Welcome Guest, Not a member yet? Register   Sign In
CSRF The action you have requested is not allowed
#3

(This post was last modified: 09-24-2016, 04:34 PM by wolfgang1983.)

(09-24-2016, 03:50 PM)PaulD Wrote: Can you show the controller that is doing the validation check and reloading the page.

PHP Code:
<?php

defined
('BASEPATH') OR exit('No direct script access allowed');

class 
Login extends MY_Controller {

    public function 
__construct() {
        
parent::__construct();
        
$this->load->library('form_validation');
    }

    public function 
index()
    {
        
$data['title'] = __CLASS__;

        
$this->form_validation->set_rules('username''username''trim|required');
        
$this->form_validation->set_rules('password''password''trim|required|password_verify');

        if (
$this->form_validation->run() == true) {
            
$this->session->set_userdata(array('user_id' => $this->getUserID()));
            
redirect('admin/dashboard');
        }

        
$data['content'] = 'account/login_view';

        
$this->load->view('admin/template/common/template'$data);
    }

    public function 
getUserID(){
        
// This is a custom function on forum validation
        
if ($this->form_validation->password_verify() == true) {

            
$this->db->where('username'$this->input->post('username'));
            
$query $this->db->get('user');

            return 
$query->row()->user_id;

        }
    }

MY_Forum_validation

PHP Code:
<?php

class MY_Form_validation extends CI_Form_validation {

    public function 
__construct() {
        
parent::__construct();
        
$this->CI =& get_instance();
    }

    public function 
password_verify() {
        
$hash $this->get_password();
        
$password $this->CI->input->post('password'true);

        if (
password_verify($password$hash)) {
            return 
true;
        } else {
            
$this->set_message('password_verify''Incorrect login information!');
            return 
false;
        }

    }

    public function 
get_password() {
        return 
$this->CI->db->get_where('user', array('username' => $this->CI->input->post('username'true)))->row()->password;
    }

There's only one rule - please don't tell anyone to go and read the manual.  Sometimes the manual just SUCKS!
Reply


Messages In This Thread
RE: CSRF The action you have requested is not allowed - by wolfgang1983 - 09-24-2016, 04:31 PM



Theme © iAndrew 2016 - Forum software by © MyBB