Welcome Guest, Not a member yet? Register   Sign In
form submit with csrf not working
#1

Hi, i have a simple login form which am using to test with csrf. I have enabled CSRFRegenerate to true and also un-commented it in the Filters.php file and also set cookiesecure and cookieHTTPOnly to false. Am testing it on wampserver. When i submit the form; i do not get any feedback from the flash messages have set. It only works when i have excluded the route from the csrf which i do not want to since i plan on using this code in a production site.



PHP Code:
<?php if (session()->getFlashdata('fail')) : ?>
    <div class="alert alert-danger my-1" role="alert">
        <p class="my-1 p-0 text-center">
            <?= session()->getFlashdata('fail'); ?>
        </p>
    </div>
<?php endif; ?>

<form action="<?= base_url().'/login' ?>" method="post" accept-charset="utf-8">

    <?= csrf_field() ?>

    <input type="hidden" value="<?= esc($previousUrl) !== NA_L esc($previousUrl) : base_url();  ?>" id="previous_url" name="previous_url">

    <div class="form-group">
        <label for="loginEmailAddressid" class="_login_label_class">EMAIL ADDRESS</label>
        <input type="email" class="form-control rounded-0 form-control-lg w-100" id="loginEmailAddressid" aria-describedby="emailHelp" placeholder="Email:" maxlength="64" autocomplete="off" name="loginEmailAddress" value="<?= set_value('loginEmailAddress'?>">
    </div>
    <div class="form-group">
        <label for="loginPasswordid" class="_login_label_class">PASSWORD</label>
        <input type="password" class="form-control rounded-0 form-control-lg w-100" id="loginPasswordid" placeholder="Password:" name="loginPassword" autocomplete="off" aria-describedby="passwordHelp">
    </div>

    <br>
    <div class="form-row align-items-center">
        <div class="col-md-6">
            <input type="submit" class="btn-grad btn-grad-2 btn-block" id="loginsubmitbtnid" value="LOGIN">
        </div>
    </div>
</form> 


PHP Code:
// the login route view
$routes->get('login''ExtAccessController::extLogin', ['filter' => 'extnoauth']);
// the route to login
$routes->post('login''ExtAccessController::postExtLogin'); 


In the ExtAccessController; here is the postExtLogin method:

PHP Code:
if ($this->request->getMethod() === 'post') :

    $loginEmailAddress     trim($this->request->getPost('loginEmailAddress'));
    $loginPassword         trim($this->request->getPost('loginPassword'));


    // check validation
    if ($this->validate->run(["loginEmailAddress" => $loginEmailAddress"loginPassword" => $loginPassword], "extLoginValidation")) :

        // session
        $this->userModel->insert([
            "useremail" => $loginEmailAddress,
            "userpassword" => $loginPassword
        
]);

        // set session
        session()->set(['sessionNEextEmail' => $loginEmailAddress]);

        // response
        return redirect()->to('/dash');

    else :

        // error string
        $errStr "";

        if ($this->validate->hasError('loginEmailAddress')) :    $errStr $this->validate->getError('loginEmailAddress');
        else : $errStr $this->validate->getError('loginPassword');
        endif;

        // response
        session()->setFlashdata('fail'$errStr);
        return redirect()->to('/login');

    endif;

else :
    session()->setFlashdata('fail''Unknown error occured');
    return redirect()->to('/login');
endif; 
Reply


Messages In This Thread
form submit with csrf not working - by coderscvoen - 11-16-2021, 10:50 PM



Theme © iAndrew 2016 - Forum software by © MyBB