I just created this "form key" library, need suggestions |
[eluser]IamPrototype[/eluser]
From this tutorial (http://net.tutsplus.com/tutorials/php/se...form-keys/) I just re-wrote the content and coded it into a CI library. Here's the library and a testing controller with two testing views. ---- library (last updated: 18. juni 09 23:03 - 24-hour system) Code: <?php testing controller Code: <?php first testing view (form) Code: <html > second testing view (fail) Code: <html > ----- I actually just wrote it, so I guess there could be some problems, typos and so on.. any suggestions would be nice! I want to optimize the code as much as I can. PS: Would a library like this make sense for you? Or would you just use the already made cURL libraries? Edit: Typo, library update
[eluser]Dam1an[/eluser]
I actually had this bookmarked to go over at some point lol I just quickly glossed over the code, and 2 things jumped out 1) CamelCase class name for the library, tut tut, should use underscores as per the style guide 2) You could rewrite the validate function in one line Code: // From this Edit: I'll probably give some more in depth comments when I actually read the article
[eluser]xwero[/eluser]
The tutorial creates a class for one thing; generating the form key. Just put the function in a helper/plugin and then in the controller you can add the key to the session and pass it to the view to create a hidden input. You can validate the key using a validation callback.
[eluser]IamPrototype[/eluser]
Ah, good stuff. I realize it's so simple that a helper would fit much better. Thanks. Btw, you're saying I shouldn't create a output function for the hidden input, or? Just thought it would make it more simple and "easy-to-go". ![]()
[eluser]xwero[/eluser]
I think the output function as it is just limits you and the form helper already as a few ways to generate hidden input fields so why create another?
[eluser]elvix[/eluser]
There's a couple of CSRF libraries floating around already (same concept, CSRF = cross-site request forgery). You might want to check those out. One benefit is that they extend the input controller, and the form helper, adding the CSRF protection transparently to all your forms. There's also a token generator which is useful to get CSRF working with Ajax scripts.
[eluser]IamPrototype[/eluser]
I didn't know that, thanks, I'll go check it out! Edit: Seems that most plugins are out of date???? |
Welcome Guest, Not a member yet? Register Sign In |