
$this->ci->form_validation->set_message('_check_formkey', '%s is wrong!');
return FALSE;
}
}
}
/* End of file */
Create a validation rule (callback__check_formkey) which calls the validate()-method of the library.